Threat researchers at Huntress have identified what they describe as a clear example of AI-generated, or “vibe-coded”, malware deployed during a live intrusion, a development that the security vendor says signals a meaningful shift in how attackers build tooling, and how defenders will need to detect it.
The discovery centres on a bespoke PowerShell script recovered by Huntress analysts Jevon Ang and Dray Agha following an incident on 3 June. The script, designed to enumerate a victim’s Active Directory (AD) environment, was reconstructed from Windows Event ID 4104 telemetry (PowerShell/Operational logs) and later published in full by the vendor for the benefit of other defenders.
A familiar attack chain, with an AI-built payload
According to Huntress, the intrusion itself followed a well-worn playbook. The threat actor obtained RDP access to a domain-joined Windows server, apparently via a VPN, using pre-compromised credentials. From there, tools were staged in C:\ProgramData, a directory long favoured by attackers for its ubiquity and lax scrutiny.
Within minutes of establishing the session, the actor executed a custom script, saved as Untitled1.ps1, to map users, computers, groups, organisational units and domain trusts. Roughly 30 minutes later, the same actor deployed s5cmd.exe, a legitimate Amazon S3 command-line utility that Huntress has previously flagged as a recurring tool of choice for data exfiltration, followed by SharpShares, an open-source share enumeration tool, to hunt for additional accessible file repositories beyond standard administrative shares.
Huntress is careful to note that AI did not alter the fundamentals of the attack. The tactics- credential-based remote access, staging in common directories, AD enumeration followed by bulk exfiltration- mirror years of established “smash and grab” tradecraft. What has changed is the origin of the reconnaissance tooling itself.
The hallmarks of an LLM-authored script
The analysis identifies several indicators that the enumeration script was generated iteratively using an AI coding assistant rather than written by hand. Among them:
- A title embedded in the script itself – “100% Working AD Information Gathering Script – FULLY FIXED” – consistent with an attacker copy-pasting the final output of a prompt-and-error-correct cycle with a chatbot.
- An unedited placeholder server name left over from the model’s own example output, suggesting the operator never reviewed or customised the generated code.
- A five-step cascading fallback routine for locating the domain controller (DNS, nltest, the AD PowerShell module, environment variables, and a hardcoded default), described by Huntress as the kind of exhaustive, redundant logic a language model produces when instructed to “make sure it doesn’t fail”, rather than the leaner approach a human operator would typically write.
- Extensive, colour-coded Write-Host console output and a fully formatted HTML summary report generated at the end of the run – cosmetic touches Huntress suggests were an unsolicited addition from the model rather than a deliberate attacker requirement.
Once run, the script created a timestamped directory (C:\AD_Reports_<datetime>) containing CSV exports of users, computers, groups, OUs, subnets, and trusts, along with DNS subnet data and the aforementioned HTML report, and then compressed the results into a single ZIP archive.
Why this matters for detection
The core implication for defenders, per Huntress, is that hash- and static-signature-based detection is losing ground against this category of threat. Off-the-shelf tools such as SharpHound or Cobalt Strike carry known fingerprints; a one-off script produced through natural-language prompting does not, and is unlikely to reappear in identical form elsewhere.
Huntress argues that the underlying behaviours of AD enumeration – querying domain controllers, dumping user and group objects, touching trust relationships – remain constant regardless of how the code performing them was written. The vendor says its SIEM platform identified the activity on behavioural grounds despite the script’s novelty, and it is urging security teams to prioritise behavioural and telemetry-based detection over static indicators as AI-assisted tooling becomes more common among lower-skilled threat actors.
“Vibe coding lowers the barrier to entry for cybercrime,” the researchers conclude, warning that while the resulting code may be messy and over-engineered, the operational risk it poses to organisations is very real.
The bigger picture
The case adds to a growing body of evidence that generative AI is being adopted, unevenly but increasingly, on the offensive side of cybersecurity, not to invent novel attack techniques, but to lower the technical skill required to execute existing ones. For security teams, the takeaway from Huntress’s research is less about any single script and more about a structural shift: as malware authorship becomes commoditised, detection strategy needs to lean further into behaviour and context, and further away from matching known bad files.
Full technical detail, including the recovered script and accompanying screenshots, is available here: https://www.huntress.com/blog/ai-coded-malware-vibe-coding-active-directory




