Cybercriminals are increasingly leveraging AI agents and chatbots to autonomously carry out cyber-attacks, according to recent analyses by cybersecurity researchers at ESET. After examining 900,000 AI skills listed in public repositories, ESET identified tens of thousands of suspicious instances and thousands of outright malicious ones. ESET's threat report for the first half of 2026, released on July 8, highlights the growing availability of these malicious AI toolsets, expanding the attack surface for cybercriminals and placing organizations at higher risk. AI agents, capable of planning tasks, browsing the web, and executing commands, are tools many legitimate users utilize to enhance productivity. However, the widespread adoption of agentic AI has also attracted cybercriminals who exploit these agents for malicious purposes. The analysis revealed a significant increase in suspicious and malicious tools over recent months. Suspicious AI agent skills identified by ESET grew from around 10,000 to over 25,000 during the reporting period, while malicious ones rose from approximately 600 to over 3,000. These AI toolsets can be misused or specifically designed to perform actions on behalf of malicious attackers. They are often placed in open source repositories for unsuspecting users to download or offered directly to attackers. The malicious capabilities of these tools include data exfiltration, malware execution, instruction overrides, and altering agent behavior. For instance, some tools advertised for legitimate red teaming also provide capabilities to exfiltrate credentials and gain persistent access, sometimes deploying remote access tools like Mimikatz, which are linked to ransomware attacks. Thousands of other tools, while not explicitly malicious, are constructed in ways that can be easily adapted for cyber-attacks. Cybercriminals have previously used similar tactics with browser extensions and mobile apps, but the integration of AI has heightened the risk for potential victims. The report underscores that the increased autonomy of AI agents elevates the risk and scope of attacks, particularly when handling sensitive data or executing critical operations. Organizations must implement policies to restrict suspicious tools and educate users on the risks of downloading free tools from unfamiliar sources. ESET's global cybersecurity advisor, Jake Moore, advises vigilance against tools that demand extensive access for simple tasks, especially those promoted through hype rather than official channels. He cautions that any free AI tool that makes grand promises while asking for extensive access could be a potential threat.
Rising Threat: Malicious AI Agents in Open Source Repositories
ESET finds an increase in malicious AI agents in open-source repos designed to trick developers and steal secrets.


