A new Artificial Intelligence (AI) -Power Penetration Testing Tool associated with the China -based company has attracted about 11,000 downloads on the Python Package Index (PYPI) repository, which has caused a concern that it can be rebuilt by cyber criminals for malicious purposes.
Dubbed Rural, Framework is evaluated as a cyber rasp work, which deployed equipment as a red teaming solution to automate the test workflow. The package was first uploaded to the PyPI in late July 2025, which was done by a user by a user of the former captaincy the flag (CTF) player for the Chinese HSCSEC team.
“Rapid, public availability and automation capabilities create a realistic risk that rural cobalt strikes will follow the projection: Commercially or legitimately developed tooling is widely adopted by the danger actors for malicious campaigns,” Striker researchers Dan Regardado and Amanda Russo said in a report shared with hackers.
Shortly after the check point, the emergence of the villager came to light that the actor is recently trying to take advantage of another newborn A-Assisted aggressive security equipment called Hexstrichy AI to exploit security defects.
With the advent of generic AI (aka Jenai) model, danger actors have capitalized on technology for social engineering, technical and information operating, which have contributed to increase in speed, access to expertise and scalp.
An important advantage to rely on such devices is that they reduce the barrier to exploitation, and cut the time and amount of effort required to draw such attacks. Once highly skilled operators were required and the weeks of manual development can be automated using AI, which provides assistance to poor actors with crafting feats, payload delivery and even infrastructure setup.
The Czech point recently said, “Exploitation can be parallel on a scale, in which agents are scanning thousands of IP.” “Decision becomes adaptive; unsuccessful exploitation efforts can be re -achieved with variation until successful, leading to increased yield of overall exploitation.”
The fact is that the villagers are available as an off-the-chest paython package, which means that it provides an easy way to integrate the equipment to the attackers in their workflows, the striker said, “described it as” about development in AI-driven attack tooling “.
Cyberpike first appeared in November 2023, when Domain “Cyber Spike[.]The top “was registered under the top” Changchun Ansanuan Technology Company, Ltd., an AI Company Limited located in China. It is said that the only source of information about the company that comes from a Chinese talent service platform called Leapin comes from questioning who is behind who is behind it.
The snapshot of the domain captured on the Internet archive shows that the tool is marketed as a network attack simulation and post-pantition test tool to help organizations to evaluate and strengthen their cyber security currency.
Once installed, cyberpikes have been found to include plugins that are components of a remote access tool (RAT), which enable remote desktop access, discord account compromise, keystroke logging, webcaming, webcam hijacking and other monitoring facilities to enable monitoring and enable control. Further analysis has highlighted the similarity with a known rat called asyncrat.
The striker said, “Cyberpike integrated Asyncrat in its red teaming product, famous with additional plugins, with mimictions, along with Katols,” said the striker. “These integrations suggest how the cyber rage has installed the corporate and aggressive devices into a turny framework, designed for penetration testing and perhaps malicious operations.”
Rural appears to be the latest offering from cyber rasp. Acting as a model reference protocol (MCP) client, it integrates with the AI model of Kali Linux Toolset, Langchen, and Dipsek, which can automatically automate test workflows, handle browser-based interactions, and release commands in natural language which can be converted into their technical equivalents later.
In addition to taking advantage of a database of the 4,201 AI system, indicate to generate genres and make real-time decisions in penetration testing, the AI-indesters penetration test frame automatically makes separate black linux containers for network scanning, vulnerable evaluation, and penetration test, and destroys them after a 24-hour period.
Researchers said, “The almanac nature of these containers, combined with random SSH ports, makes it difficult to find out the cause of forensic analysis and danger to the AI-managed attack containers,” the researchers said.
Command-end-control (C2) is completed through a fastapi interface that processes upcoming tasks, while python-based pydantic AI agent platforms are used to standardize the output.
Researchers said, “Rural reduces the skills and time required to run sophisticated aggressive toolchens, enabling fewer-skilled actors to make more advanced infiltration.” “Its functioning-based architecture, where AI orchestrates the orchestrate tool dynamically orchestrates a fundamental change based on objectives rather than objectives, how cyber attacks are conducted, marking a fundamental change.”
Automatic reconnaissance, increased frequency and speed of exploitation efforts, and follow-on activity can increase the detection and response burden in the enterprise. ,
“Its functioning-based architecture, where AI orchestrates the orchestrate tool dynamically orchestrates a fundamental change based on objectives rather than objectives, how cyber attacks are conducted, marking a fundamental change.”
