On June 3, 2026, Huntress intercepted a network incident in which a threat actor used an AI-generated PowerShell script to map an Active Directory environment. The novelty lies not in the target — AD enumeration is routine — but in the method: the code was produced via vibe coding, the iterative prompt-and-error approach with LLMs that yields unique, polymorphic tooling. Detection occurred not because the system recognized the file, but because SIEM telemetry captured the underlying actions, irrespective of their artificial origin.
- A threat actor used an AI-generated PowerShell script titled "100% Working AD Information Gathering Script - FULLY FIXED" to enumerate an Active Directory environment on June 3, 2026
- Huntress reconstructed the script "Untitled1.ps1" from SIEM telemetry Event ID 4104, revealing five over-engineered fallback methods to locate the Domain Controller
- The script included an unremoved "Server1.HR.local" placeholder, a direct trace of non-customized AI generation by the attacker
- The attack chain continued with s5cmd.exe for S3 exfiltration after roughly 30 minutes, followed by SharpShares.exe for additional share enumeration
- Huntress documents that AI lowers the barrier to entry but does not alter behavioral patterns: behavioral analytics worked where static signatures would have failed
How Vibe Coding Works and Why This Script Betrays It
Vibe coding is a software generation paradigm where the user describes intent to an LLM in natural language, iterates on errors and improvements without understanding the produced code. In the case documented by Huntress, the script recovered from Event ID 4104 telemetry bore the title "100% Working AD Information Gathering Script - FULLY FIXED," phrasing that betrays a sequence of failed attempts and prompt-driven corrections. Huntress notes the code was "messy, over-engineered, and filled with AI hallmarks like left-behind comments."
The most evident signature resides in an unremoved placeholder: "Server1.HR.local," copied verbatim from the AI output without adaptation to the target environment. This detail, shared by Infosecurity Magazine and CyberPress, indicates an attacker who executed the code as generated, lacking the skill to customize it. The source does not identify the specific LLM employed.
The script implemented five distinct fallback methods to locate the Domain Controller: DNS resolution, nltest command, ActiveDirectory PowerShell module, LOGONSERVER environment variable, and a hardcoded value. This over-engineered redundancy is consistent with the vibe-coding pattern, where the model accumulates layers of "robustness" without architectural rationale. The output included data exported to CSV and an HTML report with colored console formatting — an aesthetic hallmark typical of AI generations.
The Attack Chain: From RDP to Exfiltration in 30 Minutes
Huntress reconstructed the full sequence. Initial access occurred via an RDP session with compromised credentials. Payload staging took place in C:\ProgramData, a directory chosen for its relative obscurity in routine inspection. Execution of Untitled1.ps1 followed "within minutes" of the RDP session.
After roughly 30 minutes, the threat actor deployed s5cmd.exe, a data transfer tool for Amazon S3 buckets, signaling an exfiltration phase. The chain concluded with SharpShares.exe for enumeration of additional network shares. The dossier does not specify the volume of data actually transmitted nor the nature of the exfiltrated contents. It remains unknown how the initial RDP credentials were obtained.
"Vibe coding lowers the barrier to entry for cybercrime, allowing unsophisticated actors to generate highly capable, evasive tooling on the fly" — Huntress
Why Signatures Are No Longer Enough: The Detection Paradox
The case illustrates a central technical tension. The script was one-of-a-kind: hashes and static signatures were useless because that specific form was unlikely to reappear. Huntress explicitly states that AI does not change the game in the deeper sense: malicious actions remain identifiable regardless of the variability of the code implementing them.
SIEM telemetry captured the activity by monitoring behavioral enumeration patterns — Get-ADUser, Get-ADComputer, Get-ADGroup, Get-ADOrganizationalUnit, Get-ADTrust — rather than the executed file. CyberPress emphasizes that the "hybrid approach prioritises aggression and speed over stealth," and that defensive response must embrace behavioral analytics to intercept the underlying actions no LLM can hide.
This reading finds contextual echo in independent work by McAfee Labs, which observed vibe-coded malware campaigns starting March 2026 — separate from the AD incident, targeting crypto-mining and credential theft. McAfee tracked over 440 zip files and 48 unique variants of WinUpdateHelper.dll, with approximately $4,500 in associated Bitcoin wallets. No correlation is proven with the June 3 attack, but the data corroborates the transition of vibe coding from theoretical phenomenon to operational weapon.
What to Do Now
Converging sources indicate four priority directions for organizations with Active Directory environments:
- Implement extended PowerShell logging (Event ID 4104/4105) with centralized SIEM forwarding to capture scriptblock execution and reconstruct payloads even when files do not persist to disk
- Monitor AD enumeration operations as behavioral patterns independent of the executed code: Get-ADUser, Get-ADComputer, Get-ADGroup and variants in close sequence must generate alerts even without signature matching
- Enforce RDP controls with multi-factor authentication and network-level authentication, given that the documented initial access exploited compromised credentials without exploit techniques
- Evaluate deployment of behavioral analytics capable of correlating AD actions with staging tools (s5cmd.exe, SharpShares.exe) and directories like C:\ProgramData in suspicious timeframes
The Real Picture: Mid-Tier Actor, Elevated Tooling
Huntress describes the attacker as "mediocre" — an unsophisticated operator empowered by AI tooling. This distinction is crucial: the danger lies not in AI "hacking" autonomously, but in the lowering of the competency threshold required to produce functional, evasive code. The result is an inflation of threat actors capable of actions previously reserved for more structured groups, with a footprint defense must learn to read beyond file statics.
The message for the industry is that defender training and control design must anticipate a context where malicious code is infinitely variable but behavior remains categorizable. The detection of the future watches the "how," not the "what."
Sources
- https://www.infosecurity-magazine.com/news/vibe-coded-malware-ai-powershell/
- https://www.huntress.com/blog/ai-coded-malware-vibe-coding-active-directory
- https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ai-written-malware-vibe-coded-campaign/
- https://nvd.nist.gov/vuln/detail/CVE-2026-50656
- https://cyberpress.org/ai-coded-vibe-coding-map-active-directory/
- https://thehackernews.com/2026/03/weekly-recap-qualcomm-0-day-ios-exploit.html
- https://nvd.nist.gov/vuln
- https://nvd.nist.gov/vuln/search
- https://nvd.nist.gov/vuln/categories
- https://nvd.nist.gov/vuln/data-feeds
- https://nvd.nist.gov/vuln/vendor-comments
Information verified against cited sources and current as of publication.