Agentic AI is Automating Live Intrusions in Latin America

In a discovery that underscores the rapid evolution of the threat landscape, TrendAI Research has identified two distinct, emerging campaigns that have successfully integrated agentic AI into their live intrusion operations. These groups, tracked as SHADOW-AETHER-040 and SHADOW-AETHER-064, have been observed using AI to target government and financial institutions across Latin America with alarming efficiency.

The report notes a realization for defenders: “AI-assisted attacks are emerging as a broader trend across threat actor groups”.

While both groups share remarkably similar tactics and tools, researchers believe they are separate entities. The primary differentiator is linguistic:

• SHADOW-AETHER-040: Primarily Spanish-speaking, this group targeted six government entities in Mexico in late 2025.
• SHADOW-AETHER-064: Likely Portuguese-speaking, this group emerged in April 2026, focusing on financial organizations in Brazil.

SHADOW-AETHER-040 utilized a specialized agentic command-line interface (CLI) tool. This tool acted as a bridge, sending prompts to Anthropic’s Claude and executing attack commands based on the AI’s responses.

What makes this approach particularly dangerous is how the AI maintains context. The agent documents every step of the workflow in Markdown files. This allows it to “restore the prior operational context by reading through the Markdown files… and continue work on the unfinished tasks at any time”.

Key delegated tasks included:

• Jailbreaking via Deception: Attackers bypassed AI safety filters by claiming they were conducting “authorized red team exercises”.
• Backdoor Deployment: The AI renamed malicious binaries (e.g., pg_stat_worker) and implanted them into hidden directories to evade notice.
• Reconnaissance: The agent used tools like Shodan and VulDB to identify attack surfaces and application vulnerabilities.

One of the most unique findings in the report is the emergence of AI-generated backdoors like implante_http. Researchers identified several “telltale” signs of AI authorship within the code:

• Explanatory comments that clarify code function to the user.
• Iterative “vibe coding” signs, such as extensive notes explaining changes before and after modifications.
• Emoji icons used within program messages.

“The AI agents dynamically generated multiple hacking tools and scripts, rather than relying on pre-built hacking tools,” the report explains. This strategy is highly effective because it “reduced the likelihood of detection by traditional security solutions that rely on known tool signatures”.

Both campaigns leveraged ProxyChains, SSH, and SOCKS5 tunnels to allow the AI agent to operate directly within internal networks. SHADOW-AETHER-064 even developed custom tools like “POW” (Proxy over Web) and “SOCKTZ” to encapsulate malicious traffic within standard HTTP requests, further hiding their presence from network monitoring tools.

TrendAI Research observed cases where attackers still failed because the targets maintained strong security fundamentals. The report concludes with a reminder: “While AI agents can accelerate attacks, they cannot conjure vulnerabilities and misconfigurations”. Timely patching, zero-trust controls, and rigorous monitoring remain the best shields against this new era of automated aggression.