The Droid Wars: Breaking up an AI‑orchestrated cyber fraud campaign

In October, a sophisticated cyber operation attempted to exploit an AI software development platform by integrating it into a global network for unauthorized use of large language models (LLMs). The attackers, suspected to be a China-based group with possible state links, used AI coding agents to generate and maintain infrastructure, adapting rapidly to defenses and orchestrating traffic from thousands of synthetic organizations. Their objective was to exploit free compute resources at scale, reselling access and masking various activities, including cyber-crime. The attack mirrored similar incidents in the industry, highlighting the growing trend of AI in cyber-crime. The platform's response involved leveraging its own AI systems, specifically Droid, to detect and mitigate the attack in real-time, achieving significant reductions in fraudulent activity. This incident underscored the necessity for AI-assisted defenses to counter AI-enabled threats, as traditional security measures struggle to keep pace with the speed and sophistication of AI-powered attacks.