If you are a Mac user and you’re worried about how criminals are using AI, this report is for you. Here, we look into the new methods used in AI threats. We talk to leading cybersecurity experts to learn more, and we offer some simple tips and suggestions on how you can keep your digital life private and safe, and your Mac security strong.
What Mac users should know about AI cyber threats today
On May 11, Google Threat Intelligence Group (GTIG) released a new report on AI threats. As before, criminals continue to use AI to scan for weakness, generate deep fakes and fake news, and even code new skills into malware. Some noteworthy AI enhancements include the trend to go after passwords, 2FA, biometrics, and basic foundational elements that keep your accounts secure.
All of the threats in the GTIG report are nation-state operations linked to Russian-nexus actors, the People’s Republic of China (PRC), and the Democratic People’s Republic of Korea (DPRK). However, similar techniques are applied in the global cybercriminal and scammer world, making all of this relevant to your Mac security.
Keep your Mac safe from AI-powered threats
“The biggest takeaway from GTIG’s report is that AI is no longer just helping attackers write better phishing emails,” Mona Rajhans, Senior Engineering Manager at Palo Alto Networks, told us.
“It (AI) is starting to help them reason, adapt, and operate across the attack lifecycle,” said Rajhans.
GTIG’s examples around AI-assisted reconnaissance, deepfake content, obfuscated LLM access, and AI-enabled vulnerability discovery show that attackers are using AI to scale the parts of cybercrime that used to require more time and expertise, Rajhans explained. “That means better phishing lures, more believable impersonation, faster vulnerability research, and more automated account abuse.”
Old criminal ways are renewed, accelerated, and enhanced with AI
According to the Google report, threat actors are using AI not in new ways but, rather, to enhance the old ways.
Finding weaknesses and ways to breach your Mac faster
Threat actors use AI for faster scans to find weaknesses in your operating systems and develop exploits that leverage those weaknesses as a way into your digital environment. GTIG said that for the first time, they identified a threat actor using a zero-day exploit that “they believe” was developed with AI.
AI-augmented development for defense evasion
The term “AI-augmented development for defense evasion” is just a fancy phrase that speaks to how AI is changing malware to evade security tools and is being used to automate the creation of malicious infrastructure. Malicious infrastructure includes fake websites and large-scale email phishing, as well as more complex factors related to networks, servers, IoCs, and payloads.
AI is also being used to create “polymorphic” malware. In polymorphic software, the functions or code remain the same, but the outside shell changes shape. Criminals do this to serve unique malicious content that, because it has no fixed strings, cannot be identified or flagged by cybersecurity tools.
“The report demonstrates an evolution in both cyber capabilities and operational sophistication,” Dane Sherrets, Staff Innovations Architect of Emerging Technologies at HackerOne, told us.
In the early days, LLM used by cyber criminals primarily functioned as a helpful copilot, said Sherrets. “However (today), there are now fully agentic flows and processes that enable complex attacks previously not possible for small groups of threat actors.”
What does this mean for average end users? “From the user perspective, this means that we should expect to see a higher quality and quantity of attacks in the near future,” Sherrets from HackerOne said.
New AI deep fake campaigns and account targeting
The above-mentioned ways that criminals are using AI are all technical advances of capabilities that have been in the making for some time. While these are noteworthy, there are 2 other ways they are using AI that really caught our attention.
Criminals are using AI to create new, advanced deepfakes on a large scale. This includes “Operation Overload,” in which Russian threat actors are targeting Ukraine with fake news.
“Actors from Russia, Iran, China, and Saudi Arabia are producing political satire and materials to advance specific narratives across both digital platforms and physical media, such as printed posters,” said GTIG in their latest report.
Actors from Russia, Iran, China, and Saudi Arabia are producing political satire and materials to advance specific narratives across both digital platforms and physical media, such as printed posters.
Google Threat Intelligence Group (GTIG)
Another important trend that several AI threat campaigns show a movement toward is the push to go after the most secure foundational technologies, which average end users around the world use to secure their accounts.
If AI threats breach things like biometrics, 2FA, and authentication apps, and if they can successfully manipulate SMS verification processes, that would become a real problem for all users.
What we have been seeing in AI threats at the Moonlock Blog
At the Moonlock Blog, we have also seen threat actors and criminals using AI in other ways. Back in mid 2025, we reported that AI-powered impersonation scams were up 148%, and in early 2026, we saw how AI-coded Mac malware was being spread via a fake (fully functional) Grok AI website.
Bad actors are also leveraging the shareable AI chat feature to spread malicious ClickFix macOS stealers and luring users to these ClickFix instructions by running ads on the Google Ads platform.
We reported twice on this technique. One instance was recently, on May 15, 2026, in the report “Hackers are using shared Claude chats to drop malware.” The first time was back in December 2025, when threat actors used the exact shareable chat feature technique of ChatGPT and Grok to distribute the macOS stealer AMOS.
Another trend, linked to AI threats, is not the malicious use of AI itself, but the targeting of the broader digital environment AI is connected to. For example, on April 10, North Korean threat actors modified the legitimate Axios update package, a technology used by millions of people around the world.
In another supply chain attack case, criminals targeted OpenClaw, a viral open-source online hub where millions of international users create autonomous AI agents. In that campaign, threat actors created a fake OpenClaw developer package that sought to pass as OpenClaw software. Those who installed that package were breached with the MacSync stealer.
AI developer resources on npm, GitHub, Visual Studio, OpenClaw, and other dev platforms have all been documented to contain, to different degrees, malicious content or malware.
Obfuscated LLM Access: How do criminals and hackers log in to AI platforms in the first place?
“Obfuscated LLM access” is a term found in the GTIG report used to describe the way in which criminals manage to use AI platforms and models for illicit activities. Because AI models have limits and security guardrails—and because they are supposed to flag and block accounts that do suspicious things like generate malware code and create ClickFix instructions or large volume phishing emails—criminals need to find “obfuscated” ways to bypass these security guardrails.
GTIG said that threat actors are creating fake AI platform accounts, which they rotate when blocked, and hacking into the supply chain of AI platforms, such as AI APIs or desktop software that allow users to use different models.
It is noteworthy that, for some reason, hackers and threat actors are not using open-source models, operating from in-house resources and servers. Instead, they are using public AI models like the ones almost everyone uses.
AI accounts and cybercrime: Do you have a paid or premium AI account? You should read this to keep it safe.
Due to the limited restrictions of free models, it is likely that criminals are, or will, target paid AI subscription accounts. We asked experts for their thoughts on this AI account takeover.
“Mac users with premium LLM accounts should treat them like high-value accounts, not casual apps,” Rajhans from Palo Alto Networks told us.
Rajhans said users with paid AI accounts should:
- Use phishing-resistant multi-factor authentication (MFA) where possible.
- Avoid installing untrusted AI desktop clients or browser extensions.
- Review connected app permissions.
- Separate work and personal AI usage.
- Be cautious when an AI tool asks for access to email, files, code repos, or cloud storage.
Using AI to go after your accounts, 2FAs, and biometrics
The GTIG report highlights 2 campaigns where threat actors are using AI to go after the tech that secures your accounts. One of them exploits a vulnerability to bypass 2FA.
“Our analysis of exploits associated with this campaign identified a zero-day vulnerability implemented in a Python script that enables the user to bypass 2-factor authentication (2FA) on a popular open-source, web-based system administration tool,” the GTIT report reads.
Another threat is PROMPTSPY. While this is a piece of Android malware, specifically a backdoor, it is notable that the malware can extract biometrics, which are used to secure accounts.
If 2FA, MFA, SMS, authentication apps, and biometrics are eventually hacked by criminals using the most advanced frontier AI models, how will all accounts be secured? Will new authentication technologies emerge due to AI cyberattacks?
Frontier AI models are the most advanced out there today. Sherrets from HackerOne told us that criminals and threat actors are taking great pains to leverage the frontier models in their campaigns.
“Based on what the attackers are doing (i.e., creating clusters of accounts and leveraging them), it is reasonable to assume that in the future, end users may be asked to provide more identity information.”
How to stay safe from the new ways of AI cyber threats
Threat actors will continue to evolve their use of AI in many ways. On your end, there are several things you can do to strengthen your security posture.
Get Moonlock. It can detect and shut down AI threats and malware before they breach your Mac.
The Moonlock antivirus app can detect, flag, and shut down malware, whether AI-powered or not. The app is constantly updated by a team of in-house Mac-focused cybersecurity experts who collaborate with the wider global cybersecurity community. The result? You get protection against the latest threats, even before Apple issues security updates with patches.
The Moonlock app also comes with a built-in VPN for safe browsing, can block countries if you are concerned about how your data is treated abroad, and has a built-in Scam Detector to help you identify any phishing attempt.
Additionally, the Moonlock app will scan your Mac’s security settings and walk you through how to turn them up to higher levels in simple steps. Through the Security Advisor feature, the Moonlock app also offers advice on how to build and maintain healthy digital habits.
You can check out and test-drive Moonlock for free for 7 days.
Monitor your accounts and enable notifications for suspicious activity
AI is being used to breach account access authentication technologies, like 2FA and biometrics, as mentioned in the GTIG report. While this does not mean criminals are now using AI at scale to access any and all accounts, it is a good idea to start thinking of other ways you can keep your valuable accounts safe.
Enabling notifications that warn you when someone asks for a 2FA or MFA code on one of your accounts, or that warn you when a device tries to log in to your accounts, can help you flag suspicious activity, deactivate unknown linked devices, and change your passwords before someone breaches your account and data.
Watch your AI accounts, especially if they are premium or paid plans
To date, there are no widespread AI account takeovers reported. However, this could change any day. If you have a paid AI plan or you have a company and empower your workers with paid AI plans, it is a good idea to think about how to secure them. Learn about your AI security through your AI provider and ask them about your options to keep your paid and premium AI accounts safe.
Secure your financial accounts and wallets
While nation-state threats usually target high-level individuals, common cybercriminals also use AI in their attacks and are looking mostly for one thing: your digital money. Make sure all your bank apps and crypto wallets have high security reviews, and add security layers to them.
Keeping your financial digital surface on a separate device, away from your Mac, is also recommended. Additionally, know that browser extension crypto wallets are the most targeted by macOS cybercriminals. Keep them funded with the minimum amount, so that even if they’re breached, the bad actors take little to nothing.
Final thoughts
The never-ending competition between threat actors and the cybersecurity community is being intensified by AI, which will continue to play a role in the evolving threat landscape. And while it does impact end users like you, it shouldn’t feel like an internal struggle. Learn more about AI, your tech, and your security to know where you stand and what you can do about it, and follow the tips in this report to stay safe from AI threats.
This is an independent publication, and it has not been authorized, sponsored, or otherwise approved by Apple Inc. Mac and macOS are trademarks of Apple Inc.
