This DeepSeek-powered pen testing tool could be a Cobalt Strike successor – and hackers have downloaded it 10,000 times since July

Hacker working on a desktop computer with dual monitors in a room with red lights.

(Image credit: Getty Images)

Hackers are deploying a new AI-native penetration testing tool for sophisticated attacks in an industry first, according to new research.

Cybersecurity firm Straiker has warned that ‘Villager’, a tool developed by a China-based red team project known as Cyberspike, is already being used to automate attacks under the guise of penetration testing.

Villager leverages the Kali Linux toolsets and DeepSeek v3 to automate attacks, and is easily accessible via the official Python Package Index (PyPI).

Based on user prompts it can exploit vulnerabilities in a given domain, launch attacks using multiple tools to ensure a victim is breached, and establish persistence for attackers in compromised systems.

“The framework's most dangerous innovation lies not in any single capability, but in how it seamlessly integrates multiple attack vectors through intelligent task orchestration,” wrote Dan Regalado, principal AI security researcher at Straiker, and Amanda Rousseau, member of technical staff at Straiker.

“By combining containerized Kali environments, browser automation, direct code execution, and a 4,201-prompts vulnerability database, all coordinated by AI decision-making, the framework dramatically lowers the technical barrier for conducting complex attacks.”

Researchers at Straiker compared Villager to Cobalt Strike, a legitimate penetration testing tool that has been widely used by hackers for illegitimate purposes.

In March, Fortra and Microsoft announced an “aggressive campaign” against hackers using Cobalt Strike across over 200 malicious domains. Malicious use of the tool on a daily basis dropped 80% as a result.

Villager pen testing tool is a step above Cobalt Strike

Unlike the scripted attacks possible via Cobalt Strike, the AI-powered Villager is capable of complex attacks based on natural language prompts.

For example, researchers noted that when Villager detects a victim’s domain using WordPress, it will launch an attack using the WordPress vulnerability scanner WPScan, for which it creates a custom Kali container.

If an API endpoint is detected, on the other hand, Villager may use browser automation to attempt a breach through a victim’s authentication workflow.

Each successful step is verified by the tool, which can dynamically adapt its vector depending on the context of the attack. Similarly, each Kali Linux container Villager creates, which can contain a range of cybersecurity tools, has built-in mechanisms to wipe themselves after 24 hours to prevent detection.

The tools’s command and control (C2) system, accessed via its Python-based FastAPI connection, ensures each attack is broken into manageable subtasks that are handled by its AI model.

Outputs are standardized using the data validation library Pydantic, researchers added. This ensures each decision Villager makes is reliable and follows on from its previous steps.

All of this points to an organic, sophisticated methodology that opens the door to more attacks from inexperienced attackers, researchers warned. Since it was published on PyPI in July 2025, Villager has been downloaded more than 10,000 times.

The authors at Straiker warned the tool could lead to more automated attacks by hackers using off the shelf tools. They also cautioned that attacks of this kind could speed up the rate at which attackers can discover new vulnerabilities and exploit them, shrinking the detection and response window for cybersecurity teams.

Straiker tracked Cyberspike as having first appeared on a domain established in November 2023, by the supposed AI firm Changchun Anshanyuan Technology Co.

The authors wrote that no evidence of such a company exists on Chinese social media, though archived pages show it sold Cyberspike as a remote administration tool (RAT) in 2023.

Make sure to follow ITPro on Google News to keep tabs on all our latest news, analysis, and reviews.

MORE FROM ITPRO

TOPICS

Rory Bathgate is Features and Multimedia Editor at ITPro, overseeing all in-depth content and case studies. He can also be found co-hosting the ITPro Podcast with Jane McCallion, swapping a keyboard for a microphone to discuss the latest learnings with thought leaders from across the tech sector.

In his free time, Rory enjoys photography, video editing, and good science fiction. After graduating from the University of Kent with a BA in English and American Literature, Rory undertook an MA in Eighteenth-Century Studies at King’s College London. He joined ITPro in 2022 as a graduate, following four years in student journalism. You can contact Rory at rory.bathgate@futurenet.com or on LinkedIn.