A new AI-native penetration testing tool called Villager has reached nearly 11,000 downloads on the Python Package Index (PyPI) just two months after release.
The framework, developed by the Chinese-based group Cyberspike, combines Kali Linux utilities with DeepSeek AI models to fully automate penetration testing workflows.
The tool, originally positioned as a red team solution, integrates an automation layer that lowers the barrier to conducting sophisticated attacks.
Villager’s rapid adoption echoes the trajectory of Cobalt Strike, which was created for legitimate use but later became a favorite among cybercriminals.
How Villager Works
According to security experts at Straiker, who discovered the campaign, Villager operates as a Model Context Protocol (MCP) client and orchestrates a range of tasks using AI. Its capabilities include:
-
On-demand creation of Kali Linux containers for network operations
-
Browser automation for web application testing
-
Real-time decision-making powered by a database of more than 4200 prompts
-
Self-destructing containers designed to evade forensics
These features enable operators to issue natural-language commands, which Villager automatically translates into technical attack sequences.
Read more on AI-powered cybercrime: AI-Forged Military IDs Used in North Korean Phishing Attack
Potential Enterprise Impact
The availability of Villager raises concerns over dual-use abuse.
Security analysts at Straiker warned that less-skilled actors could leverage the framework to run advanced intrusions with speed and efficiency.
Potential consequences for enterprises include:
-
More frequent and automated scanning and exploitation attempts
-
Compressed detection and response windows due to faster attack cycles
-
Increased exposure through developer environments and CI/CD pipelines
Cyberspike’s Background
Cyberspike first appeared in November 2023 under the name Changchun Anshanyuan Technology Co., a Chinese company registered as an AI and software developer.
Archived records revealed the group repackaged known hacking tools, including AsyncRAT and Mimikatz, into offensive frameworks. Its latest release, Villager, builds on this pattern by merging red team technologies with AI-driven orchestration.
Straiker warned that Villager represents more than a single tool. It highlights a broader shift toward AI-powered persistent threats.
“The discovery of this framework in active use on VirusTotal confirms that AI-orchestrated attack tools are already deployed in the wild,” the team said.
“In the wrong hands, frameworks like Villager accelerate the proliferation of AiPT (AI-powered Persistent Threats), a new class of AI-driven, agentic cyber-attacks Straiker has coined where autonomous engines plan, adapt and execute campaigns at scale.”
