What Bitsight Threat Intelligence is seeing
This is where threat intelligence becomes more important, but also more complicated. AI-related signals are noisy. A search for “AI in the middle” can surface everything from legitimate AI research to irrelevant pastebin chatter to actual adversary infrastructure. The value goes beyond just finding mentions of AI to instead understanding which signals matter, which are benign, and which could point to real exposure or attacker behavior. Prioritization, if you will.
Bitsight Threat Intelligence shows exactly why that distinction matters. In one Bitsight Threat Intelligence search for AI MITM and AiTM-related language, we saw results across a range of sources, including dark web chats, invite only messaging channels, underground forums, paste sites, and criminal marketplaces. Some results were clearly irrelevant. One pastebin result, for example, discussed AI in climate and weather modeling. It mentioned “AI in the middle” in a completely benign context.
For security analysts, there isn’t time to sort through this kind of noise. Security folks need contextualized and prioritized data at their fingertips. It shows why defenders cannot stop at keyword matching. A raw mention of AI does not equal a threat. A raw mention of AiTM does not automatically mean a campaign is targeting your organization. Context is everything.
But Bitsight Threat Intelligence also found much more relevant activity. In one underground forum example, a user asked for an AiTM service similar to known 2FA-bypass phishing kits. The same user also expressed interest in logs containing payment-card verification data for major retail sites, incredibly relevant to PCI DSS. In the replies, another user offered to build AiTM, BiTM, or MiTM systems, while a separate reply pointed toward tooling associated with cookie and session theft. Remember, they just need to get the right cookie or the right session to bypass the MFA. This shows visible demand for adversary-in-the-middle tooling and related credential, cookie, and session theft capabilities.
In another Bitsight Threat Intelligence result, an underground forum post advertised custom reverse-proxy and AiTM systems for major cloud, email, retail, advertising, and identity platforms. The seller described capabilities such as credential and cookie capture, evasion features, session handling, dashboards, notifications, and compatibility with antidetect browser workflows. Again, the details matter less than the pattern. This is not just one-off experimentation. AiTM capabilities are being discussed like a product. That should get the attention of any security or risk team.
Bitsight Threat Intelligence also surfaced threat actor names in discussions related to AiTM, AI-enabled activity, or adjacent threat activity, including Secret Blizzard, APT28, Forest Blizzard, Cordial Spider, ShinyHunters, Scattered Spider, Fancy Bear, Turla, and Evasive Panda. The immediate takeaway should not be panic. It should be prioritization.
Actor names appearing in search results are not the same thing as confirmed attribution. They are signals to investigate. Which mentions are meaningful? Which are just noise? Which are tied to known tactics, infrastructure, victims, or exposed assets? Which ones connect back to your organization, your vendors, or your industry? That is where threat intelligence earns its keep: not by showing every mention, but by helping teams understand which ones matter.
Why this is bigger than AI security
This is why AI risk cannot be treated like some neat, separate category that lives in its own little box. It touches identity, data governance, vulnerability management, vendor risk, attack surface management, and business resilience. And, of course, it does not stop at your perimeter. We have seen time and time again that threat actors are shifting towards large-scale blast radius attacks. They are targeting your critical vendors in order to increase pressure for a ransom payment. Bitsight heavily discussed this topic in our recent 2026 State of the Underground report.
AI is everywhere within your supply chain. Do you know where, how it's utilized, how your data is ingested or connected to various AI platforms? If you don't, you should. Having visibility into vulnerabilities, supply chain, and who is targeting you and your network will play a pivotal role in prioritization and protecting your assets.
How Bitsight can help
You cannot manage AI risk if you cannot see the ecosystem it lives in. Bitsight helps organizations understand cyber risk across their own attack surface, third-party ecosystem, and threat landscape. AI is not being adopted in one neat, centralized place. It is showing up across tools, vendors, workflows, attacker tradecraft, and business processes.
Bitsight Threat Intelligence helps security teams monitor and contextualize activity across open, deep, and dark web sources. That context matters when AI-related signals range from benign research chatter to underground forum posts advertising AiTM services.
With Bitsight, security and risk teams can move beyond point-in-time assumptions and build a more continuous view of where cyber risk exists, how it is changing, and which relationships, assets, actors, or exposures need attention first.
The goal is not to scare people away from AI. That ship has sailed. AI is going to be part of how we work. In many places, it already is. The goal is to make sure we are not adding speed, access, and automation to business-critical workflows without also adding visibility, governance, and accountability.
The bottom line
At the end of the day, AI MITM is really a trust issue. We are putting AI between people and systems, between vendors and services, and between data and decisions. Attackers can use AI in the middle of their own workflows too. While that can create enormous value, it can also create blind spots. When AI has unprecedented access and permissions, we lack the visibility into several critical, interconnected layers of security and operations.
The organizations that handle this well will not be the ones that ban AI or blindly embrace it. They will be the ones that ask better questions: Where is AI sitting in our workflows? What can it access? What can it do? Who governs it? Which vendors are using it? Where could it introduce risk we cannot currently see? And which threat signals actually matter to us? Because AI may be new, but the security lesson is not: you cannot protect what you cannot see. AI is an incredibly powerful and useful tool that organizations should leverage, they should also ensure the right guardrails are in place to protect assets.