Dynamic tool generation is the on-demand creation of scripts, commands, or small utilities tailored to a specific task. In cyber security, it often means an attacker or agentic system does not rely on one reusable malware package, but instead produces disposable tooling during an operation.
This matters because custom-generated tools are harder to fingerprint with hashes, signatures, or static rules. Each run may look different, even when the underlying behavior is similar. In attacks, dynamic generation can support phishing, reconnaissance, credential access, or lateral movement with short-lived code that is quickly modified after failure. In defense, teams counter this by focusing on behavior: restricting which tools an AI agent can call, requiring human approval for sensitive actions, logging command execution, and watching for unusual process chains or network activity rather than only known file patterns.