There’s a common misconception in the industry. The biggest threat from AI is not new cyberattacks, but rather the way it hastens the cyberattack kill chain. This speed is increasingly challenging and puts defenders at a quick disadvantage. Today’s talent gap means security operations centers are stretched thin, dealing with analyst fatigue, and less prepared to meet pace.
Recent data shows the average length of time it took organizations to respond to and contain a security alert, from initial detection to resolution, was two weeks. However, attackers are only getting faster: in a quarter of cases, the time from compromise to exfiltration was less than five hours. As AI enables attackers to swiftly breach defenses, pinpoint valuable data, and get out without being caught, defenders are finding themselves dangerously behind.
With AI changing the tempo of cyberattacks, it is critical for organizations to spend less time worrying about undiscovered, obscure, new types of cyberattacks, and focus on what they know they can reinforce: the state of their current cyber hygiene. Now is the time to double down on the fundamentals.
GenAI is reshaping the cyber threat landscape, blurring the line between authentic and deceptive communication. Phishing now accounts for 77% of all attacks as threat actors impersonate legitimate platforms like LinkedIn, DocuSign and PayPal to deliver… Continue reading
Accelerating the Technical Kill Chain
AI is accelerating the same tactics we’ve seen for years–the difference is the speed and scale. What once required large teams and substantial time is now being executed by fewer people in a fraction of the time, given bad actors are automating a significant portion of the process. Just recently, we learned hackers from China orchestrated a large-scale, automated cyberattack on both major corporations and foreign governments.
GenAI enables vibe hacking, acting as a co-pilot across the entire kill chain. Attackers can now use AI to quickly scan for vulnerabilities, develop malware tailored to those weaknesses, and extract important, sensitive data–all while letting AI do the heavy lifting. Once this data is extracted, attackers don’t have to spend days sifting through the files; they use generative models to help them analyze the data quickly and effectively to understand their leverage.
Escalating the Effectiveness of Social Engineering Methods
Generative AI has also renewed hackers’ focus on social engineering. We’re seeing simple phishing scams morph into complex, targeted attacks that more effectively fool humans, with data showing that AI-generated emails with malicious links achieved a 54% click-through rate.
The reconnaissance phase of social engineering, specifically, is being completely transformed. Traditionally, creating a believable spear phishing email required significant time, commitment, and manual research into things like LinkedIn profiles, social posts, company pages, and more. Now, attackers are automating this research, adding an entirely new layer of tailored intelligence. AI’s ability to generate convincing materials not only accelerates how quickly hackers can push out these campaigns, but also increases their success rate, allowing them to deceive more victims in less time.
We’ve even seen AI used to support foreign adversary missions in real-time, including recent reports of companies unknowingly hiring North Korean agents as IT remote workers. These missions, designed for espionage or income generation for nation states, are enabled by AI for things like persona development, filling out applications and passing interviews, and even the execution of their day-to-day work. This makes it easier for attackers to “blend in” with other employees, giving insider threats a new meaning.
A Guide for Defenders
There continues to be much hype around emerging AI threats, but more often than not, threat actors are finding success with the same, well-known vulnerabilities-–signaling a strong need for a focus on, and improvement in, the fundamentals.
The majority of work will come from using new strategies, many of which themselves leverage AI, to speed and strengthen existing procedures and mitigations; everything from education, to multi-layer defense, to threat intelligence. Organizations should focus on uplifting “basic” cyber hygiene with AI-enabled solutions that provide insight into risks, exposures, and appropriate mitigations. These solutions can increase security by more efficiently identifying blind spots, enhancing threat hunting, providing better detections, prioritizing patching, detecting unusual behavior within enterprise infrastructure, and much more.
For organizations integrating AI models into their products and introducing agents into their production workflows, these systems represent the obvious “new” security threat in today’s AI landscape. Yet even here, the right controls are grounded in the fundamentals, like strong governance controls, red teaming/penetration testing, a solid incident response plan, and secure-by-design architecture. What changes with the introduction of AI systems is the need for processes geared toward the new threats: identify where AI-specific risks may emerge, measure the severity of these risks, mitigate them through a new class of controls, and finally, prepare for future attacks by creating an updated incident response plan and playbooks to consider AI threats.
Facing the Reality of AI-Driven Threats
Moving forward, it will be critical for security leaders to keep up with the latest threat developments and look past the hype. There is considerable fear and uncertainty around how AI may, or may not, be creating unprecedented threats – but focusing on building resilience to address current attack capabilities is where leaders should put their time and energy.
The reality of today’s threat landscape is that attackers are finding plenty of success exploiting the same methods they have used for the past several decades, adding AI into the mix is making them much better and faster.
This is a call for security leaders to face the threat in front of them and double down on the security basics at accelerated speed – especially if they want to keep ahead in the AI era.
