How AI's rise is creating new cyber threats
What's the story
The rise of generative artificial intelligence (AI) is creating a new wave of cyber threats, according to cybersecurity experts. Hackers are now using AI tools against users, posing a major challenge for cybersecurity defenses. Simple actions like accepting a Google Calendar invite or an Outlook email can trigger connected AI programs to steal sensitive data without raising any alarms.
Deployment issues
Reckless AI product deployments pose risks
The rapid and sometimes reckless pace of new AI product deployments is also a major concern. This is often driven by executives wanting to please investors or employees acting on their own, even against their IT departments' wishes. Alex Delamotte, a threat researcher at security firm SentinelOne, said it's unfair that AI is being integrated into every product when it introduces new risks.
Tool vulnerabilities
AI tools now writing code
Despite mixed results on AI effectiveness, most software developers have adopted tools that write code, including those from major AI companies. However, some studies suggest these tools are more likely than human programmers to introduce security vulnerabilities. The more autonomy and access to production environments such tools have, the more damage they can cause.
Attack strategy
Supply-chain attack used AI manipulation
In August, a supply-chain attack was carried out using AI manipulation. Hackers published official-seeming programs modifying Nx, a widely used platform for managing code repositories. Hundreds of thousands of Nx users unknowingly downloaded these poisoned programs. The hackers then directed the malicious code to seek out account passwords, cryptocurrency wallets, and other sensitive data from those who downloaded them.
Ransomware development
Ransomware campaign run by AI
AI is being used directly by attackers as well. Anthropic recently revealed that it had discovered an entire ransomware campaign run by someone using AI to do everything. AI is being used to find vulnerable systems at a company, attack them, evaluate stolen data, and even suggest a reasonable ransom to demand. The criminal didn't even have to be a very good coder due to advancements in interpreting natural language.
Flaw discovery
Advanced AI programs discover 0-days
Advanced AI programs are also being used to discover previously undiscovered security flaws, or "zero-days," that hackers highly prize. In a contest held last month by the Pentagon's Defense Advanced Research Projects Agency, seven teams of hackers developed autonomous "cyber reasoning systems" and found 18 zero-days in 54 million lines of open-source code. Although they tried to patch those vulnerabilities, officials warned similar efforts are being developed globally to exploit them.