Attackers are exploiting AI faster than defenders can keep up, new report warns

cyberscoop.com · Gaishan · 17 days ago · view on HN · threat
0 net
Tags
browser exploit facebook malware microsoft phishing supply-chain
Attackers are exploiting AI faster than defenders can keep up, new report warns | CyberScoop Skip to main content Advertisement Advertise Search Close Search for: Search Advertisement Subscribe to our daily newsletter. Subscribe Close Cybersecurity is entering “a new phase” as artificial intelligence tools have matured and given IT defenders significantly less time to respond to cyberattacks and other threats, according to a new report released Monday. The report , authored by federal contractor Booz Allen Hamilton, concludes that threat actors have adopted AI more quickly than governments and private companies have adopted it for cyber defense. It points to multiple incidents over the past two years, like attacks carried out with the help of Anthropic’s Claude, that show both cybercriminals and state-sponsored hacking groups are moving and scaling faster than ever before. Brad Medairy, executive vice president and lead for Booz Allen’s National Cyber Business, told CyberScoop that one of the biggest advantages LLMs have given to attackers is the ability to identify places where the windows are “slightly open” – obscure weaknesses in a system like a perimeter vulnerability — and then quickly use an exploit to establish persistence. Advertisement “If you have a vulnerability in your perimeter and the adversary gets inside the wall, at that point they’re going to be moving at machine speed,” he said. Booz Allen’s report argues that most defensive cybersecurity operations, by contrast, still rely on slower, human-oriented processes that can struggle to keep up with that faster tempo. For example, when the Cybersecurity and Infrastructure Security Agency adds a CVE to its Known Exploited Vulnerabilities list, defenders are given 15-day timelines to implement a patch. That would be insufficient for something like HexStrike, an open source AI security framework popular with cybercriminals that exploited “thousands” of Citrix Netscaler products in less than 10 minutes using a single critical CVE . Booz Allen Hamilton sells AI cybersecurity tools, but the primary conclusions of the report fall in line with what other third-party and independent cybersecurity experts say, namely that large language models have been a boon to cybercriminals and nation-states. The report describes two general models’ malicious actors have for using AI. Advertisement In one, it becomes an amplifier for their individual hacking operations. This approach uses LLMs to add speed and scale to what hackers are already doing, while keeping the human in the loop on key decisions. Using this approach, “a single operator using agentic tooling can run reconnaissance, exploitation and follow-on actions across dozens of targets at once.” The other model, called “orchestration” is more akin to vibe coding, connecting the LLM to offensive security tools, pointing it at a target and setting the agent’s limits and parameters. Medairy said it’s likely that regulation and policies around AI will continue to lag behind its development, forcing cybersecurity officials to make hard decisions around shifting to automated and AI-assisted defenses to keep up. In this scenario, organizations would plan and run tabletop exercises ahead of time to game out how their AI agents should respond to an ongoing attack, what limits or parameters to set, and what assets to prioritize. But there are real risks to handing over critical cyber or IT functions to an AI system. Amazon has dealt with multiple outages related to software changes made automated through AI, and recently required its senior engineers to personally sign off on any AI-assisted code changes. Medairy acknowledged the risks but noted that “the adversary gets a vote” and has already moved to exploit AI systems for offensive security, so defenders are going to have to reevaluate what “acceptable risk tolerance” looks like when it comes to defense at machine speed. Advertisement “I think that we’re going to be forced to kind of move outside of our comfort zone and really embrace some of this more automated remediation much faster than we’re probably comfortable with,” he said. Share Facebook LinkedIn Twitter Copy Link Advertisement Advertisement More Like This Advertisement Top Stories Advertisement More Scoops The main headquarters of the FBI, the J. Edgar Hoover FBI Building. The author of a new study told CyberScoop “I’m very worried” as he described deanonymization capabilities of AI as a “large scale invasion of privacy.” Researchers at Zenity Labs discovered flaws affecting multiple AI browsers, including Perplexity’s Comet. Before being patched, an attacker could exploit them via a legitimate calendar invite, using a prompt injection to force the AI browser to act against its user. (Image via Getty) Latest Podcasts What happens if CISA 2015 lapses? What comes next for Trump’s cybersecurity plan? A plea to improve quantum security in the federal government T-Mobile’s Eric Jensen on the challenge of securing vast supply chains Government CISA official advises agencies not to get too hung up on who takes lead in critical infrastructure sectors Washington is right: Cybercrime is organized crime. Now we need to shut down the business model Authorities takedown global proxy network SocksEscort Officials worry Salt Typhoon apathy is killing momentum for tougher telecom security rules Technology Microsoft’s monthly Patch Tuesday is first in 6 months with no actively exploited zero-days Critical defect in Java security engine poses serious downstream security risks Sean Cairncross lays out what’s coming next for Trump’s cyber strategy Cisco reveals 2 max-severity defects in firewall management software Threats Zero lessons learned: Convicted scammer allegedly ran another athlete-focused phishing scam from federal prison The ransomware economy is shifting toward straight-up data extortion Stryker attack highlights nebulous nature of Iranian cyber activity amid joint U.S.-Israel conflict Feds say another DigitalMint negotiator ran ransomware attacks and helped extort $75 million Policy The long-awaited Trump cyber strategy has arrived Congress looks to revive critical cyber program for rural electric utilities Across party lines and industry, the verdict is the same: CISA is in trouble State Dept. official says post-quantum transition plans will outlive current leadership Advertisement Close Ad Continue to CyberScoop
← Back to stories