AI is about to supercharge cyberattacks
 Illustration: Aïda Amer/Axios
U.S. companies are up against a ticking time bomb: Thanks to AI, hackers are on the verge of launching fully automated cyberattacks that can move faster, smarter and more personally than ever.
Why it matters: Those attacks could halt production at factories, knock hospitals offline or control power grids — all before anyone even realizes something's wrong.
The big picture: Advancements in generative AI are giving hackers the ability to boost their own skill sets and automate parts of the attack chain.
- OpenAI and Anthropic have both already found evidence of nation-state adversaries and cybercriminals using their models to write code and research their attacks.
- Sandra Joyce, who leads Google's Threat Intelligence Group, tells Axios her team has seen evidence of malicious hackers attempting to use legitimate, AI-powered hacking tools in their schemes.
Between the lines: Nation-state hackers are going to build tools to automate everything — from spotting vulnerabilities to launching customized attacks on company networks, says Phil Venables, partner at Ballistic Ventures and former security chief at Google Cloud.
- "It's definitely going to come," Venables tells Axios. "The only question is: Is it three months? Is it six months? Is it 12 months?"
Threat level: A recent Microsoft report found that AI-automated phishing emails achieved a 54% click-through rate, compared with 12% for phishing lures that didn't use AI.
Hackers are increasingly targeting critical infrastructure and financial services companies, according to a survey of cyber professionals conducted by Deep Instinct, an AI-powered cybersecurity firm.
- 50% of respondents at critical infrastructure organizations said they had already faced an AI-powered attack in the last year.
Zoom in: Chinese, Russian, Iranian and North Korean cyber warriors are already embracing their new AI future as they experiment with ways to enhance their spying and hacking operations, several security executives tell Axios.
- Chinese hackers are using AI "as a side saddle" or "a buddy" to enhance their influence operations and other schemes, Joyce says.
- Meanwhile, Russian government hackers have been experimenting with AI-powered malware in their attacks on Ukrainian entities as part of the ongoing war, Joyce added.
The intrigue: Apps like OpenAI's Sora also make it possible to create videos that aid scammers — such as a celebrity seeming to promote a fake investment opportunity or even a child appearing to be in danger.
The case for optimism
To avoid the catastrophic future so many fear, cybersecurity leaders are making the only bet they can: Their robots can beat the others.
- Defenders envision a world where they can use AI to instantly comb through hundreds of threat notifications, then proactively respond to the legitimate threats in that pile of alerts.
- AI models are also proving adept at writing secure code that's free from security flaws and vulnerabilities.
By the numbers: More than 80% of major companies are already using AI to bulk up their own cyber defenses, according to the Deep Instinct survey.
State of play: Defenders are already seeing results, Wendi Whitmore, chief security intelligence officer at Palo Alto Networks, tells Axios.
- In one case, they were able to use automation to help a major transportation manufacturing company bring its attack response time down from three weeks to 19 minutes.
- "We've just got so many more layers of defense," Whitmore says. "I can talk myself into being completely optimistic about AI."
What to watch: Autonomous AI-driven cybersecurity could soon help identify vulnerabilities that no human could ever find on their own, according to Jen Easterly, former head of the federal government's Cybersecurity and Infrastructure Security Agency.
- It could also spot cyber intrusions before they happen, deploy countermeasures in milliseconds — and then learn from those actions to improve for next time.
- "If we get that right, frankly we can ensure that the balance tips to the defenders," Easterly says.
axios.com
. |
