- Attackers can build campaigns more quickly with generative AI
- They also attack corporate agency AI tools
- Humans are always a major weakness
New research by Crowdsstrike confirm that hackers exploit AI to help them offer more aggressive attacks in less time, technology also democratizing less qualified pirates to a more advanced code.
However, in addition to this, they also use the same AI systems that are used by companies – according to Crowstrike, pirates target the tools used to create AI agents, allowing them to access, flying identification information and deploying sick software.
Crowdsstrike is the most worried about agental AI systems, suggesting that they have now become a “central part of the company’s attack surface”.
The attackers allow themselves a company AI
The security company claims to have observed “multiple hackers” exploiting vulnerabilities in the tools used to build AI agents, which marks a major change in models of the past. So far, humans have almost always been the main point of entering a company, but now Crowstrike fears that “autonomous workflows and non -human identities [are] The next opponent operating border. “”
“We see threatening actors using Genai to develop social engineering, accelerate operations and reduce the barrier to the entrance for intrusions of practical panels,” said the chief of counter-adversary operations, Adam Meyers.
FunkLocker and Sparkcat are two examples of malware built in Genai in the real world, while the famous Chollima DPRC -XUS has also been observed using a generative AI to automate its initiate attack program to all phases. Spursed Spider, a group that would be made up of British and American nationals, even managed to deploy ransomware within 24 hours of access to systems.
“The adversaries treat these agents as infrastructure, the attackers in the same way that they target SaaS platforms, cloud consoles and privileged accounts,” added Meyers.
However, even if technologies like AI play an increasing role in the speed of attacks, Crowdstrike noted that four in five interactive intrusions (81%) were without malware – relying on human hands on keyboards to remain unteashed.
