This is, in my opinion, only the beginning of what we will see in the future of "AI Powered" everything. As new innovations land in the hands of cyber professionals and criminals, both sides will find ways to enhance their playbook to maximize their potential and effectiveness. Part of the process for making improvements is testing - this attack, I think, is just that. GTIG noted back in January they we're starting to see integrations of AI into threat actor's toolkits with a recent update in November siting malware strains such as FRUITSHELL, PROMPTFLUX, PROMPTLOCK, PROMPTSTEAL, and QUIETVAULT experimenting with LLMs to achieve dynamic obfuscation. My question is, and has been for some time, who is moving faster - us or them? Threat actors don't have to deal with compliance, ticket queues, reports, metrics, buzzwords, or even laws. Defenders are almost completely reactive in their craft and have to deal with all of the things threat actors don't have to... which costs us time. Time is always against Defenders, so we have to use that time wisely and leverage the new AI tools available to us to 5x our time spent. The WORST thing organizations could do is cut costs thinking AI will replace people to do the same task to maintain effectiveness and productivity. We need our leaders to see how AI can be a force multiplier with the same amount of people to keep pace with or even get ahead of threat actors who are naturally moving faster than cyber security teams. I've said this before, and I'll keep saying it, the BEST thing organizations can do for themselves is keep skilled "AI Powered" Threat Hunters on staff, give them solid telemetry to work with (like Sysmon), develop a maddening cyber deception strategy for attackers to break themselves on, and let the Hunters hunt! Don't waste their time with all the operational overhead that hamstrings them against the enemy.
Chinese Use Anthropic to Attack
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.