For years, password theft was the most common cause of data leaks from company servers. This trend has just become history. Verizon ‘s latest annual report shows that security vulnerabilities detected and exploited by artificial intelligence (AI) have become a major attack vector. As many as 31 per cent of all breaches in the past year started in this way, signalling a fundamental shift on the cyber warfare front.
The scale and speed of this transformation is alarming. From the analysis of more than 31,000 incidents, a picture is emerging of cybercriminals who have successfully harnessed generative artificial intelligence to work at almost every stage of an attack. The technology assists them in victim typing, gaining initial access and writing malware. Paradoxically, the greatest asset of AI in the hands of hackers today is not the creation of entirely new attack vectors, but the drastic optimisation of existing ones. The time it takes to exploit a known vulnerability has shrunk from months to just a few hours, drastically narrowing the window for defence teams to react.
Experts warn, however, that the Verizon report is merely a snapshot of the current, highly dynamic situation. The document does not take into account the impact of the latest powerful language models entering the market. One example is Mythos from Anthropic, unveiled in early April. This model, made available to selected partners (including Verizon) as part of the Project Glasswing defensive test programme, demonstrates unprecedented programming skills. On the one hand, this offers hope for building more airtight systems, but on the other, it raises legitimate concerns about what a powerful tool Mythos could become in the hands of attackers capable of rapidly inventing vulnerabilities in code on an unprecedented scale.
Traditional methods of network protection are not enough today, when algorithms are at work on the other side of the barricade automating attacks at a dizzying pace. Nasrin Rezai, head of information security at Verizon, makes it clear: the only effective answer is to combat AI with AI. Companies need to integrate advanced AI tools into their entire software lifecycle and testing processes.
