Friend or Foe? AI’s Complicated Role in Cybersecurity
The mad dash to the cloud a few years back left many organizations scrambling to understand the true implications of this technological shift. Fueled by promises of scalability and cost savings, many companies jumped on board without fully comprehending key details. For example, many were asking how secure their data was in the cloud, who…
AI agents can find and exploit known vulnerabilities, study shows
Researchers at the University of Illinois gave a team of autonomous AI agents a CVE description of a vulnerability and the agents were able to autonomously find and exploit the vulnerability in a test environment in April. Two months later, the same researchers showed that those teams can now find and exploit previously unknown vulnerabilities….
Criminals, too, see productivity gains from AI
Cyber criminals are beginning to use artificial intelligence to make their operations more effective — and their use goes way beyond creating better bait for phishing. Just as in legitimate business, discussions about AI among criminals have accelerated this year compared to 2023, researchers from cybersecurity group Intel 471 reported in a new study published…
Microsoft Now Promises Extra Security for AI-Driven Recall
How in the world has Microsoft’s leadership managed to get the debut of its forthcoming Recall feature for Windows so wrong on the security and privacy fronts? Recall for Copilot+ is designed to capture screenshots of everything a user does on their Windows PC for potential replay later. To give Microsoft the benefit of the…
OpenAI Disrupts AI-Deployed Influence Operations
OpenAI said it disrupted five covert influence operations including from China and Russia that attempted to use its artificial intelligence services to manipulate public opinion amid elections. The threat actors used AI models to generate short comments and longer articles in multiple languages, made up names and bios for social media accounts, conducted open-source research,…
US AI experts targeted in cyberespionage campaign using SugarGh0st RAT
Security researchers have warned about a new cyberespionage campaign that targets artificial intelligence experts working in private industry, government and academia. The attackers, likely of Chinese origin, are using a remote access trojan (RAT) called SugarGh0st. “The timing of the recent campaign coincides with an 8 May 2024 report from Reuters, revealing that the US…
UK Government Publishes AI Cybersecurity Guidance
The U.K. government released voluntary guidance intended to help artificial intelligence developers and vendors protect models from hacking and potential sabotage. Released on Wednesday, the British government’s AI code of practice lists recommendations such as monitoring AI system behavior and performing model testing. “Organizations in the U.K. face a complex cybersecurity landscape, and we want…
Top 5 Most Dangerous Cyber Threats in 2024
Only five months into 2024, and the year has been a busy one for cybersecurity practitioners, with multi-year supply chain attacks, nation-state actors exploiting multiple vulnerabilities in network gateways and edge devices, and multiple ransomware incidents against large healthcare entities. What’s ahead for the rest of year? At last week’s RSA Conference, Ed Skoudis, the…
Criminal Use of AI Growing, But Lags Behind Defenders
In summary, Trend Micro has found only one criminal LLM: WormGPT. Instead, there is a growing incidence, and therefore potential use, of jailbreaking services: EscapeGPT, BlackHatGPT, and LoopGPT. (The RSA presentation is supported by a separate Trend Micro blog.) There is also an increasing number of ‘services’ whose purpose is unclear. These provide no demo…
Microsoft, OpenAI: Nation-States Are Weaponizing AI in Cyberattacks
Advanced persistent threats (APTs) aligned with China, Iran, North Korea, and Russia are all using large language models (LLMs) to enhance their operations. New blog posts from OpenAI and Microsoft reveal that five major threat actors have been using OpenAI software for research, fraud, and other malicious purposes. After identifying them, OpenAI shuttered all their…
