- You are here:
- Home »
- Uncategorized »
- Cybersecurity: Malware’s AI time bomb
Cybersecurity: Malware’s AI time bomb
The looming threat of autonomous cyberattacks has been a top talking point at all cybersecurity conferences in the last few years
14 March 2025 (New York, NY) — Hackers already have the AI tools needed to create the adaptable, destructive malware that security experts fear.
But as long as their basic tactics – phishing, scams and ransomware – continue to work, they have little reason to use them.
However: adversaries can flip that switch anytime, and companies need to prepare now. The looming threat of autonomous cyberattacks has been a top talking point at every cybersecurity event/conference we have attended over the past 2 years.
At this week’s massive AI conference called HumanX in Las Vegas (only 3,500 attendees, but 64% were CxOs across all industries) which ran for 5-days and was jam-packed with sessions and content, and incredible networking opportunities, James White (chief technology officer at AI security startup CalypsoAI) summed it up nicely:
You know that phrase, “Keep your powder dry”? That’s what attackers are doing right now. The bad actors are getting ready for battle. Cyber leaders have long feared generative AI would enable autonomous cyberattacks, making current security tools totally ineffective. The battles are coming.
We have written about these issues before. These attacks could involve AI agents carrying out hackers’ bidding, or malware that adapts in real time as it spreads.
A few years into the generative AI revolution, and experts are split on how imminent these threats are. Some say we’re less than two years away from seeing agentic malware in nation-state cyber warfare. Others argue hackers have little incentive to change tactics as they continue to profit from simple scams, phishing and ransomware.
But here is the issue: even though AI-powered malware has yet to flood the zone, companies can’t rest easy. Evan Reiser (CEO of email security company Abnormal Security) said:
The rate of acceleration is insane. You don’t have to be a total science fiction nerd, like me, to imagine where this can go in one year, two years. AI will speed up attacks, leaving defenders with little time to react.
Meanwhile, surveys show, most organizations are still behind on basic security measures, with 100s of companies (maybe 1000s of companies?) typically focused on trying to set-up something as basic as two-factor authentication.
But let’s be frank. Start-ups selling AI security tools have an interest in hyping potential threats. While legacy firms say the threat is still from “the old, regular stuff”. Charles Carmakal (CTO at Mandiant):
- Mandiant has yet to respond to an attack involving truly autonomous AI or adaptable malware, and actually is not worried about any of that right now.
- Mandiant has mostly seen adversaries using AI for basic tasks like crafting phishing emails or researching targets. As we noted in a long brief last year, ChatGPT and its kin are very, very good at writing believable phishing emails, despite efforts to limit its ability to do harm. LLM guardrails? Missing-in-action, easily overridden.
But … companies hiring cybersecurity vendors are beginning to understand that the best way to fight AI attacks is with AI security tools. Itai Tevet (CEO of Intezer, a startup that offers an autonomous security operation center) said:
It’s dramatically different between 2023 and today. In the past, we needed to evangelize on why technology can do the same job. Today, all CISOs are getting asked by their board, “How do you leverage AI?” If you hit the cybersecurity events/conferences/trade shows, seek out the AI vendors, hear/see what they have, and do your own homework/calculations.
The big “new new” AI thing? AI agents. AI agents can help threat intelligence teams review the pile of notifications they receive about new vulnerabilities, phishing emails and other malicious activity. It’s tricky. You do not let these agents make decisions or act on their own – but they can review the threat intelligence coming in to determine what needs to be prioritized. And they have significantly improved the work of security engineers, making them more efficient at what they have to do.
