Weaponized AI is making hackers faster, more aggressive, and more successful

3 hours ago 1

Caution sign data unlocking hackers. Malicious software, virus and cybercrime, System warning hacked alert, cyberattack on online network, data breach, risk of website

(Image credit: sarayut Thaneerat/ via Getty Images)

Attackers can build bigger campaigns faster with generative AI
They're also attacking enterprise agentic AI tools
Humans are still a major weak point

New research from CrowdStrike confirms that hackers are exploiting AI to help them deliver more aggressive attacks in less time, with the tech also democratizing lesser-skilled hackers to more advanced code.

However, besides this, they're also exploiting the same AI systems that are being used by enterprises – according to CrowdStrike, hackers are targeting the tools used to build AI agents, allowing them to gain access, steal credentials, and deploy malware.

CrowdStrike is most worried about agentic AI systems, suggesting that they've now become a "core part of the enterprise attack surface."

Attackers are honing in on enterprise AI

The security company says it observed "multiple" hackers exploiting vulnerabilities in the tools used to build AI agents, which marks a major shift from patterns of old. Until now, humans have almost always been the primary entry point into a company, but now, CrowdStrike is worried that "autonomous workflows and non-human identities [are] the next frontier of adversary exploitation."

"We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions," Head of Counter Adversary Operations Adam Meyers explained.

Funklocker and SparkCat are two examples of GenAI-built malware in the real world, while DPRK-nexus Famous Chollima has also been observed using generative AI to automate its insider attack program across all phases. Scattered Spider, a group believed to consist of UK and US nationals, even managed to deploy ransomware within 24 hours of accessing systems.

"Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts," Meyers added.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Still, even though technologies like AI are playing an increasing role in speeding up attacks, CrowdStrike found that four in five (81%) interactive intrusions were malware-free – relying on human hands on keyboards to stay undetected.

We've listed the best endpoint protection software
Consider using the best firewalls for added security
The AI-powered future of ransomware is coming soon - here's what we need to look out for

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

Read Entire Article