Cybercriminals have even developed autonomous attack frameworks that operate without human direction, and are using sentiment analysis to craft highly targeted spear-phishing campaigns. What’s more, AI is enabling more persistent, adaptive and scalable attacks, forcing security teams to defend against a wider range of threats at speed. “Cybercriminals are weaponising generative AI for more convincing social engineering and using AI to identify attack paths through complex systems,” says Dmitry Smilyanets, a senior director, product management and engineering at cybersecurity company Recorded Future.
The attack timeline has become significantly shorter, with techniques that previously took months to develop now emerging in weeks or days,” says Smilyanets. “The velocity of modern attacks also frequently outpaces humans’ response capabilities, with automated attack tools able to compromise systems and spread laterally within minutes of gaining initial access. Organisations using extensive software-as-a-service applications and digital identities are particularly vulnerable, as the expanded attack surface of these platforms provide threat actors with more opportunities to exploit identity weaknesses than ever before.