Cybersecurity's dual AI reality: Hacks and defenses both turbocharged
Overestimate that risk, and you could quickly blow millions of dollars only to realize you were preparing for the wrong thing.
The big picture: That dichotomy has divided the cybersecurity industry into two competing narratives about how AI is transforming the threat landscape.
One says defenders still have the upper hand.
Cybercriminals lack the money and computing resources to build out AI-powered tools, and large language models (LLMs) have clear limitations in their ability to carry out offensive strikes.
This leaves defenders with time to tap AI's potential for themselves.
Then there's the darker view.
Cybercriminals are already leaning on open-source LLMs to build tools that can scan internet-connected devices to see if they have vulnerabilities, discover zero-day bugs, and write malware.
They're only going to get better, and quickly.
Between the lines: While not everyone fits comfortably into one of those two camps, closed-door sessions at Black Hat and DEF CON last week made clear that the primary divide is over how much security execs or researchers expect generative AI tools to advance over the next year.
Right now, models aren't the best at making human-like judgments, such as recognizing when legitimate tools are being abused for malicious purposes.
And running a series of AI agents will require cybercriminals and nation-states to have enough resources to pay the cloud bills they rack up, Michael Sikorski, CTO of Palo Alto Networks' Unit 42 threat research team, told Axios.
But LLMs are improving rapidly. Sikorski predicts that malicious hackers will use a victim organization's own AI agents to launch an attack after breaking into their infrastructure.
The flip side: Executives told me the cybersecurity industry isn't as resilient to AI-driven workforce disruptions as they once believed.
That means fewer humans and more AI playing defense against the expected wave of AI-powered attacks.
During a presentation at DEF CON, a member of Anthropic's red team said its AI model, Claude, will "soon" be able to perform at the level of a senior security researcher.
Driving the news: Several cybersecurity companies debuted advancements in AI agents at the Black Hat conference last week — signaling that cyber defenders could soon have the tools to catch up to adversarial hackers.
Microsoft shared details about a prototype for a new agent that can automatically detect malware — although it's able to detect only 24% of malicious files as of now.
Trend Micro released new AI-driven "digital twin" capabilities that let companies simulate real-world cyber threats in a safe environment walled off from their actual systems.
Several companies and research teams also publicly released open-source tools that can automatically identify and patch vulnerabilities as part of the government-backed AI Cyber Challenge.
Yes, but: Threat actors are now using those AI-enabled tools to speed up reconnaissance and dream up brand-new attack vectors for targeting each company, John Watters, CEO of iCounter and a former Mandiant executive, told Axios.
That's different from the traditional methods, where hackers would exploit the same known vulnerability to target dozens of organizations.
"The net effect is everybody becomes patient zero," Watters said. "The world's not prepared to deal with that."
The intrigue: Open-source AI models have blown the door wide open for cybercriminals to build custom tools for vulnerability scanning and targeted reconnaissance.
Many of these models have improved rapidly in the last year, and many attackers can now run these models solely on their own machines, without connecting to the internet, Shane Caldwell, principal research engineer at Dreadnode, which uses AI tools to test clients' systems, told Axios.
The rise of reinforcement learning — a method where AI models learn and adapt through trial-and-error interactions with their environment — means attackers no longer need to rely on more resource-intensive, supervised training approaches to develop powerful tools.
What's next: By next year, the threat landscape could be completely turned on its head, Watters warned.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Axios
2 hours ago
- Axios
Arthur Brooks' "The Happiness Files": How to be your own CEO
If you want to be happier, try acting like the CEO of your own life. That's what behavioral scientist Arthur Brooks, who teaches at Harvard and contributes to The Atlantic, says in his new book " The Happiness Files," a collection of essays. The big picture: "Your life is the most important management task you will ever undertake. It is, in fact, like a startup, where you are the founder, entrepreneur, and chief executive. And if you treat your life the way a great entrepreneur treats an exciting startup enterprise, your life will be happier, more meaningful, and more successful than it otherwise would be," Brooks writes in "The Happiness Files." Zoom in: Brooks says one of the biggest differences between people who treat their lives like startups and those who don't is how they view risk. Starting a company is full of risks, but entrepreneurs accept them as the price of chasing their dreams. Increasingly, though, people are reluctant to apply that same mindset to their lives, Brooks says — whether it's moving across the country for a job or agreeing to a blind date. "People talk about avoiding risk and pain as opposed to managing it," he tells Axios. "That's one of the great lies proliferating among those under 35: that if you're anxious and sad, something is broken, and you need to fix it." It's about courage, not recklessness, Brooks says, and doing hard things with the hope they'll pay off, but knowing that if they don't, you'll still be OK. Case in point: "One of the most scary, entrepreneurial things humans do is falling in love," Brooks says. "That involves a ton of risk of heartbreak and rejection, but with great pain comes great reward." Between the lines: Getting comfortable with taking risks also means getting used to dealing with failure, Brooks notes in "The Happiness Files." His tips for managing setbacks include processing them by writing them down instead of ruminating, reminding yourself of all the failures famous and successful people have also had, and focusing on the risk you took that led to the failure and why it was a worthy one.
Axios
5 hours ago
- Axios
D.C. business leaders warn Trump's crackdown may hurt tourism
Restaurant and hospitality groups are pushing back on President Trump 's depiction of the District as a hotbed of "crime, bloodshed, bedlam and squalor," saying the city is safe — and open for business. Why it matters: Several D.C. industry leaders say Trump's rhetoric could deter visitors and hurt a tourism economy already affected by the administration's policies and mass federal firings. By the numbers: 48 groups have canceled or changed their D.C. plans since October due to political concerns, Destination D.C. tells Axios. Their estimated economic loss for the city: more than $61 million, based on projected hotel room nights. State of play: The tourism marketing organization is planning outreach to groups that have booked events or are considering them, according to the Washington Business Journal. That includes sharing stats that show D.C. violent crime has hit a 30-year low. The organization is also joining in on the viral " love letter" to D.C. trend, where locals share real-life portrayals of the city. Reality check: Destination D.C. tells Axios that the estimated 2025 losses due to political reasons represent just 2% of the projected revenue generated for the city, "so there is still a lot of positive production happening for the city." Meanwhile, the Restaurant Association Metropolitan Washington (RAMW) has a message ahead of Summer Restaurant Week, which starts Monday: "D.C. is open for business." "Next week is crucial for some to make it through Labor Day," RAMW CEO Shawn Townsend says of the weeklong event, which aims to draw diners to offset a typical August slowdown. "Folks may be thinking, 'Why go Downtown when I can do Restaurant Week in Bethesda or Tysons?'" Zoom in: RAMW is telling its members to promote positivity on social media and talk directly to diners if they cancel reservations: "It's like any major city — be careful — but D.C. is not a war zone." It's not just fear of crime — the armed presence may hurt, too. "If I'm coming in from out of town, I wouldn't want to bring my family to a city that has National Guard on every corner," says Townsend.
Forbes
5 hours ago
- Forbes
Palo Alto Networks Completes Its Platform Play With CyberArk Deal
On the heels of a new partnership with identity and access management leader Okta, Palo Alto Networks surprised the tech industry with its recent announcement to acquire identity stalwart CyberArk for an eye-opening $25 billion. If approved by regulators, this deal represents a massive combination of two highly successful and mature cybersecurity infrastructure providers. This opens up a discussion about the value of identity management, what this tie-up could produce both short and long term and how customers might benefit. With that context set, let's dive in. (Note: Palo Alto Networks is an advisory client of my firm, Moor Insights & Strategy.) The Value Of Identity And Privileged Access Management Identity and access management provides a critical control point that weaves together policy, provisioning and lifecycle management, ensuring that users are authenticated to specific resources while blocking the occurrence of malicious lateral movement across networks. Privileged access management takes identity frameworks to higher levels of security, infusing least-privileged-access and zero-trust principles to safeguard access to high-value digital assets. Together, IAM and PAM serve to reduce attack surfaces, secure session activity, improve security posture, provide audit trails and ensure compliance. By all measures, identity is the new hack. It is estimated that an overwhelming majority of data breaches today are a result of stolen or compromised credentials. To address this challenge, a plethora of infrastructure providers including Cisco, CyberArk, IBM, Microsoft, Okta, SailPoint and others offer viable solutions. I have written about many of these companies in the past, highlighting their perceived strengths and weaknesses. I seldom call out an absolute winner, but Palo Alto Networks' decision to acquire CyberArk is interesting for two reasons. First, CyberArk has a strong reputation in PAM, as well as in securing identity across human users and machines. To this end, the company provides workforce password, secrets and endpoint privilege management. Second, CyberArk has experienced high annualized recurring revenue growth over the last two years, nearly doubling its top-line revenue to more than $1 billion at the end of last year. Given CyberArk's portfolio depth and hypergrowth, it is not surprising that it would be attractive to Palo Alto Networks. A New Category For Palo Alto Networks Palo Alto Networks has become one of the largest cybersecurity infrastructure providers in the world. Many pundits, including myself, attribute the company's achievements to a platform approach in delivering security services. I have written about this concept on many occasions, highlighting the power of a platform to consolidate disparate tools to address sprawl, improve security and networking operational efficiency and deliver optimized business outcomes. I also continue to spend considerable time with chief executive Nikesh Arora and his leadership team, and I appreciate their vision for the company to serve as a trusted advisor and provide the right balance of solutions that do not burden customers with a plethora of incremental licensing. The timing of the company's acquisition of CyberArk is not surprising to me. It represents a net-new category entry with significant revenue and profitability upside. Last year, the combined total addressable markets for IAM and PAM were estimated to be just shy of $25 billion. Palo Alto Networks should be able to capitalize and take market share based on a demonstrated history of category leadership realized through its organic solution development efforts and its history of successfully integrating acquisitions. What I also like about the CyberArk acquisition is its potential to serve as a foundation for Palo Alto Networks' Cortex AgentiX agentic AI framework — previewed at RSA Conference earlier this year — to manage agent and machine-to-machine interactions. The framework promises to provide enterprise-grade security, enable intuitive human-AI interaction and massively scale automation using AI. The company's Prisma Access Browser also provides another layer of protection for the safe use of generative AI applications, ensuring that data is protected and that only sanctioned applications are used. In my RSA Conference event wrap-up piece this year, I highlighted my biggest takeaway that the provisioning and identity management of super agents and task agents represents one of the most important aspects of agentic AI's adoption and longer-term success. This is an area where CyberArk's expertise should be a big winner. By my estimation, Palo Alto Networks is well positioned to capitalize on that. Grading The CyberArk Acquisition The $25 billion acquisition of CyberArk represents a significant step forward to allow Palo Alto Networks to complete its cybersecurity platform play. CEO Arora points to three benefits of the transaction — accelerating the company's platform strategy, disrupting the legacy IAM market and securing agentic AI. From my perspective, these are all reasonable assumptions and point to an opportunity for Palo Alto Networks to further its success and capitalize on the modern AI gold rush.
