Transcript
or maybe a year or so where we've seen an incredible evolution of what threat actors are actually doing with AI. I mean, I remember threat actors first starting to use AI for social engineering, creating better emails, creating them in local language, and then maybe moving to audio, video-based content to ultimately be more convincing on the social engineering side. That was where things started, but it's not where things stayed, obviously. Very quickly, threat actors realized the power of AI goes well beyond that. And obviously, we'll talk more about how powerful AI can be in discovering vulnerabilities and exploits, but even before I get to that, attackers are using AI in many, many different capabilities. At the highest level, I would say it helps them for speed, scale, and sophistication. Those are the three main drivers and values that attackers are getting out of AI. They're, for example, capable of building better attacker tools with higher speed and less knowledge that they require. We've seen them build polymorphic malware, meaning malware that can dynamically change its capabilities. Now, think about what that does to anything signature-based in terms of detection. It just completely renders any signature-based detection completely obsolete. This is malware without any human intervention can add and remove functionality through the use of AI. Extremely impressive. We saw that for the first time with our threat intelligence team, GTIC found that in the underground, and now we've also seen it actually already being used by threat actors in live attacks, right? Extremely difficult to identify that. And then, of course, threat actors are also automating different phases of the attack life cycle. One phase that, for example, oftentimes gave the defenders an advantage was the time that it took threat actors to identify the crown jewels that they were looking for. In the case of industrial espionage, finding whatever information that you're supposed to find is not a trivial task for threat actors. They're usually not subject matter experts in that specific field. They land somewhere in an enterprise. They don't know where they are. They need to find where the crown jewels are. They need to move laterally. They need to take documents and information out of the environment. Sometimes it's the right, sometimes it's the wrong information. And you see, it takes time and it creates. AI can do all that for you. AI can run a perfect discovery across a very large environment, look at thousands and thousands of documents to identify the right ones with much higher sophistication and much higher accuracy than a human without any special training could do. That is, for example, a critical phase that threat actors are automating in the attack lifecycle. Meaning again, the gaining speed, the gaining scale because fewer people are required to launch an attack. And so this usage and the sophistication is increasing and evolving really, really rapidly here. And we're seeing threat actors using the capabilities of AI more and more as this ultimately allows them to reduce the barrier for entry. It allows them to scale their attacks far faster. It allows them to run more attacks in parallel. And of course, as I was saying, it allows them to identify also vulnerabilities in new entry points. We already see exploitation of vulnerabilities like the enterprise application vulnerabilities we were talking about as the number one threat factor. Now, when you see how powerful AI is at discovering vulnerabilities in systems and applications, but also now at building exploits, this is gonna be another force multiplier for the threat actors in terms of being capable of finding new vulnerabilities and also then finding and building exploits for those threat actors. It really reduces the barrier of entry for the threat actors. And I think that is something that we as defenders need to realize. We need to use AI for the exact same reasons, speed, scale, and sophistication. And the positive is we're seeing enterprises adopting AI exactly for that.