It’s no secret that AI models have come a long way, from tools that help high school students complete homework to “vibe coding” assistants that can create entire apps in a fraction of the time it takes human developers.
But in addition to cheating in school and intimidating employees who fear being fired, AI can also be used for evil. “Vibe hacking”, the evil twin of “vibe coding”, has increasingly turned into a cyber security nightmare with AI systems Staying on top of many hacking related bug bounty leaderboards.
For example, just last week, a hacker used a jailbroken version of Anthropic’s cloud chatbot to locate vulnerabilities in Mexican government networks and successfully automate the theft of highly sensitive taxpayer and voter records, such as bloomberg reports. With the help of AI, hackers stole 150 gigabytes of government data belonging to 195 million taxpayers.
In a report about the latest hack in Mexico, cybersecurity startup Gambit Security said the culprit was likely not linked to any specific group or foreign anti-government organization. Researchers also told bloomberg They found that at least 20 specific vulnerabilities were being exploited. In other words, AI means the barrier to entry for real-deal hacking has never been lower.
Last month, Amazon’s security research team revealed That hackers – or perhaps just one – had breached more than 600 firewall systems in dozens of countries, armed with commercially available AI tools, overcoming weak security measures, and extracting credential databases, and possibly setting the stage for future ransomware deployments.
“It’s like an AI-powered assembly line for cybercrime, turning low-skilled workers into mass production,” said CJ Moses, head of Amazon security engineering and operations. statement.
These exploits are part of a much broader trend as AI supercharges cybersecurity attacks, from deepfake footage to luring victims into phishing traps. AI-enabled password cracking.
A new report IBM found that “exploits of public-facing software or system applications” increased by 44 percent year-over-year and “active ransomware groups” increased by nearly 50 percent.
“Attackers aren’t inventing playbooks, they’re sharpening them with AI,” said Mark Hughes, IBM’s global managing partner for cybersecurity services. statement. “The main issue is the same: businesses are overwhelmed with software vulnerabilities. The difference now is speed.”
Google security researchers also mentioned in a report It said earlier this year that the “old age battle” between threat actors who have access to “powerful AI models and the same class of automated processes as their targets” is about to change in “significant and unexpected ways.”
“If (AI) is weaponized into ransomware toolkits and sold underground, the rate of incidents could increase,” Heather Adkins, Google’s vice president of security engineering, said in a statement. “But if it’s really closely organized by a threat actor with specific targeting, we might not even be able to tell that there’s a fully automated platform on the other end. We can only know if it’s physically in someone’s hands.”
More on AI Cyber Crime: The hackers told Cloud that they were simply conducting a test to trick him into committing a real cyber crime.
