AI as a catalyst for the capabilities of malicious actors

More vulnerabilities detected, hyper-realistic social engineering campaigns, malware development… It is important to bear in mind the role of AI as a catalyst for the capabilities of malicious actors

Science fiction literature and cinema have spent a century constructing dystopias in which we live under the yoke of Artificial Intelligence. Although this technology is now a reality and its rapid evolution is already changing the way we work, produce, interact and live, these apocalyptic narratives remain pure science fiction. However, it is impossible to ignore that AI is accelerating malicious actors’ capabilities.

In fact, the use of AI across the entire Cyber Kill Chain has already been documented, including its use to develop malware and design social engineering campaigns so sophisticated that victims cannot suspect they are under attack.

Below, we explain how AI can enhance the capabilities of malicious actors and how businesses can protect themselves against this extremely dangerous scenario.

AI speeds up attacks: From identifying vulnerabilities to exploiting them

Cybersecurity experts have already noted that malicious actors’ offensive capabilities are being bolstered by the use of AI solutions to detect vulnerabilities in companies’ IT infrastructure.

Thanks to AI, it is possible to identify exploitable vulnerabilities in far less time than before. In fact, thanks to this technology, it is now possible to detect vulnerabilities within a few hours, whereas previously it took months. This poses a major challenge for the detection and remediation work that companies developing software or hardware must carry out.

Furthermore, AI strengthens the offensive capabilities of malicious actors in another critical area: exploiting vulnerabilities.

Malicious actors can use AI tools to develop exploits in an extremely short timeframe, allowing them to exploit zero-day vulnerabilities before companies can develop and release security patches to address them.

It should therefore come as no surprise that the average time between a vulnerability being disclosed and actively exploited has fallen from over two years in 2018 to less than five months in 2023 and just one and a half days in 2026.

In other words, the malicious use of disruptive technology amplifies the capabilities of malicious actors, enabling them to streamline attack planning and execution.

Hyperrealism blurs the boundaries between the real and the fraudulent

Over the last few decades, beyond exploiting vulnerabilities in technological infrastructure, malicious actors have carried out attacks against companies by focusing on the weakest link in their security architecture: people.

Social engineering techniques have evolved, becoming increasingly sophisticated as users grow ever more wary and alert to the dangers of phishing and other attacks.

The emergence of generative AI has revolutionised this field by enabling the creation of increasingly realistic image, audio and video deepfakes, or the design of synthetic identities to commit fraud.

To this, we must add that AI tools enable in-depth research into individuals and companies without requiring a huge amount of time and effort. This means that a wealth of information can be obtained on the targets of specific attacks.

All of this leads us to conclude that the offensive capabilities of malicious actors in social engineering have been significantly strengthened.

Furthermore, the refinement of this technology and the extremely high level of cyber exposure among citizens, professionals and businesspeople mean that these offensive capabilities are set to become even more potent in the immediate future.

The offensive capabilities of malicious actors with fewer skills and resources are greater than ever

A key consideration when examining how AI can act as a catalyst for malicious actors’ capabilities is that its use opens the door for actors with limited knowledge or experience to carry out fairly sophisticated attacks.

Thus, the strengthening of the offensive capabilities of junior malicious actors is one of the greatest threats of our time, as it increases the likelihood of their success when attacking businesses.

In other words, AI can assist the most sophisticated malicious actors and criminal groups with the greatest resources, particularly by reducing the time required to plan and execute attacks. Above all, however, the use of AI can increase the success rate of less sophisticated malicious actors.

In other words, the rise of AI has enabled even low-level malicious actors to carry out attacks against businesses that can succeed because they are complex enough to bypass organisations’ security mechanisms.

Bypassing security mechanisms: A top-tier threat to businesses

Indeed, another area where AI bolsters the offensive capabilities of malicious actors is in how they counter companies’ cybersecurity strategies.

Thus, one risk of malicious use of AI is that it can circumvent security mechanisms, enabling malicious actors to escalate privileges and remain undetected for extended periods within a company’s infrastructure.

In fact, in recent months, various AI-based malware have been detected that allow malicious actors to go unnoticed, successfully bypass companies’ detection and defence mechanisms, and adapt in real time during an attack.

How to tackle the use of AI as a catalyst for the capabilities of malicious actors

Following the overview we have provided, business leaders and senior executives will be asking themselves: how can my company prepare for the growing offensive capabilities of malicious actors? It is essential to have capabilities in:

• Threat intelligence. This enables organisations to understand how attackers’ capabilities are evolving, thereby contributing objectively to decision-making on cybersecurity matters.
• Vulnerability management. As we saw earlier, the drastic reduction in the time required to identify and exploit vulnerabilities poses a major challenge for the teams responsible for vulnerability management within organisations. The strengthening of malicious actors’ offensive capabilities demands efficient vulnerability management that enables the identification and prioritisation of remediation, and the mitigation of weaknesses before they are exploited to cause serious security incidents.
• Prevention of social engineering. The fact that social engineering campaigns are becoming increasingly realistic means companies must train their managers and staff to handle highly complex, convincing fraud attempts. Social engineering tests enable organisations to assess their ability to counter AI-driven social engineering techniques and to raise awareness amongst all members of the workforce.
• Threat Hunting. Given the strengthening of malicious actors’ offensive capabilities, it is essential to adopt a proactive approach in combating them. Threat hunters work on the basis of compromise scenarios, enabling them to anticipate malicious actors and take action against them before a security breach is detected.
• MDR. Managed Detection and Response (MDR) services combine advanced technologies, including AI solutions, with the expertise of cybersecurity specialists to actively hunt for evasive threats and respond immediately to incidents. Thus, this type of service adopts an offensive mindset to understand the capabilities of malicious actors, taking into account the use of AI to enhance them. Furthermore, response capabilities are enhanced to successfully manage incidents.

In short, Artificial Intelligence is already being used to boost the capabilities of malicious actors. This enables them to reduce the time taken to plan and execute attacks, whilst also making it possible for less sophisticated actors to successfully carry out complex attacks.

This paradigm shift requires organisations to have advanced cybersecurity services that enable them to understand the offensive capabilities of malicious actors and anticipate their moves in order to prevent security incidents or minimise their impact.