Full Report
It’s dominating the economy and shaping the threats we face and how we defend against them
Analysis Summary
# Main Topic
The pervasive influence of Artificial Intelligence (AI) on the current threat landscape, accelerating both offensive cyber capabilities and defensive security measures, fundamentally shaping how threats are executed and mitigated across the economy.
## Key Points
- AI is accelerating cyber threats by automating attacker workflows, enabling agentic decision-making, and scaling highly personalized social engineering attacks.
- Investment in AI is currently a primary driver of economic growth, indicating its central role in the overall digital infrastructure.
- Attackers are leveraging AI to reduce manual setup steps for infrastructure, scale spear phishing through deepfakes, automate reconnaissance across vast networks, and develop polymorphic malware that evades detection by rewriting itself.
- Security teams are deploying AI to counter these threats using behavioral monitoring (e.g., Adaptive Protection) to detect Living Off the Land (LOTL) attacks, incident-prediction models, and agentic threat analysis.
- AI is crucial for defenders in managing the increasing volume and sophistication of threats, especially as security budgets grow slower than threat levels.
## Threat Actors
- Not specifically attributed to named APTs or groups, but AI tools are making sophisticated attacks accessible to a broader population of cybercriminals beyond traditional, highly capable entities.
- **Motivation:** Increased efficiency, sophisticated targeting, and broader accessibility of attack capabilities.
## TTPs
- **Automation of Infrastructure Setup:** Using early agentic AI to eliminate manual steps for building attack infrastructure.
- **Spear Phishing at Scale:** Utilizing AI to generate deepfake voice and text for uncanny personalization, improving success rates.
- **Automated Reconnaissance:** Employing AI to scan large networks rapidly for vulnerabilities.
- **Evasion:** Using AI-enabled polymorphic malware that continuously rewrites code to evade security defenses and remediation efforts.
- **Living Off the Land (LOTL) Attacks:** Attacks that use legitimate OS tools, making them stealthy; defenses rely on behavioral monitoring to spot unusual application of these tools.
## Affected Systems
- Wide-ranging impact across any system susceptible to AI-enhanced social engineering, network scanning, and polymorphic malware.
- Specific commercial defenses mentioned: Symantec Endpoint Security Complete (SES-C) regarding its Adaptive Protection feature.
## Mitigations
- **Behavioral Monitoring:** Deploying AI-enabled behavioral monitoring (like Adaptive Protection) to detect unusual usage of legitimate operating system tools indicative of LOTL attacks.
- **Agentic Threat Analysis:** Utilizing AI for faster, automated incident analysis and narrative generation.
- **Visualizing Incident Response:** Employing tools like Threat Tracer (Carbon Black Enterprise EDR) which use ML-curated alerts to create dynamic visual maps for accelerated remediation.
- **False Positive Reduction:** Applying AI models (e.g., Google Gemini) to vet security alerts and reduce the time analysts spend sifting through false positives.
- **Democratizing Investigation:** Implementing Natural Language Processing (NLP) interfaces to allow less experienced analysts to generate complex queries accurately.
## Conclusion
AI represents a dual-use technology accelerating the cyber arms race. Organizations must move beyond questioning *if* they should adopt AI defenses to defining *when* and *how* to integrate AI capabilities across monitoring, analysis, and response workflows to keep pace with AI-enhanced threats.