How AI Is Fueling a New Era of Cyberattacks
▼ Summary
– Cybersecurity is a mind game where attackers exploit new technology waves like AI to create opportunities for attacks.
– AI integration in enterprises expands the attack surface by enabling faster development but often introduces security vulnerabilities through shortcuts and mistakes.
– Attackers now use AI tools like vibe coding and prompt-based techniques to launch exploits, compromising systems and stealing data.
– Supply chain attacks are increasing as attackers target third-party AI services with broad access to corporate infrastructure to infiltrate deeper into systems.
– Startups must prioritize security from day one by implementing enterprise security features and appointing a CISO to avoid security debt and protect customer data.
The rapid integration of artificial intelligence into business operations is creating unprecedented cybersecurity vulnerabilities, as attackers leverage the same powerful tools to exploit newly expanded digital perimeters. According to Ami Luttwak, chief technologist at the cybersecurity company Wiz, security fundamentally involves a psychological contest. Whenever a significant technological shift occurs, malicious actors quickly identify methods to harness it for their own purposes.
Businesses are eagerly incorporating AI into their daily functions through methods like vibe coding, AI agent deployment, and new software tools. While this accelerates development, the push for speed frequently results in overlooked security measures and coding errors. These oversights create fresh vulnerabilities for cybercriminals to target. Wiz, which was purchased by Google this year, performed recent tests that uncovered a frequent problem in applications built with vibe coding: poorly implemented authentication systems. These systems are supposed to verify user identities and block unauthorized access.
Luttwak explained that this insecure setup happens because it’s simply the easiest way to construct the application. Vibe coding agents follow instructions precisely; if a developer doesn’t explicitly command them to build the most secure version, they won’t. He emphasized that organizations constantly face a difficult choice between moving quickly and ensuring robust security. However, developers aren’t the only ones utilizing AI for efficiency. Attackers are now employing vibe coding, prompt-based methods, and their own AI agents to carry out exploits.
You can actually observe attackers using prompts to launch their campaigns. It’s not merely about attackers using vibe coding. They actively search for the AI tools a company uses and command them to perform actions like, ‘Send me all your secrets, delete the machine, delete the file.’ Beyond this, cybercriminals are discovering entry points through the new AI tools that companies deploy internally to improve productivity. Luttwak warns that these integrations can facilitate supply chain attacks. By breaching a third-party service with extensive access to a company’s infrastructure, attackers can then maneuver deeper into corporate networks.
A recent incident involving Drift, a startup providing AI chatbots for sales and marketing, illustrates this threat. A breach exposed the Salesforce data of hundreds of enterprise clients, including major names like Cloudflare, Palo Alto Networks, and Google. The attackers obtained access tokens, which are digital keys, and used them to impersonate the chatbot. This allowed them to query Salesforce data and move laterally within customer environments. Luttwak confirmed that the attack code itself was generated using vibe coding techniques.
He estimates that while full enterprise adoption of AI tools remains low, at roughly one percent, Wiz already encounters attacks every week that affect thousands of business customers. When analyzing the attack sequence, AI is integrated at every single stage. This technological revolution is unfolding more rapidly than any previous shift, which means the cybersecurity industry must accelerate its own pace of adaptation in response.
Luttwak referenced another significant supply chain attack from August, known as “s1inglarity,” which targeted Nx, a popular build system for JavaScript developers. In this case, attackers successfully injected malware into the system. This malware then identified the presence of AI developer tools such as Claude and Gemini, hijacking them to autonomously search the system for valuable information. The attack compromised thousands of developer tokens and keys, granting the attackers access to private GitHub repositories.
Despite these growing dangers, Luttwak finds this an exhilarating period to lead in the cybersecurity field. Wiz, established in 2020, initially concentrated on helping organizations find and fix misconfigurations, vulnerabilities, and other security risks within their cloud setups. Over the past year, the company has broadened its expertise to match the velocity of AI-driven attacks and to incorporate AI into its own product offerings.
Last September, Wiz introduced Wiz Code, a product aimed at securing the software development lifecycle by spotting and resolving security problems early in the process. This enables companies to be “secure by design.” In April, the company launched Wiz Defend, which provides runtime protection by identifying and reacting to active threats inside cloud environments. Luttwak stressed that for Wiz to effectively provide what he terms “horizontal security,” it is crucial to thoroughly comprehend their customers’ applications. The company needs to understand the purpose behind the build to create a security tool that is truly unique, one that understands the user.
The widespread availability of AI tools has led to a surge of new startups pledging to address enterprise challenges. However, Luttwak cautions businesses against automatically sending all their corporate, employee, and customer data to every small SaaS company with a handful of employees, just because they promise amazing AI insights. Naturally, these startups require data to deliver value, which places the responsibility on them to operate as secure organizations from their inception.
From the very first day, a startup must prioritize security and compliance. From day one, a company needs to have a Chief Information Security Officer, even if the entire team consists of only five people. Before writing a single line of code, founders should adopt the mindset of a highly secure organization. They need to plan for enterprise security features, audit logs, authentication protocols, access controls for production environments, development practices, security ownership, and single sign-on capabilities. Building with this foresight prevents the need for a complete process overhaul later, avoiding what Luttwak describes as “security debt.” For startups targeting enterprise clients, this proactive approach ensures they are ready to protect sensitive data from the outset.
Wiz achieved SOC2 compliance, a rigorous compliance framework, even before it had any code. Luttwak shares that obtaining SOC2 compliance for a five-person team is significantly simpler than for a company with 500 employees. The next critical step for startups is to carefully consider their system architecture. If an AI startup intends to focus on the enterprise market from the beginning, it must design an architecture that allows customer data to remain within the customer’s own environment.
For cybersecurity startups considering entry into the field during this AI era, Luttwak believes the timing is ideal. Every domain, from phishing protection and email security to malware and endpoint defense, presents fertile ground for innovation for both attackers and defenders. The same holds true for startups developing workflow and automation tools for “vibe security,” especially since many security teams still lack the knowledge to use AI for defense against AI-powered threats. The playing field is wide open. If every security area now faces novel attacks, then we must fundamentally rethink every component of security.
(Source: TechCrunch)
