As machine-learning applications move into the mainstream, a new era of cyber threat is emerging—one that uses offensive AI to supercharge attack campaigns through automated reconnaissance, craft tailored impersonation and even self-propagation to avoid detection.
Let’s imagine a scenario of an attack that begins with an innocuous email. In this case, the target is a senior manager at one of the largest banks on Wall Street. Having closely monitored the social media interactions of the individual, the AI program has learnt to mimic the style of the person. The AI tool deployed by the attacker analyzed her social media feeds and emails in both professional and social interactions, developing an incredibly precise understanding of the CMO’s everyday communication. It replicates the CMO’s language almost perfectly.
In this hypothetical attack, it’s very likely that the target will find no reason to think twice about a normal email from his CMO. He downloads the email’s attachment—infecting his computer with AI malware. What’s more, the AI-powered malware can evade even the bank’s most advanced cyber defenses. While these tools are programmed to catch every threat known to the security industry, this attack is unique as it can blend in with normal activity. The AI malware remains elusive by continually changing its file name and identifiable features. At the same time, it quietly scans the network for weaknesses.
Welcome to Offensive AI.