Q&A
How Generative AI Is Changing the Cybersecurity Battlefield
AI is reshaping offensive security tactics and challenging defenders to respond at unprecedented speed.
Generative AI has quickly become a disruptive force across industries, but its impact on cybersecurity may be the most profound. Attackers are already applying AI to automate tasks once requiring expert skill, from filtering vulnerability scans into high-value exploits to crafting realistic deepfake social engineering campaigns. As one security researcher observed, "you can be sure that malicious actors are doing the same for their own nefarious purposes."
While offensive teams have embraced AI for exploit discovery and payload creation, defenders face widening gaps in detection. Traditional tools often lag behind the pace of AI-driven threats, leaving enterprises scrambling to close vulnerabilities faster than ever before. The result is an accelerated arms race where both offensive and defensive systems continuously adapt in near real time.
At the upcoming Live! 360 Orlando conference, this dynamic will be the focus of Erica Burgess' " The AI Force Multiplier: Weaponized AI for Hackers." Attendees will hear firsthand how AI is being leveraged to discover zero-days, enhance social engineering, and what steps blue teams and CISOs can take to prepare for this new landscape. The session promises actionable insights into the future of cybersecurity in the age of generative AI.
Ahead of her Live! 360 session, Burgess gives us a preview of what to expect.
Redmondmag: What are some concerning uses of generative AI in offensive security?
Burgess: There are many unprecedented ways both hackers and security researchers have been using AI. Personally, most recently, I have been automating the mental gymnastics of adjusting false positive results of a vulnerability scanner report into true positives to create high impact exploits. It's important since one of the most critical parts of a security scan is being able to interpret the results in the report, and determine what is truly dangerous vs just noise - and GPT is very good at interpretation and context! Since I do that for legitimate penetration tests, you can be sure that malicious actors are doing the same for their own nefarious purposes. When it comes to white hats to stay ahead of the black hats in this new AI landscape we are all working in now.
How do bad actors leverage generative AI for social engineering, new exploit payloads and more?
It's helpful to separate the effects of AI usage for creating cyberattacks into two categories: new technical attacks on system vulnerabilities and social engineering attacks. For technical attacks (that require zero or little action by the user): AI has been excellent for discovering new and sophisticated attacks that mid-level human hackers would take a very long time to notice, if ever. Because of this, I predict there will be an uptick in new and elaborate 0-day exploits across both legacy and new systems. It's easier than ever to discover and release payloads for completely novel attacks, thanks to the "brainstorming" and emulation of creativity that GPT systems can achieve. On the social engineering side of the industry, I am helping more and more clients determine if they're talking to an AI or not. Last month, we proved that a movie star on a video call was an AI by making them speak Spanish, German and many other languages!
What are some current gaps in current tools for detecting AI attacks?
There has always been a bit of an arms race going on between offensive and defensive cybersecurity. All AI does is really make that cycle of attack and defense tighter and faster. As offensive GPT systems get better at creating content or new attacks, then so must the defense GPT systems. Teachers who use cheat detection software for grading essays know that the technology isn't very accurate, and it gets worse every time there is an advance in the publicly available free AI models. The same is true in the cybersecurity industry.
How should blue teams and CISOs defend against AI-powered attacks?
Though cybersecurity is already a very fast paced industry, AI speeds it up even further. As I mentioned, the cycle of attack and defense moves much faster now, thanks to improvements in both AI-based attacks and AI-based detection, so, open and careful communication about new CVEs from vendors will be critical. The faster the right details about an exploit are released, the faster a patch can be released, since we'll be moving more quickly. Here's an example: log4j was a huge publicly known zero-day exploit (with zero days of notice available for the world before it was used everywhere, with no patch available). Worse still, it affected many layers of applications, libraries and dependencies. Clients who didn't have an inventory of their systems were at high risk, but even those with inventories would also have had to have a lot of detail about what systems those systems were using, and what system THOSE systems were using (and so on) in order to determine if there was a risk. It was the best way to be truly responsive to the attack, but, GPT wasn't prevalent back then. If it had been, it would have been great response. Additionally, working closely with vendors and asking how they handle security events and bug reports is even more important than ever. Having efficient business processes for handling both internally and externally known vulns, and holding vendors and partners to the same standard is hugely helpful for the prevention and mitigation of these attacks.