In a recent demonstration, a non-expert journalist successfully hacked into a corporate-style website in just 10 minutes using instructions from an AI chatbot. By simply framing the request as part of an "online hacking competition," the AI provided the necessary code and guidance to extract an administrator's password. This experiment, conducted at SK쉴더스, a South Korean security company, highlights a growing concern in the cybersecurity community: the proliferation of AI is making sophisticated cyberattacks accessible to virtually anyone.
AI is becoming a "double-edged sword" in the world of cybersecurity. While companies are using it as a defensive tool to detect cyberattacks, attackers are also leveraging its capabilities to become more efficient and bypass existing security measures. This is leading to a significant increase in the volume of cyberattacks. According to the Korea Internet & Security Agency (KISA), cybercrime incidents rose by 48% from 2023 to 2024.
The Rise of AI-Powered Threats
Generative AI models like ChatGPT have built-in safety features to prevent them from assisting with malicious activities. However, as the demonstration showed, these safeguards can be circumvented with clever phrasing, or "jailbreaking." This has led to a boom in "Vibe Hacking," where non-experts can easily obtain hacking methods and attack codes. Hackers are now sharing and selling these AI vulnerabilities on dark web forums.
This shift is particularly evident in the rise of large-scale ransomware attacks. Traditionally, these were limited to a few specialized groups. However, the accessibility of AI and the availability of ransomware codes on the dark web have lowered the barrier to entry, enabling individuals to launch large-scale attacks. One research institution in Korea reported an average of 600,000 ransomware attack attempts per day, a stark illustration of the escalating threat.
The concern goes beyond just human-directed attacks. Experts now fear the emergence of "Ransomware AI Agents," automated systems that can carry out entire attacks on their own. Already, AI is being used to automate key parts of the process, such as creating highly convincing phishing emails in minutes and even developing "negotiation chatbots" to automatically haggle with victims over ransom payments.
The Need for a New Defense Strategy
The cybersecurity industry is aware of these new threats. Anthropic, a leading AI company, recently revealed that its AI model has been used by hackers to automate reconnaissance and network infiltration.
As the threat landscape evolves, so must the defense. Security companies like SK쉴더스 are offering around-the-clock monitoring and "Managed Detection and Response" (MDR) services to proactively counter threats. Governments are also stepping in, with KISA preparing guidelines to help small and medium-sized businesses address AI-related security vulnerabilities.
However, many experts believe a more fundamental change is needed. Instead of relying on traditional ID and password-based systems, security specialists are advocating for a "Zero Trust" approach, which requires continuous user authentication to verify identity and access rights. This proactive, ever-vigilant strategy may be the only way to stay ahead of an increasingly automated and accessible cyber threat.
[Copyright (c) Global Economic Times. All Rights Reserved.]
