According to recent CrowdStrike research, hackers are using artificial intelligence to launch more forceful attacks in less time, democratising access to more sophisticated code for less experienced hackers. But they are also taking advantage of the same AI systems that businesses use.
According to CrowdStrike, hackers are focusing on the tools used to create AI agents, which give them access, credentials, and malware. Agentic AI systems are CrowdStrike’s biggest concern, claiming that they have evolved into a “core part of the enterprise attack surface.”
The security firm claims to have seen “multiple” hackers taking advantage of flaws in the tools used to create AI agents, which is a significant departure from previous trends. CrowdStrike is concerned that “autonomous workflows and non-human identities [are] the next frontier of adversary exploitation.” Up until now, humans have always been the main entry point into a company.
“We’re seeing threat actors use GenAI to scale social engineering, accelerate operations, and lower the barrier to entry for hands-on-keyboard intrusions,” Head of Counter Adversary Operations Adam Meyers explained, TechRadar reported.
While DPRK-nexus Famous Chollima has also been seen using generative artificial intelligence to automate its insider attack programme across all phases, two real-world examples of GenAI-built malware are Funklocker and SparkCat. Even the deployment of ransomware within 24 hours of system access was accomplished by Scattered Spider, a group thought to be composed of American and British citizens.
“Adversaries are treating these agents like infrastructure, attacking them the same way they target SaaS platforms, cloud consoles, and privileged accounts,” Meyers added.
However, despite the fact that artificial intelligence is becoming more and more important in accelerating attacks, CrowdStrike discovered that 81% of interactive intrusions were malware-free and relied on human hands-on keyboards to remain undetected.
Meanwhile, by enabling deepfake scams, AI-generated phishing, and autonomous AI agents, GenAI has turned into a weapon for cybercriminals, resulting in losses of over $35 million by 2025.