What we learned mapping a year’s worth of AI-enabled cyber threats

A comprehensive analysis of AI-enabled cyber threats over a year reveals significant changes in the landscape of cyberattacks, showing that AI is making attackers more dangerous by allowing even less skilled actors to perform complex operations. The study examined 832 banned accounts for malicious activity and mapped them onto the MITRE ATT&CK framework, finding that AI is predominantly used for preparing cyberattacks, such as writing malware, and increasingly for sophisticated in-network activities like lateral movement and account discovery. The risk assessment of attackers has become more challenging, as traditional indicators like the number of techniques used or the platforms employed no longer reliably correlate with threat levels, due to AI's ability to perform complex tasks autonomously. The findings suggest that security frameworks need to evolve to capture these AI-enabled behaviors, as current models do not adequately encompass the orchestration and autonomy that AI brings to cyberattacks. The report highlights ongoing efforts to update security models and safeguard measures, as well as the need for defenders to stay ahead of these evolving threats by leveraging advanced tools and methodologies.