Security Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware

A recent paper co-authored by MIT Sloan researchers and Safe Security, titled "Rethinking the Cybersecurity Arms Race," claims that 80% of ransomware attacks are AI-driven, a notion that has sparked debate within the security community. Critics, including security researcher Kevin Beaumont, have dismissed the report as lacking evidence, noting that it rebrands traditional ransomware operations as AI-enabled without substantiating the claim. The researchers, tied to a company marketing AI-driven cyber risk solutions, have been criticized for advancing a vendor narrative under the guise of academic research, leading to widespread coverage despite its disputed credibility. This situation reflects a broader trend in the security industry where vendor-led studies and surveys often blur the line between perception and reality, influencing executive fears and priorities without solid evidence. Reports from ENISA and the Verizon Data Breach Investigations Report contradict these claims, indicating that while AI tools are being experimented with by threat actors, the majority of ransomware attacks are not AI-driven. The industry, therefore, risks focusing on speculative AI threats at the expense of addressing established vulnerabilities, which remain the primary entry points for cyberattacks.