Hackers Are Using AI to Write Exploits and Automate Attacks at Scale

ADEQUATE ASSESSMENT

The same AI tools marketed to security teams for vulnerability research are being used by attackers to write exploits and automate attack delivery at scale. This was not a surprise to anyone with access to the tools. The tools were marketed as dual-use from the beginning. The restriction was assumed to be social, not technical.

Cybersecurity departments briefed on this in advance. Adequate attended none of these briefings. The decision to distribute unrestricted access to foundation models was made with full knowledge that attackers would acquire them through standard channels. The timeline between 'here are tools for defense' and 'attackers are using these tools for offense' was measured in weeks.

Scale is now the constraint that has been solved. Individual attacks required individual effort. Now attackers automate against thousands of targets simultaneously using the same models that find the vulnerabilities. The briefing recommended certain mitigations. The briefing was not attended. The slide deck still exists.

ORIGINAL FILING

Dark Reading

READ ORIGINAL FILING →

FURTHER DEVELOPMENTS — FLAGGED BY ADEQUATE

Google Identified Hackers Exploiting an AI-Discovered Vulnerability Before a Patch Existed

TechXplore AI

Palo Alto Networks Zero-Day Exploited in Operation Consistent with Chinese State Actors

SecurityWeek

Modded Tesla V100 Server GPU Runs LLMs from a PCIe Slot for $200

Tom's Hardware

Google Detects First AI-Generated Zero-Day Exploit

SecurityWeek

AI-Assisted Hacking Has Scaled Into an Industrial Operation, According to Google

The Guardian AI

[Linkpost] Language Models Can Autonomously Hack and Self-Replicate

LessWrong