Malware's AI time bomb

Hackers already have the AI tools needed to create the adaptable, destructive malware that security experts fear. But as long as their basic tactics — phishing, scams and ransomware — continue to work, they have little reason to use them.
Why it matters: Adversaries can flip that switch anytime, and companies need to prepare now.
Driving the news: The looming threat of autonomous cyberattacks was a top talking point at the inaugural HumanX conference in Las Vegas this week.
"You know that phrase, 'Keep your powder dry'? That's what attackers are doing right now," James White, chief technology officer at AI security startup CalypsoAI, told Axios, implying that bad actors are ready for battle.
The big picture: Cyber leaders have long feared generative AI would enable autonomous cyberattacks, making current security tools ineffective.
These attacks could involve AI agents carrying out hackers' bidding or malware that adapts in real time as it spreads.
Between the lines: A few years into the generative AI revolution, experts are split on how imminent these threats are.
Some say we're less than two years away from seeing agentic malware in nation-state cyber warfare.
Others argue hackers have little incentive to change tactics as they continue to profit from simple scams, phishing and ransomware.
Threat level: Even though AI-powered malware has yet to flood the zone, companies can't rest easy.
"The rate of acceleration is insane," Evan Reiser, CEO of email security company Abnormal Security, told Axios. "You don't have to be a total science fiction nerd, like me, to imagine where this can go in one year, two years."
AI will speed up attacks, leaving defenders with little time to react.
Meanwhile, most organizations are still behind on basic security measures, Reiser said, noting that the typical company is focused on setting up two-factor authentication. Abnormal Security works with about 20% of the Fortune 500.
Reality check: Startups selling AI security tools have an interest in hyping potential threats.
Mandiant says it has yet to respond to an attack involving truly autonomous AI or adaptable malware.
"I'm actually not worried about any of that right now," Charles Carmakal, CTO at Mandiant, told Axios.
Mandiant has mostly seen adversaries using AI for basic tasks like crafting phishing emails or researching targets.
The intrigue: Companies hiring cybersecurity vendors are beginning to understand that the best way to fight AI attacks is with AI security tools, said Itai Tevet, CEO of Intezer, a startup that offers an autonomous security operation center.
"It's dramatically different between 2023 and today," Tevet told Axios. "In the past, we needed to evangelize on why technology can do the same job. Today, all CISOs are getting asked by their board, 'How do you leverage AI?'"
Zoom in: AI agents can also help threat intelligence teams review the pile of notifications they receive about new vulnerabilities, phishing emails and other malicious activity, Steve Schmidt, chief security officer at Amazon, said in a fireside chat with Axios.
Amazon currently doesn't let agents make decisions or act on their own, but they can review the threat intelligence coming in to determine what needs to be prioritized.
"We've ended up significantly improving the lives of the security engineers, making them more efficient at what they have to do," Schmidt said.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

New York Post

7 hours ago

• New York Post

Weiner wars — Employee at popular meat company steals its secret recipe and then goes to work for competitor

So that's how the sausage is made. A former employee at Hormel Foods, a Fortune 500 packaged meat company, left with top-secret sausage recipes and market information — and then joined its regional competitor Johnsonville, a new federal lawsuit alleges. The stew started after longtime Hormel employee Brett Sims landed the role of Johnsonville's chief supply chain officer in June 2023, and then allegedly began poaching Hormel employees to also join the staff at the sausage company, based in Sheboygan Falls, Wisconsin, which was in violation of his non-solicitation agreement. Sims brought in his former Hormel co-worker Jeremy Rummel this spring, who left Hormel after 25 years, as per The Star Tribune. Before he broke the news to Hormel that he was about to work for its competitor, Rummel allegedly sent 'product formulas, processing procedures, acquisition-target information and marketing-strategy information' to his personal email address. Hormel Foods was founded 130 years ago. Getty Images 'Rummel was attempting to take Hormel's confidential business information and trade secrets to Johnsonville for the express purpose of exploiting the information for Johnsonville's benefit and to Hormel's detriment,' the suit said. After Hormel confronted Rummel, he fessed up to emailing himself the confidential information and then promptly headed to Sims' house 'with the intent to share the details of his interview with Hormel and develop a plan to protect his new role at Johnsonville,' according to the lawsuit. Hormel is behind brands like Spam, Skippy and Planters. SOPA Images/LightRocket via Getty Images Hormel, which was founded 130 years ago and is also behind brands like Skippy, Spam and Planters, is accusing Johnsonville and the two ex-employees of conspiring to 'unlawfully obtain Hormel's trade secrets.' 'The sausage market is increasingly competitive, and improper use of confidential, proprietary and trade-secret information, or wrongful competition or solicitation, could cause a manufacturer significant competitive economic disadvantage,' the suit continued. To make matters worse, when Johnsonville was sent a letter from Hormel 'outlining Sims' and Rummel's violations of their agreements, detailing their unlawful behavior and asking for a number of assurances,' the company did not cooperate, the suit claims. Sims and Rummel did not immediately respond to the Star Tribune's email, nor did an attorney named in the lawsuit.

Business Insider

16 hours ago

• Business Insider

Meet the Gen Z HENRYs: They're making $565K on average but still renting

Earning six figures but living paycheck to paycheck — that's what it means to be a HENRY. As Gen Zers approach 30, a very small subset of the generation is aging into this acronym, which stands for high earners, not rich yet, and was coined by Fortune's Shawn Tully. With inflation biting extra hard during their young adult years, younger Americans increasingly think they need to earn more to achieve stability. In a 2024 Bankrate survey, Gen Zers said they'd need to make $200,000 a year to feel financially secure. At the same time, Gen Zers deal with " money dysmorphia," or an unrealistic perception of their own financial soundness and feeling stressed over money, largely due to social comparison and outdated ideas of what's affordable. Indeed, middle-income Americans have been living more like their lower-income counterparts, indicating that for Americans to feel middle-class, they actually need to be high-earning. To figure out who in Gen Z is actually earning above that threshold — and may exemplify the HENRY title — we delved into Census Bureau microdata from the Current Population Survey's 2024 Annual Social and Economic Supplement. We only looked at adult Gen Zers with a total income of $250,000 or more. Though Gen Z birth years span from 1997 to 2012, we only looked at those ages 18 to 27 in 2024. On average, these Gen Z HENRYs made just above $565,000 a year, compared to around $28,700 for all Gen Zers reflected in the microdata. They also skewed slightly more male than the wider Gen Z cohort. On average, Gen Z HENRYs were around 24 years old in 2024. They were also more likely to be married than their wider Gen Z cohort, and those marriages seem to be sticking so far — essentially 0% of Gen Z HENRYs were separated or divorced. Demographically, Gen Z HENRYs were also less likely to be white than their cohort peers, and more likely to be Asian or Pacific Islander. Gen Z HENRYs were also more likely to have a bachelor's degree or a master's degree and beyond, both of which can contribute to a wage premium. And HENRYs might have the entrepreneurial bug: They're more likely than the rest of Gen Z to be self-employed, although the vast majority held wage or salary roles in the private sector. Gen Z HENRYs were less likely to be homeowners than the wider Gen Z cohort, with 40% of HENRYs owning homes compared to around 53% of all Gen Zers. Conversely, HENRYs were more likely to be renters. However, homeowning HENRYs were more likely to live in more valuable properties — their estimated current property values were around $455,000 compared to around $441,000 for all of Gen Z. That tracks with a larger trend: Some high-earning Americans, especially younger ones, are opting for rent — it's increasingly become a better deal than maintaining and buying a home for many, and many higher-earners like the flexibility and amenities that come with a rental.

Axios

a day ago

• Axios

Exclusive: Google wants to help cities build AI strategies

Google is releasing a playbook on Friday to help mayors across the country adopt city-wide AI strategies, per an announcement shared exclusively with Axios. Why it matters: Cities are approaching the technology wildly differently and with varying levels of resources, interest and need. But the "AI divide" — like the "digital divide" that came before it with internet access — is projected to deepen tech access disparities. "Building Your City's AI Strategy," released in partnership with the United States Conference of Mayors, is meant to serve as a framework for mayors and other municipal leaders to assess and implement AI. What's inside: The guide has chapters on identifying staff to participate in an "AI workshop," conducting surveys on AI usage and needs, and drafting an AI strategy document. The survey asks questions like how staff are currently using AI tools and which areas of city services could use AI the most. The guide states that AI offers cities "significant advantages" and "can automate certain tasks while freeing up city staff for complex, human-centric work." What they're saying: "Whatever problem you've been dealing with that you've inherited from your predecessors, that you can't figure out the way to fix, AI is the once in a generation tool that gives you a shot at fixing it," Cris Turner, vice president of government affairs at Google, told Axios. By the numbers: 96% of 100 mayors across the globe surveyed by Bloomberg Philanthropies in 2023 said they were interested in using generative AI, but only 2% surveyed were actively implementing it and 69% said they were exploring it. The bottom line: Companies like Google depend on people using their generative AI products for profit. But more users help the models get better, Turner noted.