Search This Blog

Powered by Blogger.

Blog Archive

Labels

About Me

Showing posts with label AI tools. Show all posts

Security Teams Struggle to Keep Up With Generative AI Threats, Cobalt Warns

 

A growing number of cybersecurity professionals are expressing concern that generative AI is evolving too rapidly for their teams to manage. 

According to new research by penetration testing company Cobalt, over one-third of security leaders and practitioners admit that the pace of genAI development has outstripped their ability to respond. Nearly half of those surveyed (48%) said they wish they could pause and reassess their defense strategies in light of these emerging threats—though they acknowledge that such a break isn’t realistic. 

In fact, 72% of respondents listed generative AI-related attacks as their top IT security risk. Despite this, one in three organizations still isn’t conducting regular security evaluations of their large language model (LLM) deployments, including basic penetration testing. 

Cobalt CTO Gunter Ollmann warned that the security landscape is shifting, and the foundational controls many organizations rely on are quickly becoming outdated. “Our research shows that while generative AI is transforming how businesses operate, it’s also exposing them to risks they’re not prepared for,” said Ollmann. 
“Security frameworks must evolve or risk falling behind.” The study revealed a divide between leadership and practitioners. Executives such as CISOs and VPs are more concerned about long-term threats like adversarial AI attacks, with 76% listing them as a top issue. Meanwhile, 45% of practitioners are more focused on immediate operational challenges such as model inaccuracies, compared to 36% of executives. 

A majority of leaders—52%—are open to rethinking their cybersecurity strategies to address genAI threats. Among practitioners, only 43% shared this view. The top genAI-related concerns identified by the survey included the risk of sensitive information disclosure (46%), model poisoning or theft (42%), data inaccuracies (40%), and leakage of training data (37%). Around half of respondents also expressed a desire for more transparency from software vendors about how vulnerabilities are identified and patched, highlighting a widening trust gap in the AI supply chain. 

Cobalt’s internal pentest data shows a worrying trend: while 69% of high-risk vulnerabilities are typically fixed across all test types, only 21% of critical flaws found in LLM tests are resolved. This is especially alarming considering that nearly one-third of LLM vulnerabilities are classified as serious. Interestingly, the average time to resolve these LLM-specific vulnerabilities is just 19 days—the fastest across all categories. 

However, researchers noted this may be because organizations prioritize easier, low-effort fixes rather than tackling more complex threats embedded in foundational AI models. Ollmann compared the current scenario to the early days of cloud adoption, where innovation outpaced security readiness. He emphasized that traditional controls aren’t enough in the age of LLMs. “Security teams can’t afford to be reactive anymore,” he concluded. “They must move toward continuous, programmatic AI testing if they want to keep up.”

New Report Ranks Best And Worst Generative AI Tools For Privacy

 

Most generative AI companies use client data to train their chatbots. For this, they may use private or public data. Some services take a more flexible and non-intrusive approach to gathering customer data. Not so much for others. A recent analysis from data removal firm Incogni weighs the benefits and drawbacks of AI in terms of protecting your personal data and privacy.

As part of its "Gen AI and LLM Data Privacy Ranking 2025," Incogni analysed nine well-known generative AI services and evaluated their data privacy policies using 11 distinct factors. The following queries were addressed by the criteria: 

  • What kind of data do the models get trained on? 
  • Is it possible to train the models using user conversations? 
  • Can non-service providers or other appropriate entities receive prompts? 
  • Can the private data from users be erased from the training dataset?
  • How clear is it when training is done via prompts? 
  • How simple is it to locate details about the training process of models? 
  • Does the data collection process have a clear privacy policy?
  • How easy is it to read the privacy statement? 
  • Which resources are used to gather information about users?
  • Are third parties given access to the data? 
  • What information are gathered by the AI apps? 

The research involved Mistral AI's Le Chat, OpenAI's ChatGPT, xAI's Grok, Anthropic's Claude, Inflection AI's Pi, DeekSeek, Microsoft Copilot, Google Gemini, and Meta AI. Each AI performed well on certain questions but not so well on others. 

For instance, Grok performed poorly on the readability of its privacy policy but received a decent rating for how clearly it communicates that prompts are used for training. As another example, the ratings that ChatGPT and Gemini received for gathering data from their mobile apps varied significantly between the iOS and Android versions.

However, Le Chat emerged as the best privacy-friendly AI service overall. It did well in the transparency category, despite losing a few points. Additionally, it only collects a small amount of data and achieves excellent scores for additional privacy concerns unique to AI. 

Second place went to ChatGPT. Researchers at Incogni were a little worried about how user data interacts with the service and how OpenAI trains its models. However, ChatGPT explains the company's privacy standards in detail, lets you know what happens to your data, and gives you explicit instructions on how to restrict how your data is used. Claude and PI came in third and fourth, respectively, after Grok. Each performed reasonably well in terms of protecting user privacy overall, while there were some issues in certain areas. 

"Le Chat by Mistral AI is the least privacy-invasive platform, with ChatGPT and Grok following closely behind," Incogni noted in its report. "These platforms ranked highest when it comes to how transparent they are on how they use and collect data, and how easy it is to opt out of having personal data used to train underlying models. ChatGPT turned out to be the most transparent about whether prompts will be used for model training and had a clear privacy policy.” 

In its investigation, Incogni discovered that AI firms exchange data with a variety of parties, including service providers, law enforcement, members of the same corporate group, research partners, affiliates, and third parties. 

"Microsoft's privacy policy implies that user prompts may be shared with 'third parties that perform online advertising services for Microsoft or that use Microsoft's advertising technologies,'" Incogni added in the report. "DeepSeek's and Meta's privacy policies indicate that prompts can be shared with companies within its corporate group. Meta's and Anthropic's privacy policies can reasonably be understood to indicate that prompts are shared with research collaborators.” 

You can prevent the models from being trained using your prompts with some providers. This is true for Grok, Mistral AI, Copilot, and ChatGPT. However, based on their privacy rules and other resources, it appears that other services do not allow this kind of data collecting to be stopped. Gemini, DeepSeek, Pi AI, and Meta AI are a few of these. In response to this concern, Anthropic stated that it never gathers user input for model training. 

Ultimately, a clear and understandable privacy policy significantly helps in assisting you in determining what information is being gathered and how to opt out.

Navigating AI Security Risks in Professional Settings


 

There is no doubt that generative artificial intelligence is one of the most revolutionary branches of artificial intelligence, capable of producing entirely new content across many different types of media, including text, image, audio, music, and even video. As opposed to conventional machine learning models, which are based on executing specific tasks, generative AI systems learn patterns and structures from large datasets and are able to produce outputs that aren't just original, but are sometimes extremely realistic as well. 

It is because of this ability to simulate human-like creativity that generative AI has become an industry leader in technological innovation. Its applications go well beyond simple automation, touching almost every sector of the modern economy. As generative AI tools reshape content creation workflows, they produce compelling graphics and copy at scale in a way that transforms the way content is created. 

The models are also helpful in software development when it comes to generating code snippets, streamlining testing, and accelerating prototyping. AI also has the potential to support scientific research by allowing the simulation of data, modelling complex scenarios, and supporting discoveries in a wide array of areas, such as biology and material science.

Generative AI, on the other hand, is unpredictable and adaptive, which means that organisations are able to explore new ideas and achieve efficiencies that traditional systems are unable to offer. There is an increasing need for enterprises to understand the capabilities and the risks of this powerful technology as adoption accelerates. 

Understanding these capabilities has become an essential part of staying competitive in a digital world that is rapidly changing. In addition to reproducing human voices and creating harmful software, generative artificial intelligence is rapidly lowering the barriers for launching highly sophisticated cyberattacks that can target humans. There is a significant threat from the proliferation of deepfakes, which are realistic synthetic media that can be used to impersonate individuals in real time in convincing ways. 

In a recent incident in Italy, cybercriminals manipulated and deceived the Defence Minister Guido Crosetto by leveraging advanced audio deepfake technology. These tools demonstrate the alarming ability of such tools for manipulating and deceiving the public. Also, a finance professional recently transferred $25 million after being duped into transferring it by fraudsters using a deepfake simulation of the company's chief financial officer, which was sent to him via email. 

Additionally, the increase in phishing and social engineering campaigns is concerning. As a result of the development of generative AI, adversaries have been able to craft highly personalised and context-aware messages that have significantly enhanced the quality and scale of these attacks. It has now become possible for hackers to create phishing emails that are practically indistinguishable from legitimate correspondence through the analysis of publicly available data and the replication of authentic communication styles. 

Cybercriminals are further able to weaponise these messages through automation, as this enables them to create and distribute a huge volume of tailored lures that are tailored to match the profile and behaviour of each target dynamically. Using the power of AI to generate large language models (LLMs), attackers have also revolutionised malicious code development. 

A large language model can provide attackers with the power to design ransomware, improve exploit techniques, and circumvent conventional security measures. Therefore, organisations across multiple industries have reported an increase in AI-assisted ransomware incidents, with over 58% of them stating that the increase has been significant.

It is because of this trend that security strategies must be adapted to address threats that are evolving at machine speed, making it crucial for organisations to strengthen their so-called “human firewalls”. While it has been demonstrated that employee awareness remains an essential defence, studies have indicated that only 24% of organisations have implemented continuous cyber awareness programs, which is a significant amount. 

As companies become more sophisticated in their security efforts, they should update training initiatives to include practical advice on detecting hyper-personalised phishing attempts, detecting subtle signs of deepfake audio and identifying abnormal system behaviours that can bypass automated scanners in order to protect themselves from these types of attacks. Providing a complement to human vigilance, specialised counter-AI solutions are emerging to mitigate these risks. 

In order to protect against AI-driven phishing campaigns, DuckDuckGoose Suite, for example, uses behavioural analytics and threat intelligence to prevent AI-based phishing campaigns from being initiated. Tessian, on the other hand, employs behavioural analytics and threat intelligence to detect synthetic media. As well as disrupting malicious activity in real time, these technologies also provide adaptive coaching to assist employees in developing stronger, instinctive security habits in the workplace. 
Organisations that combine informed human oversight with intelligent defensive tools will have the capacity to build resilience against the expanding arsenal of AI-enabled cyber threats. Recent legal actions have underscored the complexity of balancing AI use with privacy requirements. It was raised by OpenAI that when a judge ordered ChatGPT to keep all user interactions, including deleted chats, they might inadvertently violate their privacy commitments if they were forced to keep data that should have been wiped out.

AI companies face many challenges when delivering enterprise services, and this dilemma highlights the challenges that these companies face. OpenAI and Anthropic are platforms offering APIs and enterprise products that often include privacy safeguards; however, individuals using their personal accounts are exposed to significant risks when handling sensitive information that is about them or their business. 

AI accounts should be managed by the company, users should understand the specific privacy policies of these tools, and they should not upload proprietary or confidential materials unless specifically authorised by the company. Another critical concern is the phenomenon of AI hallucinations that have occurred in recent years. This is because large language models are constructed to predict language patterns rather than verify facts, which can result in persuasively presented, but entirely fictitious content.

As a result of this, there have been several high-profile incidents that have resulted, including fabricated legal citations in court filings, as well as invented bibliographies. It is therefore imperative that human review remains part of professional workflows when incorporating AI-generated outputs. Bias is another persistent vulnerability.

Due to the fact that artificial intelligence models are trained on extensive and imperfect datasets, these models can serve to mirror and even amplify the prejudices that exist within society as a whole. As a result of the system prompts that are used to prevent offensive outputs, there is an increased risk of introducing new biases, and system prompt adjustments have resulted in unpredictable and problematic responses, complicating efforts to maintain a neutral environment. 

Several cybersecurity threats, including prompt injection and data poisoning, are also on the rise. A malicious actor may use hidden commands or false data to manipulate model behaviour, thus causing outputs that are inaccurate, offensive, or harmful. Additionally, user error remains an important factor as well. Instances such as unintentionally sharing private AI chats or recording confidential conversations illustrate just how easy it is to breach confidentiality, even with simple mistakes.

It has also been widely reported that intellectual property concerns complicate the landscape. Many of the generative tools have been trained on copyrighted material, which has raised legal questions regarding how to use such outputs. Before deploying AI-generated content commercially, companies should seek legal advice. 

As AI systems develop, even their creators are not always able to predict the behaviour of these systems, leaving organisations with a challenging landscape where threats continue to emerge in unexpected ways. However, the most challenging risk is the unknown. The government is facing increasing pressure to establish clear rules and safeguards as artificial intelligence moves from the laboratory to virtually every corner of the economy at a rapid pace. 

Before the 2025 change in administration, there was a growing momentum behind early regulatory efforts in the United States. For instance, Executive Order 14110 outlined the appointment of chief AI officers by federal agencies and the development of uniform guidelines for assessing and managing AI risks. As a result of this initiative, a baseline of accountability for AI usage in the public sector was established. 

A change in strategy has taken place in the administration's approach to artificial intelligence since they rescinded the order. This signalled a departure from proactive federal oversight. The future outlook for artificial intelligence regulation in the United States is highly uncertain, however. The Trump-backed One Big Beautiful Bill proposes sweeping restrictions that would prevent state governments from enacting artificial intelligence regulations for at least the next decade. 

As a result of this measure becoming law, it could effectively halt local and regional governance at a time when AI is gaining a greater influence across practically all industries. Meanwhile, the European Union currently seems to be pursuing a more consistent approach to AI. 

As of March 2024, a comprehensive framework titled the Artificial Intelligence Act was established. This framework categorises artificial intelligence applications according to the level of risk they pose and imposes strict requirements for applications that pose a significant risk, such as those in the healthcare field, education, and law enforcement. 

Also included in the legislation are certain practices, such as the use of facial recognition systems in public places, that are outright banned, reflecting a commitment to protecting the individual's rights. In terms of how AI oversight is defined and enforced, there is a widening gap between regions as a result of these different regulatory strategies. 

Technology will continue to evolve, and to ensure compliance and manage emerging risks effectively, organisations will have to remain vigilant and adapt to the changing legal landscape as a result of this.

How Generative AI Is Accelerating the Rise of Shadow IT and Cybersecurity Gaps

 

The emergence of generative AI tools in the workplace has reignited concerns about shadow IT—technology solutions adopted by employees without the knowledge or approval of the IT department. While shadow IT has always posed security challenges, the rapid proliferation of AI tools is intensifying the issue, creating new cybersecurity risks for organizations already struggling with visibility and control. 

Employees now have access to a range of AI-powered tools that can streamline daily tasks, from summarizing text to generating code. However, many of these applications operate outside approved systems and can send sensitive corporate data to third-party cloud environments. This introduces serious privacy concerns and increases the risk of data leakage. Unlike legacy software, generative AI solutions can be downloaded and used with minimal friction, making them harder for IT teams to detect and manage. 

The 2025 State of Cybersecurity Report by Ivanti reveals a critical gap between awareness and preparedness. More than half of IT and security leaders acknowledge the threat posed by software and API vulnerabilities. Yet only about one-third feel fully equipped to deal with these risks. The disparity highlights the disconnect between theory and practice, especially as data visibility becomes increasingly fragmented. 

A significant portion of this problem stems from the lack of integrated data systems. Nearly half of organizations admit they do not have enough insight into the software operating on their networks, hindering informed decision-making. When IT and security departments work in isolation—something 55% of organizations still report—it opens the door for unmonitored tools to slip through unnoticed. 

Generative AI has only added to the complexity. Because these tools operate quickly and independently, they can infiltrate enterprise environments before any formal review process occurs. The result is a patchwork of unverified software that can compromise an organization’s overall security posture. 

Rather than attempting to ban shadow IT altogether—a move unlikely to succeed—companies should focus on improving data visibility and fostering collaboration between departments. Unified platforms that connect IT and security functions are essential. With a shared understanding of tools in use, teams can assess risks and apply controls without stifling innovation. 

Creating a culture of transparency is equally important. Employees should feel comfortable voicing their tech needs instead of finding workarounds. Training programs can help users understand the risks of generative AI and encourage safer choices. 

Ultimately, AI is not the root of the problem—lack of oversight is. As the workplace becomes more AI-driven, addressing shadow IT with strategic visibility and collaboration will be critical to building a strong, future-ready defense.

Foxconn’s Chairman Warns AI and Robotics Will Replace Low-End Manufacturing Jobs

 

Foxconn chairman Young Liu has issued a stark warning about the future of low-end manufacturing jobs, suggesting that generative AI and robotics will eventually eliminate many of these roles. Speaking at the Computex conference in Taiwan, Liu emphasized that this transformation is not just technological but geopolitical, urging world leaders to prepare for the sweeping changes ahead. 

According to Liu, wealthy nations have historically relied on two methods to keep manufacturing costs down: encouraging immigration to bring in lower-wage workers and outsourcing production to countries with lower GDP. However, he argued that both strategies are reaching their limits. With fewer low-GDP countries to outsource to and increasing resistance to immigration in many parts of the world, Liu believes that generative AI and robotics will be the next major solution to bridge this gap. He cited Foxconn’s own experience as proof of this shift. 

After integrating generative AI into its production processes, the company discovered that AI alone could handle up to 80% of the work involved in setting up new manufacturing runs—often faster than human workers. While human input is still required to complete the job, the combination of AI and skilled labor significantly improves efficiency. As a result, Foxconn’s human experts are now able to focus on more complex challenges rather than repetitive tasks. Liu also announced the development of a proprietary AI model named “FoxBrain,” tailored specifically for manufacturing. 

Built using Meta’s Llama 3 and 4 models and trained on Foxconn’s internal data, this tool aims to automate workflows and enhance factory operations. The company plans to open-source FoxBrain and deploy it across all its facilities, continuously improving the model with real-time performance feedback. Another innovation Liu highlighted was Foxconn’s use of Nvidia’s Omniverse to create digital twins of future factories. These AI-operated virtual factories are used to test and optimize layouts before construction begins, drastically improving design efficiency and effectiveness. 

In addition to manufacturing, Foxconn is eyeing the electric vehicle sector. Liu revealed the company is working on a reference design for EVs, a model that partners can customize—much like Foxconn’s strategy with PC manufacturers. He claimed this approach could reduce product development workloads by up to 80%, enhancing time-to-market and cutting costs. 

Liu closed his keynote by encouraging industry leaders to monitor these developments closely, as the rise of AI-driven automation could reshape the global labor landscape faster than anticipated.

Google’s AI Virtual Try-On Tool Redefines Online Shopping Experience

 

At the latest Google I/O developers conference, the tech giant introduced an unexpected innovation in online shopping: an AI-powered virtual try-on tool. This new feature lets users upload a photo of themselves and see how clothing items would appear on their body. By merging the image of the user with that of the garment, Google’s custom-built image generation model creates a realistic simulation of the outfit on the individual. 

While the concept seems simple, the underlying AI technology is advanced. In a live demonstration, the tool appeared to function seamlessly. The feature is now available in the United States and is part of Google’s broader efforts to enhance the online shopping experience through AI integration. It’s particularly useful for people who often struggle to visualize how clothing will look on their body compared to how it appears on models.  

However, the rollout of this tool raised valid questions about user privacy. AI systems that involve personal images often come with concerns over data usage. Addressing these worries, a Google representative clarified that uploaded photos are used exclusively for the try-on experience. The images are not stored for AI training, are not shared with other services or third parties, and users can delete or update their photos at any time. This level of privacy protection is notable in an industry where user data is typically leveraged to improve algorithms. 

Given Google’s ongoing development of AI-driven tools, some expected the company to utilize this photo data for model training. Instead, the commitment to user privacy in this case suggests a more responsible approach. Virtual fitting technology isn’t entirely new. Retail and tech companies have been exploring similar ideas for years. Amazon, for instance, has experimented with AI tools in its fashion division. Google, however, claims its new tool offers a more in-depth understanding of diverse body types. 

During the presentation, Vidhya Srinivasan, Google’s VP of ads and commerce, emphasized the system’s goal of accommodating different shapes and sizes more effectively. Past AI image tools have faced criticism for lacking diversity and realism. It’s unclear whether Google’s new tool will be more reliable across the board. Nevertheless, their assurance that user images won’t be used to train models helps build trust. 

Although the virtual preview may not always perfectly reflect real-life appearances, this development points to a promising direction for AI in retail. If successful, it could improve customer satisfaction, reduce returns, and make online shopping a more personalized experience.

Quantum Computing Could Deliver Business Value by 2028 with 100 Logical Qubits

 

Quantum computing may soon move from theory to commercial reality, as experts predict that machines with 100 logical qubits could start delivering tangible business value by 2028—particularly in areas like material science. Speaking at the Commercialising Quantum Computing conference in London, industry leaders suggested that such systems could outperform even high-performance computing in solving complex problems. 

Mark Jackson, senior quantum evangelist at Quantinuum, highlighted that quantum computing shows great promise in generative AI applications, especially machine learning. Unlike traditional systems that aim for precise answers, quantum computers excel at identifying patterns in large datasets—making them highly effective for cybersecurity and fraud detection. “Quantum computers can detect patterns that would be missed by other conventional computing methods,” Jackson said.  

Financial services firms are also beginning to realize the potential of quantum computing. Phil Intallura, global head of quantum technologies at HSBC, said quantum technologies can help create more optimized financial models. “If you can show a solution using quantum technology that outperforms supercomputers, decision-makers are more likely to invest,” he noted. HSBC is already exploring quantum random number generation for use in simulations and risk modeling. 

In a recent collaborative study published in Nature, researchers from JPMorgan Chase, Quantinuum, Argonne and Oak Ridge national labs, and the University of Texas showcased Random Circuit Sampling (RCS) as a certified-randomness-expansion method, a task only achievable on a quantum computer. This work underscores how randomness from quantum systems can enhance classical financial simulations. Quantum cryptography also featured prominently at the conference. Regulatory pressure is mounting on banks to replace RSA-2048 encryption with quantum-safe standards by 2035, following recommendations from the U.S. National Institute of Standards and Technology. 

Santander’s Mark Carney emphasized the need for both software and hardware support to enable fast and secure post-quantum cryptography (PQC) in customer-facing applications. Gerard Mullery, interim CEO at Oxford Quantum Circuits, stressed the importance of integrating quantum computing into traditional enterprise workflows. As AI increasingly automates business processes, quantum platforms will need to support seamless orchestration within these ecosystems. 

While only a few companies have quantum machines with logical qubits today, the pace of development suggests that quantum computing could be transformative within the next few years. With increasing investment and maturing use cases, businesses are being urged to prepare for a hybrid future where classical and quantum systems work together to solve previously intractable problems.

AI Can Create Deepfake Videos of Children Using Just 20 Images, Expert Warns

 

Parents are being urged to rethink how much they share about their children online, as experts warn that criminals can now generate realistic deepfake videos using as few as 20 images. This alarming development highlights the growing risks of digital identity theft and fraud facing children due to oversharing on social media platforms.  

According to Professor Carsten Maple of the University of Warwick and the Alan Turing Institute, modern AI tools can construct highly realistic digital profiles, including 30-second deepfake videos, from a small number of publicly available photos. These images can be used not only by criminal networks to commit identity theft, open fraudulent accounts, or claim government benefits in a child’s name but also by large tech companies to train their algorithms, often without the user’s full awareness or consent. 

New research conducted by Perspectus Global and commissioned by Proton surveyed 2,000 UK parents of children under 16. The findings show that on average, parents upload 63 images to social media every month, with 59% of those being family-related. A significant proportion of parents—21%—share these photos multiple times a week, while 38% post several times a month. These frequent posts not only showcase images but also often contain sensitive data like location tags and key life events, making it easier for bad actors to build a detailed online profile of the child. Professor Maple warned that such oversharing can lead to long-term consequences. 

Aside from potential identity theft, children could face mental distress or reputational harm later in life from having a permanent digital footprint that they never consented to create. The problem is exacerbated by the fact that many parents are unaware of how their data is being used. For instance, 48% of survey respondents did not realize that cloud storage providers can access the data stored on their platforms. In fact, more than half of the surveyed parents (56%) store family images on cloud services such as Google Drive or Apple iCloud. On average, each parent had 185 photos of their children stored digitally—images that may be accessed or analyzed under vaguely worded terms and conditions.  

Recent changes to Instagram’s user agreement, which now allows the platform to use uploaded images to train its AI systems, have further heightened privacy concerns. Additionally, experts have warned about the use of personal images by other Big Tech firms to enhance facial recognition algorithms and advertising models. To protect their children, parents are advised to implement a range of safety measures. These include using secure and private cloud storage, adjusting privacy settings on social platforms, avoiding public Wi-Fi when sharing or uploading data, and staying vigilant against phishing scams. 

Furthermore, experts recommend setting boundaries with children regarding online activity, using parental controls, antivirus tools, and search filters, and modeling responsible digital behavior. The growing accessibility of AI-based image manipulation tools underscores the urgent need for greater awareness and proactive digital hygiene. What may seem like harmless sharing today could expose children to significant risks in the future.

AI in Cybersecurity Market Sees Rapid Growth as Network Security Leads 2024 Expansion

 

The integration of artificial intelligence into cybersecurity solutions has accelerated dramatically, driving the global market to an estimated value of $32.5 billion in 2024. This surge—an annual growth rate of 23%—reflects organizations’ urgent need to defend against increasingly sophisticated cyber threats. Traditional, signature-based defenses are no longer sufficient; today’s adversaries employ polymorphic malware, fileless attacks, and automated intrusion tools that can evade static rule sets. AI’s ability to learn patterns, detect anomalies in real time, and respond autonomously has become indispensable. 

Among AI-driven cybersecurity segments, network security saw the most significant expansion last year, accounting for nearly 40% of total AI security revenues. AI-enhanced intrusion prevention systems and next-generation firewalls leverage machine learning models to inspect vast streams of traffic, distinguishing malicious behavior from legitimate activity. These solutions can automatically quarantine suspicious connections, adapt to novel malware variants, and provide security teams with prioritized alerts—reducing mean time to detection from days to mere minutes. As more enterprises adopt zero-trust architectures, AI’s role in continuously verifying device and user behavior on the network has become a cornerstone of modern defensive strategies. 

Endpoint security followed closely, representing roughly 25% of the AI cybersecurity market in 2024. AI-powered endpoint detection and response (EDR) platforms monitor processes, memory activity, and system calls on workstations and servers. By correlating telemetry across thousands of devices, these platforms can identify subtle indicators of compromise—such as unusual parent‑child process relationships or command‑line flags—before attackers achieve persistence. The rise of remote work has only heightened demand: with employees connecting from diverse locations and personal devices, AI’s context-aware threat hunting capabilities help maintain comprehensive visibility across decentralized environments. 

Identity and access management (IAM) solutions incorporating AI now capture about 20% of the market. Behavioral analytics engines analyze login patterns, device characteristics, and geolocation data to detect risky authentication attempts. Rather than relying solely on static multi‑factor prompts, adaptive authentication methods adjust challenge levels based on real‑time risk scores, blocking illicit logins while minimizing friction for legitimate users. This dynamic approach addresses credential stuffing and account takeover attacks, which accounted for over 30% of cyber incidents in 2024. Cloud security, covering roughly 15% of the AI cybersecurity spend, is another high‑growth area. 

With workloads distributed across public, private, and hybrid clouds, AI-driven cloud security posture management (CSPM) tools continuously scan configurations and user activities for misconfigurations, vulnerable APIs, and data‑exfiltration attempts. Automated remediation workflows can instantly correct risky settings, enforce encryption policies, and isolate compromised workloads—ensuring compliance with evolving regulations such as GDPR and CCPA. 

Looking ahead, analysts predict the AI in cybersecurity market will exceed $60 billion by 2028, as vendors integrate generative AI for automated playbook creation and incident response orchestration. Organizations that invest in AI‑powered defenses will gain a competitive edge, enabling proactive threat hunting and resilient operations against a backdrop of escalating cyber‑threat complexity.

Agentic AI and Ransomware: How Autonomous Agents Are Reshaping Cybersecurity Threats

 

A new generation of artificial intelligence—known as agentic AI—is emerging, and it promises to fundamentally change how technology is used. Unlike generative AI, which mainly responds to prompts, agentic AI operates independently, solving complex problems and making decisions without direct human input. While this leap in autonomy brings major benefits for businesses, it also introduces serious risks, especially in the realm of cybersecurity. Security experts warn that agentic AI could significantly enhance the capabilities of ransomware groups. 

These autonomous agents can analyze, plan, and execute tasks on their own, making them ideal tools for attackers seeking to automate and scale their operations. As agentic AI evolves, it is poised to alter the cyber threat landscape, potentially enabling more efficient and harder-to-detect ransomware attacks. In contrast to the early concerns raised in 2022 with the launch of tools like ChatGPT, which mainly helped attackers draft phishing emails or debug malicious code, agentic AI can operate in real time and adapt to complex environments. This allows cybercriminals to offload traditionally manual processes like lateral movement, system enumeration, and target prioritization. 

Currently, ransomware operators often rely on Initial Access Brokers (IABs) to breach networks, then spend time manually navigating internal systems to deploy malware. This process is labor-intensive and prone to error, often leading to incomplete or failed attacks. Agentic AI, however, removes many of these limitations. It can independently identify valuable targets, choose the most effective attack vectors, and adjust to obstacles—all without human direction. These agents may also dramatically reduce the time required to carry out a successful ransomware campaign, compressing what once took weeks into mere minutes. 

In practice, agentic AI can discover weak points in a network, bypass defenses, deploy malware, and erase evidence of the intrusion—all in a single automated workflow. However, just as agentic AI poses a new challenge for cybersecurity, it also offers potential defensive benefits. Security teams could deploy autonomous AI agents to monitor networks, detect anomalies, or even create decoy systems that mislead attackers. 

While agentic AI is not yet widely deployed by threat actors, its rapid development signals an urgent need for organizations to prepare. To stay ahead, companies should begin exploring how agentic AI can be integrated into their defense strategies. Being proactive now could mean the difference between falling behind or successfully countering the next wave of ransomware threats.

Gmail Users Face a New Dilemma Between AI Features and Data Privacy

 



Google’s Gmail is now offering two new upgrades, but here’s the catch— they don’t work well together. This means Gmail’s billions of users are being asked to pick a side: better privacy or smarter features. And this decision could affect how their emails are handled in the future.

Let’s break it down. One upgrade focuses on stronger protection of your emails, which works like advanced encryption. This keeps your emails private, even Google won’t be able to read them. The second upgrade brings in artificial intelligence tools to improve how you search and use Gmail, promising quicker, more helpful results.

But there’s a problem. If your emails are fully protected, Gmail’s AI tools can’t read them to include in its search results. So, if you choose privacy, you might lose out on the benefits of smarter searches. On the other hand, if you want AI help, you’ll need to let Google access more of your email content.

This challenge isn’t unique to Gmail. Many tech companies are trying to combine stronger security with AI-powered features, but the two don’t always work together. Apple tried solving this with a system that processes data securely on your device. However, delays in rolling out their new AI tools have made their solution uncertain for now.

Some reports explain the choice like this: if you turn on AI features, Google will use your data to power smart tools. If you turn it off, you’ll have better privacy, but lose some useful options. The real issue is that opting out isn’t always easy. Some settings may remain active unless you manually turn them off, and fully securing your emails still isn’t simple.

Even when extra security is enabled, email systems have limitations. For example, Apple’s iCloud Mail doesn’t use full end-to-end encryption because it must work with global email networks. So even private emails may not be completely safe.

This issue goes beyond Gmail. Other platforms are facing similar challenges. WhatsApp, for example, added a privacy mode that blocks saving chats and media, but also limits AI-related features. OpenAI’s ChatGPT can now remember what you told it in past conversations, which may feel helpful but also raises questions about how your personal data is being stored.

In the end, users need to think carefully. AI tools can make email more useful, but they come with trade-offs. Email has never been a perfectly secure space, and with smarter AI, new threats like scams and data misuse may grow. That’s why it’s important to weigh both sides before making a choice.



Generative AI Fuels Identity Theft, Aadhaar Card Fraud, and Misinformation in India

 

A disturbing trend is emerging in India’s digital landscape as generative AI tools are increasingly misused to forge identities and spread misinformation. One user, Piku, revealed that an AI platform generated a convincing Aadhaar card using only a name, birth date, and address—raising serious questions about data security. While AI models typically do not use real personal data, the near-perfect replication of government documents hints at training on real-world samples, possibly sourced from public leaks or open repositories. 

This AI-enabled fraud isn’t occurring in isolation. Criminals are combining fake document templates with authentic data collected from discarded paperwork, e-waste, and old printers. The resulting forged identities are realistic enough to pass basic checks, enabling SIM card fraud, bank scams, and more. What started as tools for entertainment and productivity now pose serious risks. Misinformation tactics are evolving too. 

A recent incident involving playback singer Shreya Ghoshal illustrated how scammers exploit public figures to push phishing links. These fake stories led users to malicious domains targeting them with investment scams under false brand names like Lovarionix Liquidity. Cyber intelligence experts traced these campaigns to websites built specifically for impersonation and data theft. The misuse of generative AI also extends into healthcare fraud. 

In a shocking case, a man impersonated renowned cardiologist Dr. N John Camm and performed unauthorized surgeries at a hospital in Madhya Pradesh. At least two patient deaths were confirmed between December 2024 and February 2025. Investigators believe the impersonator may have used manipulated or AI-generated credentials to gain credibility. Cybersecurity professionals are urging more vigilance. CertiK founder Ronghui Gu emphasizes that users must understand the risks of sharing biometric data, like facial images, with AI platforms. Without transparency, users cannot be sure how their data is used or whether it’s shared. He advises precautions such as using pseudonyms, secondary emails, and reading privacy policies carefully—especially on platforms not clearly compliant with regulations like GDPR or CCPA. 

A recent HiddenLayer report revealed that 77% of companies using AI have already suffered security breaches. This underscores the need for robust data protection as AI becomes more embedded in everyday processes. India now finds itself at the center of an escalating cybercrime wave powered by generative AI. What once seemed like harmless innovation now fuels identity theft, document forgery, and digital misinformation. The time for proactive regulation, corporate accountability, and public awareness is now—before this new age of AI-driven fraud becomes unmanageable.

How GenAI Is Revolutionizing HR Analytics for CHROs and Business Leaders

 

Generative AI (GenAI) is redefining how HR leaders interact with data, removing the steep learning curve traditionally associated with people analytics tools. When faced with a spike in hourly employee turnover, Sameer Raut, Vice President of HRIS at Sunstate Equipment, didn’t need to build a custom report or consult data scientists. Instead, he typed a plain-language query into a GenAI-powered chatbot: 

“What are the top reasons for hourly employee terminations in the past 12 months?” Within seconds, he had his answer. This shift in how HR professionals access data marks a significant evolution in workforce analytics. Tools powered by large language models (LLMs) are now integrated into leading analytics platforms such as Visier, Microsoft Power BI, Tableau, Qlik, and Sisense. These platforms are leveraging GenAI to interpret natural language questions and deliver real-time, actionable insights without requiring technical expertise. 

One of the major advantages of GenAI is its ability to unify fragmented HR data sources. It streamlines data cleansing, ensures consistency, and improves the accuracy of workforce metrics like headcount growth, recruitment gaps, and attrition trends. As Raut notes, tools like Visier’s GenAI assistant “Vee” allow him to make quick decisions during meetings, helping HR become more responsive and strategic. This evolution is particularly valuable in a landscape where 39% of HR leaders cite limited analytics expertise as their biggest challenge, according to a 2023 Aptitude Research study. 

GenAI removes this barrier by enabling intuitive data exploration across familiar platforms like Slack and Microsoft Teams. Frontline managers who may never open a BI dashboard can now access performance metrics and workforce trends instantly. Experts believe this transformation is just beginning. While some analytics platforms are still improving their natural language processing capabilities, others are leading with more advanced and user-friendly GenAI chatbots. 

These tools can even create automated visualizations and summaries tailored to executive audiences, enabling CHROs to tell compelling data stories during high-level meetings. However, this transformation doesn’t come without risk. Data privacy remains a top concern, especially as GenAI tools engage with sensitive workforce data. HR leaders must ensure that platforms offer strict entitlement management and avoid training AI models on private customer data. Providers like Visier mitigate these risks by training their models solely on anonymized queries rather than real-world employee information. 

As GenAI continues to evolve, it’s clear that its role in HR will only expand. From democratizing access to HR data to enhancing real-time decision-making and storytelling, this technology is becoming indispensable for organizations looking to stay agile and informed.

ChatGPT Outage in the UK: OpenAI Faces Reliability Concerns Amid Growing AI Dependence

 


ChatGPT Outage: OpenAI Faces Service Disruption in the UK

On Thursday, OpenAI’s ChatGPT experienced a significant outage in the UK, leaving thousands of users unable to access the popular AI chatbot. The disruption, which began around 11:00 GMT, saw users encountering a “bad gateway error” message when attempting to use the platform. According to Downdetector, a website that tracks service interruptions, over 10,000 users reported issues during the outage, which persisted for several hours and caused widespread frustration.

OpenAI acknowledged the issue on its official status page, confirming that a fix was implemented by 15:09 GMT. The company assured users that it was monitoring the situation closely, but no official explanation for the cause of the outage has been provided so far. This lack of transparency has fueled speculation among users, with theories ranging from server overload to unexpected technical failures.

User Reactions: From Frustration to Humor

As the outage unfolded, affected users turned to social media to voice their concerns and frustrations. On X (formerly Twitter), one user humorously remarked, “ChatGPT is down again? During the workday? So you’re telling me I have to… THINK?!” While some users managed to find humor in the situation, others raised serious concerns about the reliability of AI services, particularly those who depend on ChatGPT for professional tasks such as content creation, coding assistance, and research.

ChatGPT has become an indispensable tool for millions since its launch in November 2022. OpenAI CEO Sam Altman recently revealed that by December 2024, the platform had reached over 300 million weekly users, highlighting its rapid adoption as one of the most widely used AI tools globally. However, the incident has raised questions about service reliability, especially among paying customers. OpenAI’s premium plans, which offer enhanced features, cost up to $200 per month, prompting some users to question whether they are getting adequate value for their investment.

The outage comes at a time of rapid advancements in AI technology. OpenAI and other leading tech firms have pledged significant investments into AI infrastructure, with a commitment of $500 billion toward AI development in the United States. While these investments aim to bolster the technology’s capabilities, incidents like this serve as a reminder of the growing dependence on AI tools and the potential risks associated with their widespread adoption.

The disruption highlights the importance of robust technical systems to ensure uninterrupted service, particularly for users who rely heavily on AI for their daily tasks. Despite restoring services relatively quickly, OpenAI’s ability to maintain user trust and satisfaction may hinge on its efforts to improve its communication strategy and technical resilience. Paying customers, in particular, expect transparency and proactive measures to prevent such incidents in the future.

As artificial intelligence becomes more deeply integrated into everyday life, service disruptions like the ChatGPT outage underline both the potential and limitations of the technology. Users are encouraged to stay informed through OpenAI’s official channels for updates on any future service interruptions or maintenance activities.

Moving forward, OpenAI may need to implement backup systems and alternative solutions to minimize the impact of outages on its user base. Clearer communication during disruptions and ongoing efforts to enhance technical infrastructure will be key to ensuring the platform’s reliability and maintaining its position as a leader in the AI industry.

Common AI Promt Mistakes And How To Avoid Them

 

If you are running a business in 2025, you're probably already using generative AI in some capacity. GenAI tools and chatbots, such as ChatGPT and Google Gemini, have become indispensable in a variety of cases, ranging from content production to business planning. 

It's no surprise that more than 60% of businesses believe GenAI to be one of their top goals over the next two years. Furthermore, 87 percent of businesses are piloting or have already implemented generative AI tools in some way. 

But there is a catch. The quality of your inputs determines how well generative AI tools perform. Effective prompting can deliver you accurate AI outputs that meet your requirements, whereas ineffective prompting can take you down the wrong path. 

If you've been struggling to maximise the potential of AI technologies, it's time to rethink the cues you're employing. In this article, we'll look at the most common mistakes people make when asking AI tools questions, as well as how to avoid them. 

What are AI prompts? 

Prompts are queries or commands you give to generative AI tools such as ChatGPT or Claude. They are the inputs you utilise to communicate with AI models and instruct them on what to perform (or generate). AI models develop content based on the prompts you give them. 

The more contextual and specific the questions, the more accurate the AI responds. For example, if you're looking for strategies to increase client loyalty, you can utilise the following generative AI prompt: "What are some cost-effective strategies to improve customer loyalty for a small business?” 

Common AI prompt mistakes 

Being too vague: Neither artificial intelligence nor humans can read minds. You may have a clear image of the problem you're attempting to solve, including limits, items you've explored or done, and potential objections. But, unless you ask a very specific inquiry, neither your human friends nor your AI assistance will be able to pull those images from your thoughts. When asking for assistance, be specific and complete. 

Not being clear about the format: Would you prefer a list, a discussion, or a table? Do you want a comparison of factors or a detailed dive into the issues? The mistake happens when you ask a question but do not instruct the AI on how you want the response to be presented. This mistake isn't just about style and punctuation; it's about how the information is digested and improved for your final consumption. As with the first item on this list, be specific. Tell the AI what you're looking for and what you'll need to receive an answer. 

Not knowing when to take a step back: Sometimes AI cannot solve the problem or give the level of quality required. Fundamentally, an AI is a tool, and one tool cannot accomplish everything. Know when to hold 'em and when to fold them. Know when it's time to go back to a search engine, check forums, or create your own answers. There is a point of diminishing returns, and identifying it will save you time and frustration. 

How to write prompts successfully 

  • Use prompts that are specific, clear, and thorough. 
  • Remember that the AI is simply a program, not a magical oracle. 
  • Iterate and refine your queries by asking increasingly better questions.
  • Keep the prompt on topic. Specify details that provide context for your enquiries.

Meeten Malware Targets Web3 Workers with Crypto-Stealing Tactics

 


Cybercriminals have launched an advanced campaign targeting Web3 professionals by distributing fake video conferencing software. The malware, known as Meeten, infects both Windows and macOS systems, stealing sensitive data, including cryptocurrency, banking details, browser-stored information, and Keychain credentials. Active since September 2024, Meeten masquerades as legitimate software while compromising users' systems. 
 
The campaign, uncovered by Cado Security Labs, represents an evolving strategy among threat actors. Frequently rebranded to appear authentic, fake meeting platforms have been renamed as Clusee, Cuesee, and Meetone. These platforms are supported by highly convincing websites and AI-generated social media profiles. 
 
How Victims Are Targeted:
  • Phishing schemes and social engineering tactics are the primary methods.
  • Attackers impersonate trusted contacts on platforms like Telegram.
  • Victims are directed to download the fraudulent Meeten app, often accompanied by fake company-specific presentations.

Key behaviors include:
  • Escalates privileges by prompting users for their system password via legitimate macOS tools.
  • Displays a decoy error message while stealing sensitive data in the background.
  • Collects and exfiltrates data such as Telegram credentials, banking details, Keychain data, and browser-stored information.
The stolen data is compressed and sent to remote servers, giving attackers access to victims’ sensitive information. 
 
Technical Details: Malware Behavior on Windows 

On Windows, the malware is delivered as an NSIS file named MeetenApp.exe, featuring a stolen digital certificate for added legitimacy. Key behaviors include:
  • Employs an Electron app to connect to remote servers and download additional malware payloads.
  • Steals system information, browser data, and cryptocurrency wallet credentials, targeting hardware wallets like Ledger and Trezor.
  • Achieves persistence by modifying the Windows registry.
Impact on Web3 Professionals 
 
Web3 professionals are particularly vulnerable as the malware leverages social engineering tactics to exploit trust. By targeting those engaged in cryptocurrency and blockchain technologies, attackers aim to gain access to valuable digital assets. Protective Measures:
  1. Verify Software Legitimacy: Always confirm the authenticity of downloaded software.
  2. Use Malware Scanning Tools: Scan files with services like VirusTotal before installation.
  3. Avoid Untrusted Sources: Download software only from verified sources.
  4. Stay Vigilant: Be cautious of unsolicited meeting invitations or unexpected file-sharing requests.
As social engineering tactics grow increasingly sophisticated, vigilance and proactive security measures are critical in safeguarding sensitive data and cryptocurrency assets. The Meeten campaign underscores the importance of staying informed and adopting robust cybersecurity practices in the Web3 landscape.

Tamil Nadu Police, DoT Target SIM Card Fraud in SE Asia with AI Tools

 

The Cyber Crime Wing of Tamil Nadu Police, in collaboration with the Department of Telecommunications (DoT), is intensifying efforts to combat online fraud by targeting thousands of pre-activated SIM cards used in South-East Asian countries, particularly Laos, Cambodia, and Thailand. These SIM cards have been linked to numerous cybercrimes involving fraudulent calls and scams targeting individuals in Tamil Nadu. 

According to police sources, investigators employed Artificial Intelligence (AI) tools to identify pre-activated SIM cards registered with fake documents in Tamil Nadu but active in international locations. These cards were commonly used by scammers to commit fraud by making calls to unsuspecting victims in the State. The scams ranged from fake online trading opportunities to fraudulent credit or debit card upgrades. A senior official in the Cyber Crime Wing explained that a significant discrepancy was observed between the number of subscribers who officially activated international roaming services and the actual number of SIM cards being used abroad. 

The department is now working closely with central agencies to detect and block suspicious SIM cards.  The use of AI has proven instrumental in identifying mobile numbers involved in a disproportionately high volume of calls into Tamil Nadu. Numbers flagged by AI analysis undergo further investigation, and if credible evidence links them to cybercrimes, the SIM cards are promptly deactivated. The crackdown follows a series of high-profile scams that have defrauded individuals of significant amounts of money. 

For example, in Madurai, an advocate lost ₹96.57 lakh in June after responding to a WhatsApp advertisement promoting international share market trading with high returns. In another case, a government doctor was defrauded of ₹76.5 lakh through a similar investment scam. Special investigation teams formed by the Cyber Crime Wing have been successful in arresting several individuals linked to these fraudulent activities. Recently, a team probing ₹38.28 lakh frozen in various bank accounts apprehended six suspects. 

Following their interrogation, two additional suspects, Abdul Rahman from Melur and Sulthan Abdul Kadar from Madurai, were arrested. Authorities are also collaborating with police in North Indian states to apprehend more suspects tied to accounts through which the defrauded money was transacted. Investigations are ongoing in multiple cases, and the police aim to dismantle the network of fraudsters operating both within India and abroad. 

These efforts underscore the importance of using advanced technology like AI to counter increasingly sophisticated cybercrime tactics. By addressing vulnerabilities such as fraudulent SIM cards, Tamil Nadu’s Cyber Crime Wing is taking significant steps to protect citizens and mitigate financial losses.

Microsoft and Salesforce Clash Over AI Autonomy as Competition Intensifies

 

The generative AI landscape is witnessing fierce competition, with tech giants Microsoft and Salesforce clashing over the best approach to AI-powered business tools. Microsoft, a significant player in AI due to its collaboration with OpenAI, recently unveiled “Copilot Studio” to create autonomous AI agents capable of automating tasks in IT, sales, marketing, and finance. These agents are meant to streamline business processes by performing routine operations and supporting decision-making. 

However, Salesforce CEO Marc Benioff has openly criticized Microsoft’s approach, likening Copilot to “Clippy 2.0,” referencing Microsoft’s old office assistant software that was often ridiculed for being intrusive. Benioff claims Microsoft lacks the data quality, enterprise security, and integration Salesforce offers. He highlighted Salesforce’s Agentforce, a tool designed to help enterprises build customized AI-driven agents within Salesforce’s Customer 360 platform. According to Benioff, Agentforce handles tasks autonomously across sales, service, marketing, and analytics, integrating large language models (LLMs) and secure workflows within one system. 

Benioff asserts that Salesforce’s infrastructure is uniquely positioned to manage AI securely, unlike Copilot, which he claims may leak sensitive corporate data. Microsoft, on the other hand, counters that Copilot Studio empowers users by allowing them to build custom agents that enhance productivity. The company argues that it meets corporate standards and prioritizes data protection. The stakes are high, as autonomous agents are projected to become essential for managing data, automating operations, and supporting decision-making in large-scale enterprises. 

As AI tools grow more sophisticated, both companies are vying to dominate the market, setting standards for security, efficiency, and integration. Microsoft’s focus on empowering users with flexible AI tools contrasts with Salesforce’s integrated approach, which centers on delivering a unified platform for AI-driven automation. Ultimately, this rivalry is more than just product competition; it reflects two different visions for how AI can transform business. While Salesforce focuses on integrated security and seamless data flows, Microsoft is emphasizing adaptability and user-driven AI customization. 

As companies assess the pros and cons of each approach, both platforms are poised to play a pivotal role in shaping AI’s impact on business. With enterprises demanding robust, secure AI solutions, the outcomes of this competition could influence AI’s role in business for years to come. As these AI leaders continue to innovate, their differing strategies may pave the way for advancements that redefine workplace automation and decision-making across the industry.

The Growing Role of AI in Ethical Hacking: Insights from Bugcrowd’s 2024 Report

Bugcrowd’s annual “Inside the Mind of a Hacker” report for 2024 reveals new trends shaping the ethical hacking landscape, with an emphasis on AI’s role in transforming hacking tactics. Compiled from feedback from over 1,300 ethical hackers, the report explores how AI is rapidly becoming an integral tool in cybersecurity, shifting from simple automation to advanced data analysis. 

This year, a remarkable 71% of hackers say AI enhances the value of hacking, up from just 21% last year, highlighting its growing significance. For ethical hackers, data analysis is now a primary AI use case, surpassing task automation. With 74% of participants agreeing that AI makes hacking more accessible, new entrants are increasingly using AI-powered tools to uncover vulnerabilities in systems and software. This is a positive shift, as these ethical hackers disclose security flaws, allowing companies to strengthen their defenses before malicious actors can exploit them. 

However, it also means that criminal hackers are adopting AI in similar ways, creating both opportunities and challenges for cybersecurity. Dave Gerry, Bugcrowd’s CEO, emphasizes that while AI-driven threats evolve rapidly, ethical hackers are equally using AI to refine their methods. This trend is reshaping traditional cybersecurity strategies as hackers move toward more sophisticated, AI-enhanced approaches. While AI offers undeniable benefits, the security risks are just as pressing, with 81% of respondents recognizing AI as a significant potential threat. The report also underscores a key insight: while AI can complement human capabilities, it cannot fully replicate them. 

For example, only a minority of hackers surveyed felt that AI could surpass their skills or creativity. These findings suggest that while AI contributes to hacking, human insight remains crucial, especially in complex problem-solving and adaptive thinking. Michael Skelton, Bugcrowd’s VP of security, further notes that AI’s role in hardware hacking, a specialized niche, has expanded as Internet of Things (IoT) devices proliferate. AI helps identify tiny vulnerabilities in hardware that human hackers might overlook, such as power fluctuations and unusual electromagnetic signals. As AI reshapes the ethical hacking landscape, Bugcrowd’s report concludes with both a call to action and a note of caution. 

While AI offers valuable tools for ethical hackers, it equally empowers cybercriminals, accelerating the development of sophisticated, AI-driven attacks. This dual use highlights the importance of responsible, proactive cybersecurity practices. By leveraging AI to protect systems while staying vigilant against AI-fueled cyber threats, the hacking community can help guide the broader industry toward safer, more secure digital environments.

AI Tools Fueling Global Expansion of China-Linked Trafficking and Scamming Networks

 

A recent report highlights the alarming rise of China-linked human trafficking and scamming networks, now using AI tools to enhance their operations. Initially concentrated in Southeast Asia, these operations trafficked over 200,000 people into compounds in Myanmar, Cambodia, and Laos. Victims were forced into cybercrime activities, such as “pig butchering” scams, impersonating law enforcement, and sextortion. Criminals have now expanded globally, incorporating generative AI for multi-language scamming, creating fake profiles, and even using deepfake technology to deceive victims. 

The growing use of these tools allows scammers to target victims more efficiently and execute more sophisticated schemes. One of the most prominent types of scams is the “pig butchering” scheme, where scammers build intimate online relationships with their victims before tricking them into investing in fake opportunities. These scams have reportedly netted criminals around $75 billion. In addition to pig butchering, Southeast Asian criminal networks are involved in various illicit activities, including job scams, phishing attacks, and loan schemes. Their ability to evolve with AI technology, such as using ChatGPT to overcome language barriers, makes them more effective at deceiving victims. 

Generative AI also plays a role in automating phishing attacks, creating fake identities, and writing personalized scripts to target individuals in different regions. Deepfake technology, which allows real-time face-swapping during video calls, is another tool scammers are using to further convince their victims of their fabricated personas. Criminals now can engage with victims in highly realistic conversations and video interactions, making it much more difficult for victims to discern between real and fake identities. The UN report warns that these technological advancements are lowering the barrier to entry for criminal organizations that may lack advanced technical skills but are now able to participate in lucrative cyber-enabled fraud. 

As scamming compounds continue to operate globally, there has also been an uptick in law enforcement seizing Starlink satellite devices used by scammers to maintain stable internet connections for their operations. The introduction of “crypto drainers,” a type of malware designed to steal funds from cryptocurrency wallets, has also become a growing concern. These drainers mimic legitimate services to trick victims into connecting their wallets, allowing attackers to gain access to their funds.  

As global law enforcement struggles to keep pace with the rapid technological advances used by these networks, the UN has stressed the urgency of addressing this growing issue. Failure to contain these ecosystems could have far-reaching consequences, not only for Southeast Asia but for regions worldwide. AI tools and the expanding infrastructure of scamming operations are creating a perfect storm for criminals, making it increasingly difficult for authorities to combat these crimes effectively. The future of digital scamming will undoubtedly see more AI-powered innovations, raising the stakes for law enforcement globally.