A new challenge for cybersecurity
The dark side of automation and the rise of AI agents
Automation and artificial intelligence (AI) have seen tremendous growth in recent years. From chatbots handling customer service to advanced algorithms optimising business processes, the benefits are clear: efficiency, scalability and cost savings. However, as with any technological advancement, there is a dark side. Cybercriminals are increasingly exploiting these technologies, and the rise of so-called AI agents brings new risks. In this in-depth article, we explore the dark side of automation, with a particular focus on the emergence of AI agents and their impact on cybersecurity.
TEXT: SANDER HULSMAN IMAGE: SHUTTERSTOCK
Automation has opened doors not only for legitimate businesses, but also for cybercriminals. Where hackers once had to carry out attacks manually, they can now use automated tools to exploit vulnerabilities on a large scale. Think of phishing campaigns that can send thousands of emails per minute thanks to automation, or malware that automatically spreads through infected networks.
Advanced features
An example of this trend is the growing popularity of malware-as-a-service (MaaS). Cybercriminals can purchase ready-made malware from darknet marketplaces, which can then be deployed with minimal technical knowledge. These tools often come equipped with advanced features, such as automatically scanning systems for vulnerabilities or encrypting files for ransomware attacks.
‘AI agents are not only more powerful but also harder to detect and combat’
Why so powerful?
AI agents are software programs designed to perform tasks autonomously, often using machine learning and other AI techniques. Unlike traditional software, which strictly follows its programming, AI agents can learn from experience and adapt their behaviour to new situations.
In a legitimate context, AI agents are already widely used. Think of chatbots that answer customer queries, algorithms that analyse financial transactions for fraud, or systems that optimise supply chains. These agents are designed to work efficiently and accurately, often without human intervention.
But in the hands of cybercriminals, AI agents take on a very different role. They can be deployed for a wide range of malicious activities, from generating realistic phishing emails to identifying and exploiting vulnerabilities in systems. The self-learning nature of these agents makes them particularly dangerous, as they can continuously adapt to new security measures.
How used in cybercrime?
The possibilities for AI agents in cybercrime are almost endless. Here are some examples of how they are currently being deployed:
- Advanced phishing attacks:
Traditional phishing emails are often recognisable by poor grammar or unnatural language. With AI, however, cybercriminals can generate realistic, personalised messages that are difficult to distinguish from the real thing. For example, AI agents can analyse social media profiles to gather personal information, which is then used to create credible messages. This makes it harder for users to recognise phishing attempts. - Automated vulnerability scanning:
AI agents can be programmed to scan systems for vulnerabilities. Unlike traditional tools, that rely on known patterns, AI agents can identify new vulnerabilities by detecting anomalous behaviour. This makes them particularly effective at finding zero-day exploits, that have not been patched. - Adaptive malware:
Malware powered by AI agents can adapt to the environment in which it operates. For example, it can hide from detection by antivirus software or change its behaviour based on the defence mechanisms it encounters. This makes it much harder for cybersecurity professionals to identify and remove the malware. - Large-scale social engineering:
AI agents can be used to target large numbers of social media accounts with targeted messages. Using natural language processing (NLP), these agents can engage in credible conversations, making victims more likely to share sensitive information.
‘Cybercriminals can continuously adapt their tools’
Impact on cybersecurity
The rise of AI agents poses new challenges for cybersecurity professionals. Traditional security measures, such as firewalls and antivirus software, are often no match for these advanced attacks. Cybercriminals can continuously adapt their tools, making signature-based detection methods less effective.
Another issue is the scale at which attacks can be carried out. Using AI agents, cybercriminals can target vast numbers of systems in a short period of time. This makes it harder for organisations to defend themselves, especially if they lack the necessary resources or expertise.
In addition, the self-learning capabilities of AI agents create an asymmetric battle. While cybersecurity professionals often work reactively – responding to attacks after they have occurred – AI agents can proactively identify and exploit new vulnerabilities. This gives cybercriminals a significant advantage.
How to defend?
To protect themselves from the threat of AI agents, organisations must adapt their cybersecurity strategies. Here are some key steps:
- Invest in AI-driven security:
Just as cybercriminals use AI, organisations can use this technology to detect and prevent attacks. AI-driven security systems can detect anomalous behaviour and respond to threats in real time. For example, behavioural analytics systems can identify suspicious activity before it causes damage. - Focus on awareness:
Advanced phishing attacks are difficult to detect, but well-trained employees remain the first line of defence. Regular training sessions can help raise awareness and teach employees how to recognise and report suspicious activity. - Implement Zero Trust architectures:
In a Zero Trust model, every request for access to systems is verified, regardless of its source. This reduces the risk of unauthorised access, even if an attacker manages to breach the perimeter. - Keep systems up to date:
Cybercriminals often exploit known vulnerabilities. By regularly updating software and systems, organisations can minimise these risks. This includes not only installing patches but also regularly reviewing security configurations. - Collaboration and information sharing:
Cybersecurity is a shared responsibility. By collaborating with other organisations and sharing information about new threats, organisations can better prepare for attacks. This can be done through industry-wide initiatives or information-sharing platforms. - Ethics and regulation:
In addition to technological measures, there is a need for ethical guidelines and regulation around the use of AI. This can help prevent the misuse of AI agents and ensure that this technology is deployed responsibly.
‘The rise of AI agents has taken cybercrime to a new level’
Conclusion
Automation and AI offer immense opportunities, but they also bring new risks. The rise of AI agents has taken cybercrime to a new level, with advanced and large-scale attacks that are difficult to detect and combat. For organisations, it is crucial to proactively invest in cybersecurity and adapt to these evolving threats.
Only through a combination of technology, training, collaboration, and regulation can we tackle the dark side of automation. The fight against AI-driven cybercrime is complex, but with the right approach, organisations can arm themselves against this new generation of threats.
This article is based on insights from Group-IB’s blog on the dark side of automation and the rise of AI agents. More information can be found at www.group-ib.com.
