Artificial Intelligence is Raising Cyber Threats
AI-enabled attacks are coming faster and more often. Here’s a security update and some advice on how to be prepared.
To help you understand the trends surrounding business and technology and what we expect to happen in the future, our highly experienced Kiplinger Letter team will keep you abreast of the latest developments and forecasts. (Get a free issue of The Kiplinger Letter or subscribe.) You'll get all the latest news first by subscribing, but we will publish many (but not all) of the forecasts a few days afterward online. Here's the latest…
Artificial intelligence has a growing list of productive business uses. But it’s also leaving companies and individuals more vulnerable to cyberattacks.
The speed and volume of threats are the biggest shift. AI is “accelerating attacks from months to hours,” according to a Verizon data breach report from May. And recent AI advances have sparked new panic over critical digital infrastructure used by big banks, governments and other organizations.
Cutting-edge AI models stoke new fears
AI cyber fears hit a boiling point this year. It started with Anthropic’s Mythos AI model, which rapidly found and exploited security flaws in widely trusted software after its April launch. OpenAI has a similar capability. Both have partnered with security firms such as Cisco, Palo Alto Networks and CrowdStrike to help companies patch software. The U.S. government is very concerned and has recently banned foreign nationals from accessing Mythos.
Some advice for businesses:
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
- Don’t panic. The threat requires attention, but it’s not totally new.
- Focus on patching critical systems first and regularly push software updates.
- Make sure only approved people can use certain digital tools by having strong access controls.
- Use multifactor authentication — the process of combining a username with a password and a PIN or a biometric for logins.
- Physical security keys, such as Yubico’s YubiKeys, are another way to protect against unauthorized access.
- Other essential cyber protections, such as firewalls and antivirus scanners, help fortify defenses.
Note that AI will help find and fix flaws faster, too. “Bad guys can use AI to find vulnerabilities and rapidly create attacks, and software developers should be able to use the same technology to more rapidly (as in before releasing bad code) create hardened versions of code,” noted John Pescatore, director of emerging security trends at the SANS Institute, in an April newsletter.
Other leading AI threats that require urgent attention
The risks of agentic AI
Agentic AI does complex multi-step tasks, from building an app to managing inventory. “AI agents aren’t coming, they are already here,” said Saira Mohammed, Microsoft’s chief security advisor, at a recent Gartner cybersecurity conference in Maryland. 80% of Fortune 500 companies are deploying AI agents, according to Microsoft.
Agents risk data leaks, unauthorized transactions, compliance violations and other harms. “Agents can expose more data in five minutes than a careless employee could in a month,” said Mohammed. Companies can implement guardrails and a set of permissions to limit what’s allowed. Tools can track AI usage, risky actions, stolen credentials, off-hours use, data access and more. These include Microsoft Agent 365, which tracks agents from both Microsoft and third parties, and ReliaQuest, which has a tool to track Anthropic’s Claude.
Threats from AI chatbots
Chatbots such as OpenAI’s ChatGPT and Google’s Gemini have security risks that are hard to mitigate. These include users crafting prompts to bypass guardrails; the chatbots divulging company secrets or data; or AI systems being corrupted by data they’re trained on. Firms can start by blocking or restricting certain prompts (the text workers type into the chatbot). Specific AI tools can be blocked on company devices and networks, and sensitive company data can be blocked from public AI tools.
Also have an approval process for new uses of AI to ensure security, privacy and regulatory compliance, said John Murphy, a Gartner analyst, at the conference.
Fears about deepfakes
AI makes it easy to fabricate videos and photos of real or fake people. Deepfakes can infiltrate video conferences, place phone calls or side-step biometric authentication. One example is attackers impersonating an executive to request money transfers from an unsuspecting employee. Detection tools from vendors such as iProov, Pindrop and Reality Defender scan audio and video for fakes, but they’re not foolproof.
Studies show AI deepfake detection working better in the lab than in the real world, said Christine Lee, a Gartner analyst, at the conference. Companies should educate employees about the attacks, along with using strong login security. Low-tech approaches should be combined with high-tech ones, such as asking personal questions to verify someone’s identity.
Employees misusing AI
Company guardrails need to be built into chatbots and agents, as well as clear guidance for employee use. Specify what data and files workers are allowed to upload into AI tools, for example. Shadow AI, the use of unapproved AI at work, has surged over the past year and is one of the top ways company data is unintentionally leaked, according to the Verizon report.
Education helps, such as AI literacy training about possible attacks, data risks and how AI works. Even AI power users need training, as they may not realize all the cyber risks. Also track AI tools to uncover suspicious activity, ranging from data leakage to shadow AI.
Cyber best practices are still the best line of defense
In addition to these AI threats, there’s still ransomware, phishing attacks, software supply chain risks and much more.
Security experts say to focus on the basics. Inventory your data and devices. Encrypt data and keep backups. Discard unused data and IT. Use automated patching. Use e-mail filters to fight phishing. Change default credentials on IT systems and apps. Keep an updated incident response plan for data breaches. Have regular cyber training.
Trustworthy resources for AI threats include MITRE Atlas and NIST’s AI Risk Management Framework.
This forecast first appeared in The Kiplinger Letter, which has been running since 1923 and is a collection of concise weekly forecasts on business and economic trends, as well as what to expect from Washington, to help you understand what’s coming up to make the most of your investments and your money. Subscribe to The Kiplinger Letter.
Related Content
