The world of cybersecurity is undergoing a significant transformation as AI becomes an increasingly powerful tool in the hands of malicious actors. In this article, we'll delve into the findings of a recent report that sheds light on the evolving nature of cyber threats and the challenges they pose to traditional security frameworks.
The Rise of AI-Enabled Cyberattacks
AI is revolutionizing the cyberattack landscape, making threat actors more dangerous and autonomous. Our analysis of 832 banned accounts reveals a disturbing trend: AI is being used in the later, more complex stages of cyber operations, enabling less sophisticated actors to carry out highly technical tasks.
For instance, AI is now being employed to assist with "lateral movement," a complex maneuver that involves navigating deep inside a compromised network. This was once the domain of highly skilled hackers, but AI has democratized these advanced techniques.
Blurred Lines: Assessing Threat Levels
Traditionally, security teams have assessed the risk level of a cyberattacker based on factors like the number of techniques employed and the tools used. However, our research suggests that these indicators are becoming less reliable.
With AI performing highly technical tasks, the skill level of a threat actor is no longer directly correlated with the number of techniques they use. Similarly, the specific platform or interface used by an actor doesn't provide a clear indication of their risk level.
What seems to matter more is where in the attack life cycle an actor applies AI. Higher-risk actors tend to concentrate AI usage on operationally demanding techniques, such as account discovery and privilege escalation, rather than just gaining initial access.
The Limitations of Security Frameworks
The MITRE ATT&CK framework, a widely used database of cyberattack tactics and techniques, doesn't fully capture the unique behaviors of AI-enabled attackers. Many of the advanced behaviors exhibited by the highest-risk actors, such as agentic orchestration and real-time decision-making, are not currently included in the framework.
This was evident in the case of a state-sponsored cyber espionage operation we disrupted. Despite using a comparable number of techniques to medium-risk actors, this operation earned the maximum risk score of 100 when assessed using our risk-scoring methodology.
Looking Ahead: Adapting to the AI Revolution
The findings of this analysis have important implications for the development of safeguards and the evolution of security frameworks. At Anthropic, we're committed to staying ahead of these evolving tactics and ensuring that the most powerful tools are in the hands of defenders.
We've already taken steps to integrate cyber safeguards into our models and are in discussions with MITRE to enhance the ATT&CK framework to better address AI-enabled behaviors. Additionally, we're expanding Project Glasswing to provide more organizations with the tools to combat these threats.
As AI continues to advance, the challenge of defending against cyber threats will only grow more complex. It's crucial for the security community to adapt and evolve, ensuring that our frameworks and strategies remain effective in this new era of AI-enabled cyber warfare.
