Google Threat Intelligence Group (GTIG) reports a significant maturation in how adversaries leverage AI, shifting from initial experimentation to industrial-scale application in cyber operations. This report, based on insights from Mandiant, Gemini, and GTIG research, highlights AI's dual role: it serves as a sophisticated engine for adversary operations and concurrently as a high-value target for attacks. Key developments include AI-augmented vulnerability discovery, advanced defense evasion techniques, and autonomous malware operations.
Adversaries are now using AI for zero-day exploit development, accelerating polymorphic malware creation, and orchestrating autonomous attacks like PROMPTSPY for system navigation and decision-making. AI also enhances reconnaissance, information operations (e.g., deepfakes), and provides obfuscated, scalable access to LLMs for malicious activities. Furthermore, the AI ecosystem itself is a target, with supply chain attacks leveraging compromised components and malicious AI agent skills. Google actively counters these threats through product safeguards, AI-powered defenses like Big Sleep and CodeMender, and industry collaboration via the Secure AI Framework (SAIF) and Coalition for Secure AI (CoSAI).
Top comments (0)