The cyber kill chain is one of the most obvious examples of how AI is affecting cybersecurity. During the reconnaissance phase, AI can quickly analyze existing public information, locate vulnerable infrastructure, draw maps of technology stacks, and priorities potential targets. Tasks that once required significant manual effort and human expertise can now be automated and executed continuously. Things that used to take a lot of manual effort can now be done automatically and continuously. Initial access is also speeding up.
Phishing emails created by AI are more believable than ever, and can be customized to specific people, industries, and organizations. In minutes, attackers can send hundreds of customized messages, continually refining them for greater impact.
After being placed in an environment, AI can be used to support privilege escalation and lateral movement, by recognizing relationships among systems, users, and services. Automated analysis of permissions and trust relationships enables a compromise of the environment to take place more efficiently than traditional manual techniques.
Attack discovery and exfiltration in the last stages of an attack also can be automated. Sensitive files can be identified, prioritized, and extracted so much faster than previous times. The net effect is straightforward: Attackers are on the offensive.
