Cyber Security

AI-powered breaches provide a wake-up call to respond to the incident

Enterprises have worked for years to improve detection and response times in the face of sophisticated attacks that rely on manual hacking and on-premise techniques. AI now threatens to undo those efforts.

An increasing number of threat actors are automating all stages of the attack, including coordinated movements using powerful LLM agents, which significantly reduces the time from initial access to deep environmental damage.

“The real change is speed, scale, and orchestration: traditional cloud attack techniques are being used faster and in more places than defenders can properly contain,” wrote researchers from the security company Sygnia last week in a report on the compromise of the cloud environment assisted by AI.

Sygnia’s report came on the heels of a study from Sysdig into a cyber intrusion and fraud campaign that was pulled off by an independent AI agent. Actions performed by the agent include harvesting credentials, mapping internal services, and establishing persistence.

What both cases show is that AI attacks are more successful than LLM-written malware scripts and phishing traps in managing all stages of the attack chain, including parts that previously required human reasoning and command execution by hands-on environment.

Last month researchers at the University of Toronto revealed that they had managed to create a self-replicating worm that can automatically detect and exploit vulnerabilities in many simulated systems. The researchers achieved this by using an open-weighted AI model and building an attack harness to keep it on track.

While it may come as no surprise to security experts that this level of AI-assisted attack automation is already happening in the wild, it’s unlikely that many companies will have time to adjust their defenses.

“This exposes a reality that all security professionals must face: Most breaches will not depend on advanced AI, but on undocumented systems, exposed resources, and weak identity controls,” Gidi Cohen, CEO and founder of AI security startup Bonfy.ai, tells CSO. “AI just makes those gaps impossible to ignore. The organizations that will struggle aren’t the ones that don’t have AI defenses in place; they’re the ones that still rely on the security of human speed in an environment that threatens machine speed.”

There is no need for zero days

As U of Toronto research has well demonstrated, AI agents don’t need zero-day vulnerabilities to infiltrate the environment, because many environments have systems and applications with known bugs and common vulnerabilities.

The attack documented by Sysdig, whose researchers call it JadePuffer, used an old vulnerability (CVE-2025-3248) in Langflow, a tool for building AI agents. In a new attack documented by Sygnia, attackers exploited a vulnerability in a web application that allowed them to obtain AWS key storage. From there they quickly pass through the victim’s cloud with the help of AI automation.

“A threat actor wasn’t using a single misconfiguration; they were combining vulnerabilities across application services, AWS services, source control repositories, CI/CD workflows, runtime components, and data stores, while rapidly deploying data discovery, secret harvesting, cloud computing, deployment pipeline exploitation, access, data manipulation for researchers.

Like the JadePuffer case, the attackers listed by Sygnia were focused on extorting the victim’s money. To achieve this, they compromise as many AWS instances as possible, extracting data but also setting up multiple persistence points in the AWS environment. The aim was to put pressure on the victim by showing that despite rescue efforts they still had access to nature.

Speed ​​is a new game

When sophisticated attackers break into a site they often spend weeks or even months moving to other systems. This is partly because it takes time for a group of people to gain a complete understanding of the environment and to find where the most important values ​​are.

This work is also often trial and error: Attackers perform further tests to discover the network topology, find exploitable weaknesses in additional systems, and search for stored credentials that can provide access to additional targets, all the while using existing OS tools or common system management techniques that will not trip malware and intrusion detection systems.

Active threat hunting is one way to combat such techniques designed to avoid automatic detection. When hunting for threats, human analysts manually scan an organization’s network and systems for signs of compromise that tools might have missed. This is a slow but effective form of defense – but only if the attackers are active at the same time.

“Traditional incident response often relies on the assumption that an attacker’s progress will generate enough visual signals for defenders to investigate and contain the activity before access is extended to the entire environment,” Sygnia researchers wrote in their report. “The observed attack pattern challenged this assumption. Traceability demonstrated rapid, repeatable work with automated or AI-assisted workflows for credential harvesting, permission analysis, vulnerability discovery, and attack path mapping, allowing intrusions to proceed through multiple stages in a compressed time frame.”

And it wasn’t a matter of simple automated scripts going through an offensive playbook, but a stream of work that showed clear signs of adapting to the environment. All new accesses were quickly evaluated and led to actions tailored to that specific system, be it an EC2 instance, an S3 bucket, a SQL database, or a CI/CD runner on GitHub.

Prevention is back in the open

The obvious answer to AI-assisted attacks is AI-assisted defense. But the mere presence of powerful AI features in detecting and responding to products is no guarantee of stopping such fast and dynamic attacks. Organizations must ensure that all these tools and workflows are well integrated into a structured process across their different teams.

In addition, this attack shows the importance of deep defense actions such as continuous configuration verification, fast patch deployment, regular secret rotation, network isolation, IP-based access control rules, using the principle of least privilege authentication, limiting administrative rights, enabling multi-factor authentication, and separating cloud work.

Sygnia also recommends developing automated response playbooks that can be quickly adjusted and implemented when potential vulnerabilities are detected.

“The level of ability to run a ransomware operation has come down to the cost of managing an agent,” Dray Agha, senior manager of intelligence response at security firm Huntress, tells CSO. “Middle hackers can now ‘scale up’ their impact on AI. That should worry defenders more than any new approach, as many attackers say, over and over again, against the long tail of unencrypted, exposed infrastructure.”

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button