Cybersecurity experts: Old threats growing more dangerous in the age of AI

(TNND) — A new alert from the "Five Eyes" intelligence-sharing alliance, including the U.S., warns governments, businesses and other organizations about fast-moving, supercharged cybersecurity threats driven by artificial intelligence.

The alert also urges organizations to fight fire with fire, deploying AI to fight off cyberattacks.

The alliance, which includes Australia, Canada, New Zealand and the U.K., said governments and businesses must act swiftly to stay ahead of the AI threat.

“Frontier AI models are anticipated to exceed current industry expectations, fundamentally transforming both offensive and defensive cyber capabilities,” the joint statement released Monday reads. “The timeline is not years, it is months.”

Cybersecurity expert Demetrice Rogers, who teaches at Tulane University, said the “Five Eyes” statement wasn’t breaking news. Security experts are already aware of the threats laid out by the agencies. But Rogers said it’s a valuable reminder that AI amplifies existing cybersecurity risks.

C. Jordan Howell, a criminologist and cybersecurity expert who teaches at the University of South Florida, similarly said that security professionals have been discussing AI-enabled cyber threats for some time.

“What is different is that the threat is becoming more operational, more scalable, and harder for non-specialists to fully understand,” Howell said via email.

Both Rogers and Howell said AI isn’t creating new categories of cyber threats. Rather, the powerful new technology is arming bad actors with more efficient and believable attacks.

“Phishing messages become more polished. Social engineering becomes more personalized. Malware development and vulnerability discovery can become faster. Fraud attempts can be adapted to specific victims with less effort,” Howell said. “In that sense, AI lowers the barrier to entry for less sophisticated offenders while also giving more capable actors a force multiplier.”

The “Five Eyes” alert urges governments and businesses to treat defense against AI threats as “a core business risk and leadership responsibility” rather than just a technical issue.

AI shrinks the window to react to breaches, the alliance said.

Success will come from getting the basics right, like multilayer security, and acting quickly.

Despite the risk of AI in the wrong hands, Rogers said he thinks the technology will ultimately be a net positive for cybersecurity.

“Just as attackers are using AI to increase their skills and make their attack stronger, there are multiple tools, multiple companies that are working towards integrating AI to help with defense,” Rogers said.

The new warning comes on the heels of Anthropic pulling a pair of models from the market to address a Trump administration concern over national security vulnerabilities.

Rogers said any number of advanced AI models, not just those from Anthropic, carry concerns that “jailbreaking” could allow bad guys to bypass their safeguards. But he said the big AI developers have the ability to properly vet their software so they can catch potential security gaps before release.

RELATED STORY: White House move against Anthropic sparks AI safety debate

Howell said organizations can’t entirely stop AI-powered cyberattacks, but they can reduce the impact. And he said organizations should move toward adaptive defenses that assume criminal tactics will keep evolving.

“The organizations that will struggle most are those treating AI-driven cyber threats as a future problem,” Howell said. “It is already here, but in many cases it is showing up through ordinary attacks that are simply faster, more persuasive, and more scalable than before.”

Rogers said individuals can also take steps to protect their information in the age of AI.

“I always tell people, be mindful of what you put into AI,” he said. “I know some people who upload all of their personal information and documents.”

He said that’s risky, as there’s no guarantee how well AI companies will protect personal data or that the information won’t end up in an unintended database somewhere.

And Rogers said phishing attacks remain a big problem, increasingly hard to detect, thanks to AI.

“Be skeptical of every email that you get,” Rogers said. “Even as a seasoned cyber professional, some of the emails that even I have received lately that have been generated using AI, I have to take a second look at, because they are so believable now.”