- AI agents could be used to build and send phishing -attack
- Symantec researchers were able to get the operator to send a malicious e -mail
- These tools are only likely to become more powerful
Cyber criminals have used AI to help them in cyberattacks for some time, but the introduction of “agents”, as Openais operator, now means that criminals have much less work to do themselves, experts have claimed.
Previously, AI tools had been seen that helped attackers sending high-ridden threats to a much faster speed where the sophisticated attacks more often than could have been imagined without the tools and the lowered bar for criminals so that even relatively low-sparked cyber criminals could build successful attacks.
Now, Symantec researchers have been able to use operator to identify a goal, find their E -mail address, create a PowerShell script aimed at collecting information information and sending it to the victim using a “convincing lure.”
Agents geared
In a demonstration, researchers explained that their first attempt failed, with operator who refused to continue ”as it involves sending unsolicited E emails and potentially sensitive information. This can violate privacy and security policies. “
With a few adjustments to the prompt, however, the agent created an attack that mimics an IT support worker and sent the malicious e email. This poses a serious risk of security teams where research consistently shows that human error is the primary cause of over two -thirds of data violations.
It may not be long “before the agents become much more powerful, the report speculates. “It’s easy to imagine a scenario where an attacker could simply instruct one to” violate Acme Corp, “and the agent will determine the optimal steps before performing them.”
“This may include writing and compiling executable substances, setting up command and control infrastructure and maintaining active, multi-day persistence on the targeted network. Such a functionality would massively reduce the obstacles to the entrance of attackers. “
AI agents are designed to be as virtual assistants, help users book appointments, plan meetings and write e emails. Openai takes “these kinds of reports seriously,” a spokesman told Techradar Pro.
“Our use policies prohibit from using Openai services or products to facilitate or participate in illegal activity, including attempts to scam, scam or intentionally deceive or mislead others, and we have proactive safety limits and strict speed limits in place to reduce harmful use. The operator is still a research example and we are constantly improving and improving.”
