New AI tools, built to help businesses discover and fix their own security weaknesses, are being taken away by cybercriminals, used as catastrophic hacking weapons that lift their heads and take advantage of zero-day vulnerabilities.
According to a report from cybersecurity company Checkpoint, a framework called Hex Strike Eye is a turning point that security experts are scaring, and the pure power of AI is placed directly in the hands of those who want to do harm.
Tools for good, twist for evil
Hex Strike – Eye was assumed to be one of the good guys. The creator described it as an “innovative AL-driven offensive security framework” designed to help security experts better protect their organizations like hackers.
Think of it as the AI ”brain” that functions as a conductor for a digital orchestra. It directs over 150 special AI agents and security tools to test your company’s defenses, find and report weaknesses, such as zero-day vulnerabilities.
problem? What makes the tool great for defenders is also very appealing to attackers. Soon after its release, the dark web chatter lit up. The malicious actors didn’t just discuss the tools. They were actively thinking about how to weaponize it.
Competition with zero-day vulnerabilities has been shortened
The timing of this AI hacking tool could not be worse. Just as Hexstrike-AI came across, Citrix has announced three major “zero-day” vulnerabilities in its popular Netscaler product. Zero Days are so new that there is zero days to create patches, and businesses are completely exposed.
Typically, you need a very skilled hacker and a team of work, if not a few weeks, to take advantage of such complex flaws. With Hexstrike-AI, the process has been reduced to less than 10 minutes.
The AI brain does all heavy lifting. An attacker can give simple commands like “Exploit Netscaler” and the system automatically knows the best tools to use and the exact steps to take. Democratize hacking by turning it into a simple, automated process.
As one Cybercriminal boasts on the underground forum, “To see how everything works without participation is just a song. I’m no longer a coder worker, I’m an operator.”
What these new AI hacking tools mean for enterprise security
This is more than just a problem for large companies. The speed and scale of these new AI-powered attacks means that the windows to protect businesses from zero-day vulnerabilities have been dramatically reduced.
Checkpoints encourage organizations to take immediate action.
- Patch: The first and most obvious step is to apply the released fix to a Netscaler vulnerability released by Citrix.
- Fighting fire with fire: Humans can no longer keep up, so it’s time to adopt AI-driven defense systems that can detect and respond to threats at machine speed.
- Speed up your defense: The days that took several weeks to apply the security patch are over.
- Hear the whisper: Dark web chat monitoring is no longer an option. This is the source of intelligence that can give you a much-needed head start on your next attack.
What once felt like a theoretical threat is now very realistic and presently dangerous. As AI is now an aggressively weaponized hacking tool to exploit zero-day vulnerabilities, the game is changing and its approach to security must change.
reference: AI Security Wars: Can Google Cloud defend against tomorrow’s threats?
Want to learn more about AI and big data from industry leaders? Check out the AI & Big Data Expo in Amsterdam, California and London. The comprehensive event is part of TechEx and will be held in collaboration with other major technology events. Click here for more information.
AI News is equipped with TechForge Media. Check out upcoming Enterprise Technology events and webinars here.
