CISOOnline

This AI agent autonomously hacked a network, adapted on the fly, and demanded a ransom

Adaptive decision making is the biggest concern, he said. “Traditional detections assume attackers follow fairly predictable paths. An AI agent can quickly change tactics if something is blocked, making every intrusion look slightly different. I’m less worried about the encryption stage than the quiet phase beforehand, where the agent maps identities, privileges, and trust relationships while avoiding detection.”

Rather than focusing on individual tools, defenders should prioritize detecting attacker behavior, including suspicious identity activity, privilege escalation, abnormal authentication patterns, and unusual sequences of actions across systems, Dubey said.

Although AI lowers the operational barrier for ransomware campaigns, it does not replace experienced attackers, he added. “Where AI makes a difference is helping less experienced operators chain together post-exploitation activities more effectively. Defenders should assume future intrusions will move faster and require less hands-on interaction from the attacker.”



Source link