How AI's evolution is redefining risks (www.techradar.com)

The evolution of AI technology has introduced a new dimension to cybersecurity, whereby AI is not only a weapon for attackers or a shield for defenders but also an attack surface that cybercriminals aim to exploit. While AI enhances the efficiency and scale of cyberattacks, as seen with groups like Storm-0817 using it to develop malware and Black Basta crafting multilingual phishing emails, it concurrently empowers organizations to bolster their defenses. The emergence of AI as an attack vector, such as in the recent EchoLeak campaign against Microsoft 365 Copilot, underscores the growing risk of threats like unauthorized AI tools, or Shadow AI, leaking sensitive corporate data. This third edge of AI emphasizes the importance of a balanced approach in cybersecurity, advocating for a “Secure AI” framework that focuses on protecting AI systems while leveraging their advantages. Organizations are encouraged to adopt a human-centric security strategy that acknowledges AI's dual capabilities for offense and defense. This involves utilizing AI for threat detection and response, thereby enhancing overall cybersecurity efforts. As cybercriminals continue to enhance their AI capabilities, the need for informed, proactive security measures becomes critical in mitigating the risks associated with AI's rapidly evolving role in cybersecurity.