Wiz chief technologist Ami Luttwak on how AI is transforming cyberattacks (techcrunch.com)

AI is reshaping both offense and defense in cybersecurity: Wiz chief technologist Ami Luttwak warns that AI-driven development (so-called “vibe coding”), prompt-based attacks, and autonomous attacker agents are expanding the enterprise attack surface and accelerating exploit chains. Wiz’s tests found common missteps—especially insecure authentication—emerging from fast, AI-assisted development. Real-world incidents like the Drift breach (attackers stole tokens to impersonate chatbots, query Salesforce, and move laterally) and the “s1ingularity” compromise of the Nx build system (malware detected and hijacked AI dev tools like Claude/Gemini to autonomously scan for secrets, stealing developer tokens and GitHub access) show attackers are embedding AI at every stage of intrusion. The implications are urgent: speed-first AI adoption increases “security debt” and enables supply-chain pivoting through third-party tools with broad infra access. Wiz is responding by shifting from cloud configuration scanning to AI-aware offerings—Wiz Code (secure SDLC checks) and Wiz Defend (runtime threat detection/response)—and urges “secure by design” practices: appoint a CISO early, enforce authentication, audit logs, SSO, SOC2 readiness, and architect systems so customer data remains in customer environments. For defenders and startups alike, the window for building new AI-era security tooling—phishing, endpoint, workflow automation, and “vibe security”—is wide open, but speed must be matched by stronger, AI-native security controls.