In an era where the cyber threats become the number one risk for organisations, the National Cyber Resilience Centre (NCRC) issues a stark warning: AI is set to amplify the scale and impact of cyberattacks, enabling a broader spectrum of malicious actors.

I want to share with you my current thoughts, as part of my on going research into the malicious use of AI in cybersecurity. The primary purpose of my research is to answer this question. Will AI fundamentally changing the nature of cyberattacks? I ask this question because I what to know if we are ready for an AI enable cyberattack and is our current capability fit for the new threat?

In a previous post, I defined the concepts of use or cyberattack use cases. Now I want to share with you the characteristics of an AI enabled attack.

Characteristics of an AI enable cyberattack

In a future landscape of AI-driven cyber threats, AI enabled cyberattacks will be characterised by their unprecedented speed, precision, agility, and scale, fundamentally changing the nature of cybersecurity. Here is a my breakdown of the defining characteristics of an AI enable cyberattack:

Speed: AI cyber threats will launch at extraordinary speeds, uncovering and capitalising on vulnerabilities more swiftly than we've witnessed before, affording scant time for human-led responses or the activation of conventional security protocols.

Accurate: Targeted with pinpoint accuracy, these attacks will zero in on specific vulnerabilities or objectives, ensuring that their impact is maximally felt by the intended victim, be it an individual, an organisation, or an infrastructure system.

Agile: The nimbleness of AI-powered threats will enable them to promptly adapt their objectives to the environment and evolving defensive measures. As our security technologies enhance, so too will the capabilities of these AI systems, maintaining their lead.

Autonomous: Operating independently, these cyber threats will have the capability to orchestrate complex campaigns across disparate networks and systems, all without the need for human oversight.

Asymmetric: Defying the norms of traditional cyber conflict, AI threats will exploit any discovered weakness, employing unpredictable and unconventional tactics that challenge our anticipatory defences.

Stealth: Crafted with sophistication, AI threats will be stealthier and considerably harder to detect, utilising advanced methods to blend with regular network traffic and employing encryption to conceal their tracks.

Persistent: The unceasing nature of these threats means that their campaigns of disruption can continue unabated, ceaselessly scanning for and exploiting targets, leading to a perpetual state of alert.

Indiscriminate : These AI-driven incursions will act devoid of any moral restraint or empathy, undertaking devastating offensives without any consideration for the humanitarian or ethical consequences.

Scale: The magnitude of AI cyber threats will be vast, possessing the ability to initiate broad attacks in unison across numerous targets or systems, exponentially increasing the potential for damage and upheaval.

So here are my thoughts, please share yours. I really want to understand other peoples concerns, fears or views.