Nearly one in four cybersecurity executives say their organisations have experienced cyberattacks powered by artificial intelligence within the past year, a new study has found.
According to a report by Team8, a Tel Aviv-based venture fund specialising in cybersecurity, AI, data, fintech, and digital health, the actual number of AI-enabled cyberattacks is probably higher than reported, as these incidents are frequently difficult to distinguish from attacks carried out by humans.
The firm interviewed approximately 110 chief information security officers, who shared concerns about the potential for AI to be used maliciously as well as optimism that the technology could enhance cybersecurity defences.
Deepfakes, voice cloning and real-time impersonation tactics are some of the most widely observed AI-powered attack methods, all of which are used to exploit human trust and manipulate victims.
AI can also enhance and speed up cyberattacks, as these tools may soon develop into autonomous weapons able to operate independently, without direct human involvement, Team8 said.
“They can exploit vulnerabilities at scale in an automated manner,” Team8 strategy director Noa Hen said.
“They can use AI to write malware much faster.”
Close to 40% of the CISOs identified protecting AI agents, which handle tasks on behalf of users, as a major unresolved security concern. The report said these agents are vulnerable to manipulation by attackers and can potentially execute undesirable actions.
A similar proportion of CISOs expressed concern about safeguarding AI tools used by their workforces, “because very few organisations are getting it right,” Team8 said.
“CISOs today face a lose-lose trade-off: either restrict access and stifle innovation or allow usage without controls and accept unmanaged risk.”
Over 40% of survey respondents reported that more than 40% of “critical” vulnerabilities remained unpatched after their remediation deadlines, with the majority citing a lack of staff or time as the primary reason for these unresolved security gaps.
Some cybersecurity executives noted that some patches simply weren’t available, while others said that taking systems offline to apply fixes could disrupt their organisations’ day-to-day operations.
The Team8 survey also revealed that roughly 60% of the CISOs’ organisations favoured “best-of-breed” cybersecurity solutions over consolidated platforms.
This signifies change from recent years, when companies prioritised reducing vendor numbers and lowering costs by purchasing bundled cybersecurity products from a single major provider.