AI-related data breaches surpass stolen credentials in cyber incidents, report says

AI-detected vulnerabilities surpassed incidents of stolen credentials in data breaches last year, according ​to an annual report from Verizon relating to industry security incidents.

Verizon said in a review of more than 31,000 incidents that 31% of all breaches started with vulnerability exploitation in an AI world. It warned that AI was being used by threat ​actors "to accelerate the time to exploit known vulnerabilities, shrinking the window for ​defense from months to mere hours."

The annual report that reviews a ⁠wide range of industry data shows hackers are using generative AI to help ​at all stages of attacks "including targeting, initial access and development of malware and other ​tools."

The report said AI's primary impact "is currently operational: automating and scaling techniques defenders already know how to detect, not yet unlocking these novel or rare attack surfaces."

But it added that assessment ​might be obsolete as AI continues to advance rapidly.

The report said threat actors ​typically researched or used AI assistance in 15 different techniques, with some using as many as ‌50.

The ⁠report does not cover data from Mythos, a new AI model that has raised widespread cyber security concerns.

Mythos, announced on April 7, is being deployed as part of Anthropic's "Project Glasswing," a controlled initiative under which select organizations are permitted to use the ​unreleased Claude Mythos Preview ​model for defensive ⁠cyber security purposes, including Verizon.

Mythos' skill in coding at a high level has given it a potentially unprecedented ability to identify ​cyber security vulnerabilities and devise ways to exploit them, according to ​experts.