There is certainly a lot of hype around AI these days. At first, I was skeptical too, until a few months back when renowned security researchers on X started tweeting about using Claude Opus and Sonnet Agentic LLMs against Firefox browsers, FreeBSD and Linux kernels and successfully identifying over 271 vulnerabilities and 0days that existed for years without anyone noticing it. One tweet also said, "Guys, better take a look at this, we are in trouble, this is real, ain't hype after all." That is when I too took notice and started doing my own research.
What I found was pure automation, end-to-end. What normally took security researchers weeks, months, or even years to find can now be automated within hours or days. The impact is huge. Application owners are flooded with hundreds of vulnerability reports from white hats using AI, forcing them to validate each report and apply fixes faster than the reports come in. Even top security bounty competitions have had to pause their programs due to overwhelming submissions.
So, how does this impact us all? The bar for black hats has been lowered. There is no need to sift through thousands of lines of code manually to identify vulnerabilities, and no need to write code for exploits. Threat actors use AI to automate research and weaponize their findings. Before AI, we can DAST and SAST code scanners, these were only scanners that work on pattern matching but AI took it a step further - it has the ability to think and act like a human vulnerability researchers.
As for phishing and other social engineering attacks, AI will make them look more realistic to entice users to click or download malicious applications or perform arbitrary actions.
The cybersecurity space is evolving at an unprecedented speed, and defenders need to start using AI to automate defenses too. Certainly, there are hundreds of vendors trying to market their products as the next big AI solution. However, I am still skeptical and will scrutinize each product carefully before making a decision on purchasing or adopting it.
