UPDATE 1-AI-related data breaches surpass stolen credentials in cyber incidents, Verizon report says

AI-detected vulnerabilities surpassed incidents of ​stolen credentials in data breaches last year, ‌according ​to an annual report from Verizon relating to industry security incidents. Verizon said in a review of more than 31,000 incidents that 31% of all ‌breaches started with vulnerability exploitation in an AI world. It warned that AI was being used by threat actors "to accelerate the time to exploit known vulnerabilities, shrinking the window for defense from months to mere hours." The annual ‌report that reviews a wide range of industry data shows hackers are using generative AI to ‌help at all stages of attacks "including targeting, initial access, and development of malware and other tools." The report said AI’s primary impact "is currently operational: automating and scaling techniques defenders already know how to detect, not yet unlocking these novel or rare attack surfaces." But ⁠it added ​that assessment might be ⁠obsolete as AI continues to advance rapidly.

The report said threat actors typically researched or used AI assistance in 15 different techniques, ⁠with some using as many as 50. The report does not cover data from Mythos, a new AI model that ​has raised widespread cybersecurity concerns.

Mythos, announced on April 7, is being deployed as part of Anthropic's "Project ⁠Glasswing," a controlled initiative under which select organizations are permitted to use the unreleased Claude Mythos Preview model for defensive cybersecurity purposes, ⁠including ​Verizon. Mythos' skill in coding at a high level has given it a potentially unprecedented ability to identify cybersecurity vulnerabilities and devise ways to exploit them, according to experts. Verizon chief information security officer Nasrin ⁠Rezai said it was critical to address the growing threats. "We need to fight AI with AI. We need ⁠to incorporate them ⁠into our practices," Rezai told Reuters. "We need to bring them into our software development life cycle, in our testing processes, in our cyber defense processes at a ‌scale that we ‌have never done before."