Malwarebytes has recently released a report predicting that agentic AI systems will play a significant role in changing cyber criminal tactics by the year 2025. According to the report, these AI-powered ransomware attacks could have a major impact on businesses, especially due to the emergence of malicious AI agents that are capable of reasoning, planning, and using tools autonomously.
While generative AI tools have been used in limited cases for offensive purposes such as generating phishing content and producing exploits, their overall impact on cyber crime has been modest. However, Malwarebytes warns that the introduction of agentic AI could enhance the efficiency of attacks and revolutionize the underlying tactics used by hackers. With advancements in AI technology on the horizon, ransomware gangs may soon employ AI agents to target multiple victims simultaneously and strategize on compromising their systems.
Despite the potential risks posed by offensive agentic AI, Malwarebytes highlights the defensive applications of these systems in addressing cybersecurity skills gaps within the industry. As AI becomes more capable, security teams could delegate tasks to autonomous agents, allowing them to handle workloads with minimal oversight. Companies like ReliaQuest have already launched autonomous AI security agents that can process security alerts faster with greater accuracy compared to traditional methods.
Sohrob Kazerounian, an AI researcher at Vectra AI, acknowledges the efficiency gains that generative AI has brought to threat actors and anticipates that attackers will increasingly turn to AI agents for conducting large-scale spear phishing attacks. While the integration of AI agents into cyber criminal operations is still a few years away, Kazerounian emphasizes the need for the industry to prepare for this eventuality. The deployment of autonomous AI agents for conducting end-to-end attacks could fundamentally change how threat detection is approached, requiring significant adjustments in detecting and mitigating potential threats.
In conclusion, the impending rise of offensive agentic AI represents a double-edged sword for cybersecurity. While these systems could empower cyber criminals to conduct more sophisticated and efficient attacks, they also present opportunities for enhancing defensive capabilities and addressing skills shortages within the industry. As organizations navigate the evolving threat landscape, adaptability and innovation will be crucial in staying ahead of malicious actors leveraging AI technology for nefarious purposes.