惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Jina AI
Jina AI
V
Vulnerabilities – Threatpost
Security Latest
Security Latest
AI
AI
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
量子位
H
Help Net Security
Attack and Defense Labs
Attack and Defense Labs
The GitHub Blog
The GitHub Blog
L
LINUX DO - 最新话题
A
Arctic Wolf
博客园_首页
S
Securelist
S
Secure Thoughts
Google DeepMind News
Google DeepMind News
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
T
Tailwind CSS Blog
Apple Machine Learning Research
Apple Machine Learning Research
酷 壳 – CoolShell
酷 壳 – CoolShell
Stack Overflow Blog
Stack Overflow Blog
N
Netflix TechBlog - Medium
Cyberwarzone
Cyberwarzone
小众软件
小众软件
T
Threatpost
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Blog — PlanetScale
Blog — PlanetScale
N
News and Events Feed by Topic
NISL@THU
NISL@THU
Forbes - Security
Forbes - Security
博客园 - 聂微东
F
Fortinet All Blogs
Simon Willison's Weblog
Simon Willison's Weblog
H
Heimdal Security Blog
罗磊的独立博客
S
Security @ Cisco Blogs
B
Blog
T
Troy Hunt's Blog
Engineering at Meta
Engineering at Meta
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
The Hacker News
The Hacker News
The Last Watchdog
The Last Watchdog
Hacker News - Newest:
Hacker News - Newest: "LLM"
I
Intezer
T
Threat Research - Cisco Blogs
C
Cybersecurity and Infrastructure Security Agency CISA
The Cloudflare Blog
S
Schneier on Security
月光博客
月光博客
L
LINUX DO - 热门话题
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org

Security

Scope Systems confirms cyber incident, says no data loss occurred Instructure breach: ShinyHunters says ‘matter has been resolved’ Rapid7 launches Cyber GRC program to connect compliance with live risk data Australian federal budget 2026: The industry perspective Op-Ed: Microsoft May Patch Tuesday reveals 137 vulnerabilities Federal Budget 2026: The state of cyber security spending for the coming year OpenAI offers EU early access to its cyber security model Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group Op-Ed: Why Middle East tensions demand immediate action on OT security Aussie schools breach: Instructure boss “reaches agreement” with ShinyHunters to not release data Institute of Public Accountants members hit by data breach Union demands answers on Qantas AI plans 1 in 3 small businesses don't think they're a cyber target, new research finds Exclusive: Aussie toy distributor listed by M3rx ransomware Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims The industry speaks – part 2: World Password Day 2026 Aussie schools breach: The Instructure hack “transcends an isolated IT incident” Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors New South Wales, other states, investigating Instructure/Canvas data breach Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July Exclusive: Major Australian jewellery brand confirms cyber incident Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Exclusive: Prime Properties listed as breach victim by M3rx ransomware DigiCert launches AI Trust architecture to secure agents, models, and content Winners of the 2026 Australian Cyber Awards unveiled Op-Ed: Redefining performance in the AI-powered SOC NZ council cyber attack leads to ID and financial data being exposed Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Anthropic Mythos: The model, the myth and the mundane​ Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Sri Lankan government hack sees $3.7m destined for Australia stolen CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing NZ racehorse auction stalled by cyber attack Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities ADF joins international military exercise focused on cyber resilience and multi-domain operations OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims The industry speaks: World Identity Management Day 2026 WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Ransomware group claims hack of legal giant Jones Day Anthropic, partners announce Project Glasswing cyber security initiative Exclusive: Aussie tech firm Seeing Machines confirms potential cyber security incident
Op-Ed: Criminal AI doesn’t need super hackers
hackers By Douglas McKee, Director of Vulnerability Intelligence · 2026-06-12 · via Security

The cyber industry has a bad habit of arguing with the movie trailer instead of watching the whole movie.

We keep talking about criminal AI like the big moment will be a fully autonomous, hoodie-wearing supermodel that wakes up, finds a zero-day, writes the exploit, pivots through your environment, steals your data, negotiates with legal, and then celebrates with a nice cup of coffee.

Could that kind of autonomy matter someday? Sure. I’m not planting a flag on “never”. That’s how you end up very wrong on the internet.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

But that’s not what defenders should be losing sleep over right now.

The real issue is much simpler, as AI is making ordinary criminals more productive. Sound familiar? It is the same thing that AI is doing for ordinary people.

Criminals don’t need a magical AI super hacker if they can get a tool that writes better phishing emails, translates scams into 20 languages, summarises stolen documents, generates fake invoices, builds believable business email compromise pretexts, or coaches them through a fraud workflow. That’s not science fiction. That’s productivity software with terrible ethics.

That distinction matters.

But don’t take my word for it. If you want to stop shadowboxing with hypotheticals and see how threat actors are actually packaging, pricing, and weaponising criminal AI-as-a-service today, read the full analysis written by Rapid7’s senior security researcher, Jeremy Makowski.

The threat is friction disappearing

A lot of security conversations still focus on whether AI can write malware or find vulnerabilities at a high level. That’s useful research, and obviously, I care about vulnerability discovery. I spend a good chunk of my life staring at weird bugs and asking, “What’s that all about?”

But for criminal operations, the first-order impact is not always the most technically impressive thing. It’s the thing that removes friction. Most criminal operations are workflows. Annoying, repetitive, very human workflows. Again, sound familiar?

Find a target. Write the lure. Make the message sound local. Build the pretext. Reply convincingly. Sort through stolen data. Figure out who approves payments. Figure out which internal project sounds urgent enough to abuse. Keep the victim engaged long enough to get the outcome. None of which requires an advanced threat actor. It requires time, language skills, patience, and enough discipline not to trip over yourself. Turns out LLMs are really good at all of that.

People often say AI “lowers the skill floor”. That’s true, but it undersells the problem. AI does not just let the worst criminals participate. It lets mediocre criminals produce better work on a larger scale. That’s a nasty combination. It’s like giving every threat actor in the fraud ecosystem a junior analyst, a copy editor, a translator, and a pretext coach. Is it elegant? No. But if it works, who cares? Criminals certainly don’t.

We saw exactly how devastating this friction-free execution can be in the 2024 Hong Kong deepfake heist. An ordinary finance worker was tricked into siphoning US$25 million after joining a video conference call where every single colleague on the screen, including the CFO, was an AI-generated clone. It wasn’t a rogue super-intelligence hacking into a mainframe; it was a highly polished, AI-driven social engineering workflow that effortlessly bypassed human intuition.

Criminal AI-as-a-service is mostly packaging

The underground economy does not need every tool to be brilliant. It needs tools that are easy to access, easy to pay for, and easy to plug into existing criminal workflows.

That’s why “criminal AI-as-a-service” is less about some new superpower and more about packaging. Telegram bots. Prompt packs. Wrappers around mainstream models. Stolen accounts. Jailbroken interfaces. Subscriptions that promise better phishing, better impersonation, better summaries, or better fraud scripts.

Not glamorous yet very useful. This is the part defenders sometimes miss. Mature criminal markets love boring efficiency. A polished lure generated in thirty seconds may be worth more than an exotic exploit chain that only works ten per cent of the time.

I know we all like the sexy technical stuff. I’m guilty of that, too. Give me a weird, embedded device and debug symbols someone accidentally left in firmware, thank you very much, and I’ll happily disappear into the lab. But most criminals are not trying to win a Pwn2Own trophy.

They’re trying to make money.

AI helps them make money by making existing attacks cheaper and easier to repeat.

The stolen AI account problem

Stolen AI accounts and hijacked API keys are not just another SaaS credential problem. Yes, there is absolutely nothing new about stolen credentials. We have been dealing with that mess forever. But AI account credentials can also become a knowledge compromise problem.

Enterprise AI systems often contain uploaded files, prompts, source code, planning documents, customer data (yes, even though everyone’s policy forbids it), internal analysis, and all kinds of “I probably should not have pasted that there” material. When an attacker compromises an AI account, they may not just get access to a model. They may get access to the context, automation, and trust your organisation has been feeding into it.

That is a very different kind of risk.

If I compromise a normal business app, I get the data in that app. If I compromise an AI workspace, I may get the questions your employees were asking, the documents they were analysing, the code they were debugging, and the assumptions they were trying to test.

Now take that one step further. If that AI account is wired into automated workflows, ticketing systems, code review, customer support, security triage, data enrichment, or internal knowledge bases, I may also inherit the permissions and trust relationships wrapped around those workflows. The model may not be “privileged” in the traditional sense, but the workflow around it might be. And attackers love that kind of gap.

That should make security teams uncomfortable.

What to actually defend

So, what do we do with all of this?

First, stop treating criminal AI like it only matters when it becomes autonomous. That framing misses the point. The practical risk is not a model replacing the attacker. It is a model helping the attacker move faster through workflows that already work.

That means the defensive work is not magical either.

Secure AI accounts and API keys. Treat AI workspaces like sensitive systems, because they are. Review what data users can upload, what prompts are retained, what workflows AI tools can touch, and what trust those workflows inherit.

Harden the places where your business already relies on human trust, such as payment changes, vendor onboarding, password resets, helpdesk approvals, executive requests, customer support, and security triage. If “this sounds right” is part of the control, that control is getting weaker.

Update incident response playbooks to include AI account compromise, prompt injection, data extraction, synthetic media, and abuse of automated workflows. Monitor GenAI applications like they are part of the attack surface, because at this point, they are.

The future threat may be autonomous.

The current threat is efficient.

And efficient criminals are bad enough.

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.