惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Cyberwarzone
Cyberwarzone
V
Vulnerabilities – Threatpost
T
Tenable Blog
Forbes - Security
Forbes - Security
Simon Willison's Weblog
Simon Willison's Weblog
AWS News Blog
AWS News Blog
G
GRAHAM CLULEY
Know Your Adversary
Know Your Adversary
S
Securelist
C
Cybersecurity and Infrastructure Security Agency CISA
Project Zero
Project Zero
C
CXSECURITY Database RSS Feed - CXSecurity.com
V
Visual Studio Blog
WordPress大学
WordPress大学
Latest news
Latest news
K
Kaspersky official blog
T
Tailwind CSS Blog
T
Threat Research - Cisco Blogs
B
Blog RSS Feed
C
Cisco Blogs
博客园 - 聂微东
Martin Fowler
Martin Fowler
T
The Blog of Author Tim Ferriss
小众软件
小众软件
L
LangChain Blog
阮一峰的网络日志
阮一峰的网络日志
L
LINUX DO - 热门话题
Stack Overflow Blog
Stack Overflow Blog
罗磊的独立博客
P
Proofpoint News Feed
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
P
Privacy International News Feed
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
C
CERT Recently Published Vulnerability Notes
Cisco Talos Blog
Cisco Talos Blog
S
SegmentFault 最新的问题
Security Latest
Security Latest
Y
Y Combinator Blog
爱范儿
爱范儿
aimingoo的专栏
aimingoo的专栏
P
Privacy & Cybersecurity Law Blog
L
LINUX DO - 最新话题
月光博客
月光博客
The GitHub Blog
The GitHub Blog
博客园 - 三生石上(FineUI控件)
S
Security Affairs
P
Proofpoint News Feed
D
DataBreaches.Net
有赞技术团队
有赞技术团队
云风的 BLOG
云风的 BLOG

The Register - Special Features: RSA

Jen Easterly, cybersecurity's 'relentless optimist,' hopes feds come back to RSAC next year Jen Easterly, cybersecurity's 'relentless optimist' Smooth criminals talking their way into cloud environments, Google says Voice phishing skyrockets as smooth crims talk their way in RSAC 2026: Uncle Sam backs out, AI agents everywhere RSAC 2026: Uncle Sam backs out, AI agents everywhere Feds skipping infosec industry's biggest conference, RSAC Infosec guru Schneier worries corp AI will manipulate us Amazon CISO: How AWS red-teamed Alexa+ AI assistant Ex-CISA chief slams cuts as Trump demands total loyalty
Ex-NSA cyber-boss: AI will soon be a great exploit coder
2025-05-01 · via The Register - Special Features: RSA

RSAC Former NSA cyber-boss Rob Joyce thinks today's artificial intelligence is dangerously close to becoming a top-tier vulnerability exploit developer.

"At RSAC last year, I told people: 'Don't worry about the zero-day AI armageddon,' but I am increasingly worried that AI is going to be a good bug finder this year, [and] an exploit developer in the near future," the retired Director of the NSA's Cybersecurity Directorate told The Register during an interview this week at the RSA Conference in San Francisco.

How near is the near future? Either this year or next, predicted Joyce, who now serves as an advisor to Sandfly Security, a supplier of intrusion detection tools for Linux systems.

"All the frontier models have got very good at coding," Joyce noted. "In fact, OpenAI models are out-competing humans in many of the code competitions."

Case in point: The Hack The Box capture-the-flag contest earlier this month during which AI-powered entrants performed at about the same speed as pure-human teams, and nearly matched humans in tests of problem-solving ability.

By the end of the contest, the top AI team captured 19 of 20 flags, placing 20th out of 403 teams with 15900 points; most of the AI teams captured 19 flags in fact.

It doesn't matter if you're a defender or an attacker, those who use AI will outperform those who don't

"I don't worry about the big red easy button where you get somebody who's a script kiddie that knows nothing going ahead and attacking," Joyce told The Register. "But what it will do is it will take and automate the things that the good attackers need to do, and allow them to do more, faster, and at scale."

99 reasons not to click: AI supercharges phishing campaigns

Joyce also feels that LLMs will help miscreants and spies – even those for whom English is not their first language – to create believable and effective phishing campaigns.

"Now you can make a culturally relevant, accurate activity that get you to phish," Joyce said, noting that AI also helps scale creation of these malicious emails. "I watched one campaign where each and every email sent was individualized," he said. "At that point, some of the current technologies that are looking for a lot of similar features across many emails just don't work."

Sandfly Security founder and CEO Craig Rowland said he's seen fake invoices being sent to companies' accounts payable departments that include a full email thread to make the phish look more authentic. "People acting like ‘We need to pay this now’, and even including AI-generated PDFs that look official."

Playing defense

AI can also help defenders. Roland said one his human staff engineers reverse engineered a piece of eBPF code – a job that took about half a day. "The AI system took about 30 seconds," Rowland said.

Joyce had one condition for the interview: No questions about the Trump administration nor NSA operations. But he indulged us with one query about what he would say if the annual NSA's State of the Hack session at RSAC had not been pulled and if Joyce had been a speaker as was the case in previous years.

The former NSA cyber chief said he'd describe "one of the more interesting hacks" he saw this year during which a ransomware gang used valid, stolen credentials to access a company's desktop — but the computer had endpoint detection products installed.

"They realized they couldn't deploy their ransomware malware, so they pivoted inside the network," he said. That effort found a small, Linux-based video camera, and the crooks successfully deployed the ransomware on that device. "And it mounted the hard drives around the enterprise, and brought all that data up to the video camera, encrypted it, and put them in a state where they were now ransomwared." Joyce recalled, describing it as a "fascinating pivot to an unmonitored, undefended part of the network."

Plus: "I can't imagine how hot that damn little camera got trying to encrypt all the data in this company," he noted. "But it worked, right?" ®