News

Report on Bad Actor Gen AI: So Far, So Little

• By David Ramel
• 08/18/2023

Threat actors are likely to increasingly leverage generative AI for their illegal exploits, a new report indicates, but so far have been relatively quiet on that front.

That's the upshot from a new report from threat intelligence specialist Mandiant, now part of Google Cloud.

Mandiant has for years tracked threat actor interest in, and use of, AI capabilities to facilitate a variety of malicious activity. It recently further combined its own observations and information from open source accounts to report on the current state of things, deducing that the limited adoption of AI in intrusion operations primarily involves social engineering. However, bad actors using another Gen AI technique -- "information operations" as opposed to intrusion -- are increasingly using AI-generated content like image/video deepfakes.

"We anticipate that generative AI tools will accelerate threat actor incorporation of AI into information operations and intrusion activity," Mandiant said yesterday in a blog post titled "Threat Actors are Interested in Generative AI, but Use Remains Limited."

"Mandiant judges that such technologies have the potential to significantly augment malicious operations in the future, enabling threat actors with limited resources and capabilities, similar to the advantages provided by exploit frameworks including Metasploit or Cobalt Strike. And while adversaries are already experimenting, and we expect to see more use of AI tools over time, effective operational use remains limited."

The report touches on the use of Gen AI across imagery, video, text and audio, illustrated by "The AI-Enabled IO Toolkit."

Furthermore, Mandiant's report discusses how AI can:

• Help threat actors improve their social engineering exploits
• Use large language models (LLMs) like those that power ChatGPT to generate more compelling "lure materials"
• Develop malware, again with the help of LLMs

"Threat actors regularly evolve their tactics, leveraging and responding to new technologies as part of the constantly changing cyber threat landscape," the report concluded. "Mandiant anticipates that threat actors of diverse origins and motivations will increasingly leverage generative AI as awareness and capabilities surrounding such technologies develop.

"For instance, we expect malicious actors will continue to capitalize on the general public's inability to differentiate between what is authentic and what is counterfeit and users and enterprises alike should be cautious about the information they ingest as generative AI has led to a more pliable reality. However, while there is certainly threat actor interest in this technology, adoption has been limited thus far, and may remain so in the near term."