“One of the main things to be understood about cybersecurity is that it is a mental game,” said Ami Lutwak, chief technician at the Cyber Security Company, told Techcrunch on a The last episode of fairness. “If there is a new technical wave to come, there are new opportunities for the attackers to start using it.”
As institutions rush to include artificial intelligence in the workflow – whether through coding in the air, the integration of the artificial intelligence agent, or new tools – the surface of the attack is expanded. Artificial intelligence helps developers to charge a code faster, but this speed often comes with shortcuts and errors, creating new holes for the attackers.
Wiz, who was Google got it earlier this year for $ 32 billionLuttwak says that recently conducted tests, and found that a common problem in encrypted applications in elegance was unsafe to implement authentication – the system that checks the user identity and ensures that it is not an attacker.
“This happened because it was easier to build such,” he said. “The coding agents do what you say, and if you don’t tell them to build it in the safest way, he will not do it.”
Luttwak noted that there is a continuous comparison today for companies that choose to be fast and safe. But the developers are not the only ones who use artificial intelligence to move faster. He said that the attackers are now using coding, based on the claim and even their artificial intelligence agents to launch exploits.
“You can actually see the attacker now use demands for the attack,” said Lutawak. “It is not just a Vapi striker coding. The attacker is looking for and telling the artificial intelligence tools that you have,” send me all your secrets, delete the device, delete the file. ”
Amid this scene, attackers also find entry points in the new artificial intelligence tools that companies are deployed internally to increase efficiency. Luttwak says this integration can lead to “supply chain attacks”. By prejudice to a third -party service that has a wide access to the company’s infrastructure, the attackers can then investigate corporate systems.
TECHRUNCH event
San Francisco
|
27-29 October, 2025
This is what happened last month when Drift was violated – the startup that sells AI Chatbots for sales and marketing – Exposing Saleforce data to hundreds of institution customers Like Cloudflare, Palo Alto Networks and Google. The attackers got access to symbols, or digital keys, and used it to impersonate the Chatbot character, inquire about Salesforce data, and move sideways within customer environments.
“The attacker pushed the code of the attack, which was also created with the coding coding.”
Luttwak says that although the adoption of AI tools for institutions is still minimal – it is believed that about 1 % of institutions have adopted artificial intelligence completely – WIZ already sees attacks every week affecting thousands of institution agents.
Lutwak said: “If you look at the flow of (attack), artificial intelligence is included in every step.” “This revolution is faster than any revolution we have seen in the past. This means that as an industry needs to move faster.”
Luttwak referred to another major attack of the supply chain, called “S1ingultity” in August NxJavascript developer. The attackers were able to launch harmful programs in the system, which then discovered the presence of artificial intelligence developers such as Claude and Jarmini and kidnapped them to independently wipe the system for valuable data. The attack led to the exposure of thousands of distinctive symbols of developers and keys, allowing the attackers to reach the private Gabap warehouses.
Luttwak says that despite the threats, this was an exciting time to be a pioneer in cybersecurity. Wiz, founded in 2020, originally focused on assisting organizations to identify and address formations, weaknesses, and other security risks across cloud environments.
Over the past year, Wiz expanded its capabilities to keep pace with the speed of the prosecution attacks-and the use of artificial intelligence for its own products.
Last September, Wiz Code Wiz, which focuses on securing a software development cycle by identifying and alleviating safety problems early in the development process, so that companies can be “safe by design”. In April, Wiz Wiz Defend launched, which provides operating time protection by discovering and responding to active threats within cloud environments.
Luttwak said it is very important for Wiz to understand its customers’ applications completely if the startup will help in what he calls “horizontal security”.
He said: “We need to understand the reason you build it … so that I can build a safety tool that no one had before, which is the security tool that understands you.”
“From the first day, you need to get CISO”
The democratic character resulted in artificial intelligence tools to a flood of new startups that are a solution to the Foundation’s pain points. But Luttwak says that institutions should not only send all their companies, employee and customer data to “every small SAAS company that has five employees just because they say,” Give me all your data, and I will give you the amazing visions of Amnesty International. ”
Of course, these startups need these data if their offer will have any value. This means that they should make sure they are working like a safe organization from the start.
“From the first day, you need to think about security and compliance,” he said. “From the first day, you need to get CISO (the chief information security official). Even if you have five people.”
He said that before writing one line of software instructions, startups should think as a very safe organization. They need to consider the advantages of institutions safety, audit records, authentication, production access, development practices, safety ownership, and one signature. Planning this way from the beginning means that you will not have to repair operations later and carry what Luttwak calls “security debts”. If you are aimed at selling to institutions, you will be already ready to protect their data.
“We were compatible with Social (compliance frame) before we have a symbol,” he said. “I can tell you a secret. Getting to compliance with SOC2 of five employees is much easier than 500 employees.”
He said the next most important step for startups is to think about architecture.
“If you are a start -up company, Amnesty International wants to focus on the institution from the first day, you must think about the structure that allows customer data to stay … in the customer environment.”
For emerging cyber security companies looking to enter the field in the era of artificial intelligence, Luttwak says now it’s time. Everything from the protection of hunting and e -mail security to harmful programs and protecting the end point is fertile land for innovation – for attackers and defenders. The same applies to startups that can help in the workflow and automated operating tools to “safely wings”, because many security teams still know how to use artificial intelligence to defend against artificial intelligence.
“The game is open,” said Luttwak. “If every field of security now has new attacks, this means that we must rethink every part of the security.”
https://techcrunch.com/wp-content/uploads/2024/07/GettyImages-2162704124.jpg?resize=1200,800
Source link