• Neeve
  • Posts
  • 💸 Companies Prioritize AI Over Security

💸 Companies Prioritize AI Over Security

Fines, leaks, and hacks—key cyber updates

Author

Alison Bridge
May 13, 2025

Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.

This Week’s Cyber Insights

A comprehensive new study from Amazon Web Services reveals that generative AI tools have surpassed cybersecurity as the top budget priority for global IT leaders heading into 2025. The AWS Generative AI Adoption Index, which surveyed 3,739 senior IT decision makers across nine countries, found that 45% of organizations plan to prioritize generative AI spending over traditional IT investments like security tools (30%).

  • 90% of organizations are now deploying generative AI technologies, with 44% already in production.

  • 60% of organizations have appointed dedicated AI executives like Chief AI Officers

  • Organizations conducted an average of 45 AI experiments in 2024, but only about 20 are expected to reach end users in 2025

  • Talent shortages cited as the primary barrier to AI implementation, with 55% citing lack of skilled workforce

  • Only 25% of organizations plan to build AI solutions from scratch, with most adopting hybrid approaches

🤔 The Bigger Picture:

The shift in budget priorities represents a potential security risk for critical infrastructure operators, as AI investment outpaces security spending despite growing threats. While AI offers tremendous operational benefits and may enhance security capabilities, rapid adoption without corresponding security controls creates new vulnerabilities. Organizations should ensure that security considerations are embedded in AI implementation plans from the start, treating AI risk management as a core component of their overall security strategy rather than a separate initiative.

The cybersecurity industry is confronting a new identity security crisis as autonomous AI agents begin to require management similar to human employees. Security experts warn that without proper guardrails, these agents could cause data breaches, misuse login credentials, and leak sensitive information across critical infrastructure networks.

  • Traditional identity authentication methods don't work for agents as they can't respond to MFA challenges like humans

  • Deloitte predicts 25% of companies using generative AI will launch agentic AI pilots this year, and 50% by 2027

  • Identity security providers including 1Password, Okta, and OwnID have released specialized products for securing AI identities

  • Security experts recommend implementing "kill switches" for agents on networks

  • Many security teams lack input on AI agent deployment decisions despite significant risks

🤔 The Bigger Picture:

As critical infrastructure systems increasingly incorporate autonomous AI agents for monitoring, analytics, and operational decision-making, they introduce new attack vectors that traditional security models don't address. Unlike conventional machine identities, these agents have broader capabilities, greater autonomy, and potentially devastating impact if compromised. Organizations deploying AI agents in operational environments need to establish unique identity governance frameworks, access controls, and monitoring systems tailored specifically to these new digital entities.

CISA, along with the FBI, EPA, and Department of Energy, has issued an urgent advisory warning that cyber actors are actively targeting industrial control systems (ICS) and SCADA systems within the U.S. oil and natural gas sector. Despite using elementary intrusion techniques, these attacks pose significant risks due to widespread poor cyber hygiene within critical infrastructure organizations.

  • Threat actors are employing basic but effective methods including exploiting default credentials, conducting brute-force attacks, and targeting misconfigured remote access points

  • Attackers use "simple, repeatable, and scalable tool sets" to identify vulnerable systems through search engines that scan for open ports

  • Even unsophisticated attacks could lead to severe consequences - from system defacement to operational disruptions and physical damage

  • Officials believe these actors are likely hacktivist groups targeting internet-exposed OT systems since at least 2022

🤔 The Bigger Picture:

This incident highlights a troubling reality - many critical infrastructure operators still struggle with basic security hygiene, creating easy targets for even unsophisticated attackers. The convergence of IT and OT environments has expanded the attack surface dramatically, while the prevalence of default credentials and internet-exposed systems shows that security fundamentals are often overlooked. Organizations must prioritize securing these baseline vulnerabilities before implementing more advanced security technologies.

Threat actors linked to the Play ransomware group exploited a zero-day vulnerability in the Microsoft Windows Common Log File System prior to its April 8 patching, elevating privileges from standard user to full system access.

  • Attacks targeted organizations across IT, real estate, financial, and retail sectors

  • Sophisticated attack chain allowed credential theft and persistence through DLL injection

  • For facility teams using Windows-based building interfaces or remote access tools, this is a sharp reminder that patching delays can leave critical systems exposed

  • The vulnerability (CVE-2025-29824) allows attackers to exploit a use-after-free condition in the CLFS kernel driver

  • Organizations should apply April 2025 security updates, especially for BMS workstations and servers

🤔 The Bigger Picture:

This vulnerability highlights the risks facing building operators who rely on Windows-based systems for facility management. Building automation systems often run on standard Windows environments that require regular patching. Delayed updates to these systems can create entry points for attackers to gain privileged access, potentially compromising connected HVAC, access control, and other critical building functions. Facility teams should implement robust patch management processes specifically addressing operational technology environments.

Further Alerts & Insights

📰 Report: Cyber-Resilient Organizations Still Blind to AI Threats

A new LevelBlue report reveals that even cyber-resilient organizations that have invested in supply chain security and advanced threat detection may be underestimating AI-related risks. Despite 94% of resilient organizations investing in software supply chain security, only 30% of executives believe "AI adoption has caused greater risk to the software supply chain." Security experts warn that AI adoption is happening faster than regulations and security controls can keep pace, creating expanded attack surfaces.

📰 Hackers Leveraging Windows Remote Management for Stealthy AD Attacks

Threat actors are increasingly using Windows Remote Management (WinRM) to move stealthily within Active Directory environments while evading traditional detection mechanisms. After obtaining valid credentials, attackers use WinRM's built-in functionality to execute remote commands, deploy malicious payloads, and establish persistence. Security experts warn that these attacks are difficult to detect as they leverage legitimate Windows systems on standard ports (5985/5986), blending into normal administrative activity.

📰 Qilin Leads 470 Active Ransomware Groups in 2025

April 2025 witnessed 470 reported ransomware victims worldwide, representing a 29% decrease from March, but with threat actors showing increased sophistication and strategic targeting. Qilin has established itself as the dominant ransomware group with a 71.4% increase in activity and 72 confirmed victims. Meanwhile, emerging groups Silent and Crypto24 are making their debut with distinctive approaches: Silent focuses on data theft over encryption, while Crypto24 has claimed eight victims since its emergence.

📰 NCSC Warns of AI-Driven Vulnerabilities in UK Critical Systems

The UK's National Cyber Security Centre (NCSC) warns that critical infrastructure faces growing risks from AI-enabled threats, with a widening "digital divide" between organizations that can adapt and those that cannot. The agency predicts AI will accelerate the time between vulnerability discovery and exploitation, potentially reducing this window to mere days by 2027. NCSC urges organizations to implement its guidance on secure AI implementation while maintaining strong cybersecurity practices across systems.