- Neeve
- Posts
- 🧬The Human Factor in the Age of AI Cyber Attacks
🧬The Human Factor in the Age of AI Cyber Attacks
Fines, leaks, and hacks—key cyber updates
Alison Bridge
May 06, 2025
Welcome to your essential briefing on threats at the intersection of cybersecurity and critical infrastructure, brought to you by Neeve, the edge cloud security platform for smart buildings, making built spaces secure, intelligent, and sustainable.
This Week’s Cyber Insights
Despite rapid advancements in generative AI for both offense and defense, human expertise remains indispensable in the fight against sophisticated cyber adversaries, particularly in the face of surging identity-based attacks.
Malware-free, identity-based attacks and AI-driven phishing/impersonation tactics are rapidly increasing.
The human element is often the weakest link, targeted by increasingly convincing deepfake scams.
Average breakout time for intrusions has dropped significantly to under an hour, demanding faster responses.
While AI augments defense by accelerating analysis, human analysts are still needed for accountability and strategic decision-making.
🤔 The Bigger Picture:
The evolving threat landscape requires a human-AI hybrid defense strategy, not a full replacement of human analysts. Organizations must invest in technologies that augment human capabilities and reinforce fundamental security practices like identity verification. The speed of modern attacks underscores the critical need for rapid detection and response, emphasizing AI's role as a force multiplier for human defenders.
As generative AI models become more integrated into business operations, they introduce novel security vulnerabilities that are prompting cybersecurity firms to develop AI-based defenses, initiating an "AI vs. AI" arms race.
Generative AI models (LLMs) are vulnerable to new attacks like prompt injection and data exfiltration, with potentially significant financial consequences.
Securing LLMs is challenging due to their "black box" nature and how they handle training data.
Fundamental security practices (authentication, access control, logging) remain essential alongside new defenses.
Cybersecurity firms are developing "good-guy AI" (security-tuned models) to detect and counter AI-specific attacks.
🤔 The Bigger Picture:
Securing AI is a new frontier demanding both foundational security and innovative AI-based defenses to counter AI-specific vulnerabilities. Organizations deploying or using LLMs must understand these unique risks and the emerging dynamic of using AI to defend AI. A layered approach combining traditional security with specialized AI models is crucial for mitigating risks in this evolving landscape.
Scale's twelfth annual Cybersecurity Perspectives Survey reveals a significant shift in the threat landscape, with artificial intelligence now dominating security leaders' concerns. This comprehensive study of enterprises with 500+ employees offers critical insights into how the cybersecurity battlefield is evolving.
AI-driven cyber attacks have topped ransomware as the leading unaddressed challenge. Three of the top six unaddressed security challenges related to some form of AI this year, while ransomware (#3) fell from first place behind the evolving threat landscape (#2).
50% of firms suffered an attack against a cloud service last year, while 45% of firms experienced a data breach.
The average effectiveness of cybersecurity protections improved for the first time in three years, increasing to 61% efficacy this year from 48% in 2023.
🤔 The Bigger Picture:
Security budgets are responding with double-digit growth - mid-sized security budgets increased 11% YoY, while enterprise security budgets grew 17% YoY. The market is ready for AI-powered platforms that can augment gaps in personnel and better triage alerts, with 75% of firms expressing interest in AI agents to automate SOC investigations. Teams remain under resourced with over 40% of respondents reporting a lack of security professionals, excess manual labor, and a deluge of alerts and false positives.
CISA has issued an urgent warning about severe vulnerabilities in KUNBUS Revolution Pi industrial automation devices, highlighting critical authentication bypass and remote code execution risks that could have significant consequences for critical infrastructure sectors.
CISA issued an advisory for high-severity vulnerabilities in KUNBUS Revolution Pi OS and PiCtory software (CVSS scores up to 10.0).
Flaws include missing authentication allowing unauthenticated remote code execution and authentication bypass via path traversal.
These devices are widely deployed in critical infrastructure (energy, manufacturing, transportation, water).
Exploitation could lead to operational disruption, manipulation of safety systems, or widespread downtime.
🤔 The Bigger Picture:
These critical vulnerabilities highlight the significant attack surface presented by industrial IoT devices and the potential for severe physical impacts from their compromise. The challenge of patching legacy OT systems exacerbates this risk, making proactive vulnerability management and defense-in-depth essential. Organizations must prioritize patching, strong authentication, and strict network segmentation to protect critical industrial environments.
Further Alerts & Insights
📰 DARPA Leverages AI for Critical Infrastructure Cybersecurity
DARPA is intensifying efforts to protect U.S. critical infrastructure from nation-state cyberthreats by utilizing advanced artificial intelligence. The agency's Information Innovation Office is focusing on using AI to rapidly find and fix software vulnerabilities at speed and scale, aiming to prevent strategic surprises in highly complex systems supporting areas like electrical grids and defense networks.
📰 Hackers Target Middle East Infrastructure
Iranian state-sponsored threat actors conducted a sophisticated two-year espionage operation against critical infrastructure in the Middle East, deploying novel backdoors like NeoExpressRAT to maintain persistent access. Despite containment efforts, the attackers demonstrated remarkable persistence by exploiting previously unreported vulnerabilities and launching targeted phishing campaigns.
📰 JPMorganChase CISO Warns of Growing SaaS Supply Chain Risk
An open letter from the Chief Information Security Officer at JPMorganChase highlights the significant security vulnerability quietly enabled by the widespread adoption of the SaaS model, arguing it creates substantial concentration risk in the global economy. The letter contends that software providers prioritize features over security, and modern integration patterns erode traditional security boundaries, calling for providers to urgently reprioritize security, modernize architecture, and collaborate to address this growing software supply chain weakness.
📰 Nitrogen Ransomware Uses Malvertising & Stealth Tactics
The Nitrogen ransomware group is employing sophisticated tactics, including targeted malvertising disguised as legitimate software, to gain initial access. Once inside, they leverage tools like Cobalt Strike for persistence and lateral movement, actively attempting to erase log data to hinder detection and forensic analysis, showcasing an evolving ransomware ecosystem.
📰 Commvault Azure Breach Exploits Zero-Day
Commvault confirmed that an unknown nation-state actor breached its Microsoft Azure environment by exploiting a zero-day vulnerability, CVE-2025-3928. While a small number of shared customers were affected, Commvault stated there is no evidence of unauthorized access to customer backup data. CISA has added the vulnerability to its Known Exploited Vulnerabilities catalog, urging immediate patching and mitigation steps.