AI-Driven Security Risks, Bypasses, and Exploits in Modern Cybersecurity
Security researchers and industry experts are raising alarms about the growing use of artificial intelligence (AI) in both offensive and defensive cybersecurity operations. Attackers are leveraging AI to bypass advanced security controls, as demonstrated by a researcher who used AI to defeat an "AI-powered" web application firewall, and by the emergence of new malware that exploits AI model files and browser vulnerabilities to evade detection and exfiltrate credentials. Meanwhile, defenders are grappling with the proliferation of unsanctioned AI tools in the workplace, the challenge of auditing AI decision-making, and the surge in AI-powered bug hunting, which has led to a dramatic increase in vulnerability discoveries and bug bounty payouts. The risks are compounded by the lack of clear AI usage policies, the potential for data leaks through generative AI tools, and the difficulty in monitoring or controlling how sensitive information is processed and stored by these systems.
Industry reports highlight that a significant portion of employees use unauthorized AI applications, often exposing sensitive data without IT oversight, and that prompt injection and model manipulation are now common vulnerability types. The security community is also debating the extent to which ransomware and other attacks are truly "AI-driven," with some reports criticized for overstating the role of AI in current threat activity. As organizations rush to adopt AI for efficiency and innovation, experts urge the implementation of robust governance, continuous monitoring, and red-teaming to anticipate and mitigate the evolving risks posed by both sanctioned and shadow AI systems. The rapid evolution of AI in cybersecurity is forcing a reevaluation of traditional defense models, emphasizing the need for transparency, operational oversight, and adaptive security strategies.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
12 events from the most recent confirmed update back to the earliest known activity.
Researcher hxr1 demonstrates malware-hiding ONNX PoC on Windows AI stack
Researcher hxr1 disclosed a proof-of-concept living-off-the-land attack that hides malware in ONNX model files used by Windows' native AI stack. The PoC showed how trusted Microsoft-signed components could load malicious content from AI files while evading traditional EDR scrutiny.
Mozilla introduces new Firefox extension data collection disclosure policy
Mozilla announced a new policy requiring clearer disclosure of data collection practices for Firefox extensions. The move was intended to improve transparency around extension behavior and user privacy.
Counter Ransomware Initiative issues new supply chain security guidance
The Counter Ransomware Initiative released new guidance focused on supply chain security. The publication represented a policy and defensive response aimed at improving resilience against ransomware-related supply chain risks.
AWS suffers major outage tied to DNS defect
A major AWS outage was attributed to a DNS defect. The incident was noted as a significant cloud-service disruption affecting availability.
Russia proposes law mandating FSB reporting of vulnerabilities
Russia proposed legislation that would require all vulnerability disclosures to be reported to the FSB. The proposal prompted concern that vulnerability reporting could be redirected toward state misuse rather than coordinated disclosure.
Hacking Team resurfaces as Memento Labs with new spyware
The surveillance vendor formerly known as Hacking Team, now operating as Memento Labs, was reported to have resurfaced with new spyware. The development marked the re-emergence of a historically controversial spyware supplier.
Apple iOS 26 update found to overwrite shutdown logs
Apple's iOS 26 update was reported to overwrite shutdown logs, removing forensic evidence that could reveal Pegasus and Predator spyware infections. The finding raised concerns about the impact of the update on mobile forensic investigations.
Everest ransomware gang claims 280 GB theft from Svenska Kraftnät
The Everest ransomware gang claimed responsibility for the Svenska Kraftnät incident and said it exfiltrated 280 GB of data. This added an attacker attribution and a reported scale of data theft to the breach narrative.
Svenska Kraftnät confirms ransomware-related data breach
Sweden's power grid operator, Svenska Kraftnät, confirmed that it suffered a data breach related to a ransomware incident. The disclosure established the organization as a victim in a significant critical-infrastructure cyber event.
Attackers launch millions of attempts against GutenKit and Hunk Companion flaws
Threat actors targeted critical vulnerabilities in the WordPress plugins GutenKit and Hunk Companion in millions of exploitation attempts. The activity underscored the continued security risk posed by widely deployed plugin ecosystems.
CISA warns about exploitation of WSUS flaw CVE-2025-59287
Following reports of active exploitation of CVE-2025-59287 in Microsoft WSUS, CISA issued a warning urging attention to the vulnerability. The warning elevated the significance of the flaw beyond Microsoft's patch release.
Microsoft patches actively exploited WSUS RCE CVE-2025-59287
Microsoft released an urgent patch for CVE-2025-59287, a major remote code execution flaw in Windows Server Update Services (WSUS) that was reported as being under active exploitation. The issue was highlighted as one of the week's most critical vulnerability developments.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
10 references tracked. Mallory keeps watching after this page renders.
How I Made ChatGPT My Personal Hacking Assistant (And Broke Their “AI-Powered” Security) 🤖💥
infosecwriteups.com
Open sourceYou can’t audit how AI thinks, but you can audit what it does
helpnetsecurity.com
Open sourceShadow AI: New ideas emerge to tackle an old problem in new form
helpnetsecurity.com
Open sourceAI chatbots are sliding toward a privacy crisis
helpnetsecurity.com
Open sourceLotL Attack Hides Malware in Windows Native AI Stack
darkreading.com
Open sourceHow Cybercriminals Bypass Your Defenses (And How to Stop Them)
securitysenses.com
Open sourceSecurity Community Slams MIT-linked Report Claiming AI Powers 80% of Ransomware
socket.dev
Open sourceSOCast: No Shortcuts - A Discussion on Cyber Resilience
securitysenses.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI's Dual Role in Shaping Modern Cybersecurity Threats and Defenses
The rapid advancement and democratization of artificial intelligence have fundamentally altered the cybersecurity landscape, enabling both defenders and attackers to operate with unprecedented speed and sophistication. Security researchers have demonstrated that large language models can generate fully functional ransomware in under 30 seconds, drastically lowering the barrier for threat actors to create and iterate on malicious code. While some AI models still fail to produce working exploits, a significant portion succeed, raising concerns about the ease with which attackers can leverage these tools. At the same time, organizations are increasingly relying on AI for threat detection, analytics, and intrusion analysis, with many security leaders viewing AI as a necessary force multiplier to address skill shortages and burnout within their teams. Despite the promise of AI-driven defense, the technology introduces new risks, as evidenced by reports of cyber incidents linked to AI tools and concerns that automation may erode human decision-making. Industry surveys reveal that a majority of cybersecurity executives feel overwhelmed by threats without AI, yet remain wary of overreliance. Looking ahead, AI-powered defense systems are expected to become even more autonomous and adaptive, reducing incident response times and reshaping the strategic priorities of enterprises and governments alike. The evolving interplay between AI-enabled attacks and defenses underscores the urgent need for scalable prevention strategies and a renewed focus on digital trust in an increasingly automated world.
Mar 21, 2026
AI Security Risks and Defensive Innovations in Cybersecurity
AI is rapidly transforming the cybersecurity landscape, introducing both significant risks and powerful new defensive capabilities. The widespread adoption of AI tools in the workplace has led to a surge in employees using these technologies, with 65% of people now utilizing AI tools, up from 44% the previous year. However, this increased usage has not been matched by adequate security training, as 58% of employees have received no instruction on AI security or privacy risks. This gap has resulted in sensitive business information, including internal documents, financial data, and client details, being routinely entered into AI systems, raising the risk of data leakage and unauthorized access. Employees express substantial concern about AI's potential to amplify cybercrime, facilitate scams, bypass security systems, and enable identity impersonation, yet only 45% trust companies to implement AI securely. In parallel, AI is being leveraged by both attackers and defenders, with advanced models now capable of simulating and even outperforming human teams in vulnerability discovery and remediation. For example, AI models have been used to replicate major historical cyberattacks in simulation, demonstrating their potential for both offensive and defensive applications. In cybersecurity competitions, AI-driven systems have successfully identified and patched vulnerabilities, sometimes uncovering previously unknown flaws. Organizations like Anthropic have invested in enhancing their AI models to assist defenders, enabling the detection, analysis, and remediation of vulnerabilities in both code and deployed systems. These advancements have led to AI models matching or surpassing previous state-of-the-art systems in cyber defense tasks. At the same time, threat actors are exploiting AI to scale their operations, prompting security teams to develop new safeguards and monitoring techniques. The dual-use nature of AI in cybersecurity underscores the urgent need for robust security awareness training, updated policies, and technical controls to manage the risks associated with AI adoption. As AI continues to evolve, defenders must stay ahead by integrating AI-driven tools into their security operations while remaining vigilant against emerging threats. The current state of AI security is described as precarious, with urgent calls for organizations to address the human and technical factors contributing to risk. The future of cybersecurity will be defined by the ongoing arms race between AI-powered attackers and increasingly sophisticated AI-enabled defenders, making continuous adaptation and investment in AI security essential for organizational resilience.
Mar 21, 2026
AI-Driven Acceleration of Cyber Threats and Security Response
AI is fundamentally transforming the cybersecurity landscape, enabling both defenders and attackers to operate at unprecedented speed and scale. Security leaders and experts warn that artificial intelligence is now being leveraged by threat actors to automate and accelerate the exploitation of vulnerabilities, with some incidents of weaponization occurring before patches are even released. This rapid evolution has led to a negative time-to-exploit, as highlighted by Mandiant's analysis, and is driving concerns that a major AI-driven cyber incident, comparable to the impact of WannaCry, is inevitable. At the same time, organizations are urged to adopt AI-first security strategies, implement robust AI governance, and invest in AI-powered detection and response tools to counteract these emerging threats. Industry thought leaders emphasize that while AI offers significant advantages for threat detection, response automation, and operational resilience, it also introduces new risks such as automated phishing, deepfakes, and large-scale exploit campaigns. The consensus among experts is that most organizations are unprepared for the disruptive potential of AI in cybersecurity, and proactive measures—including the adoption of AI governance frameworks and the deployment of advanced AI-driven security solutions—are essential to manage the evolving threat landscape effectively.
Jan 6, 2026