AI adoption brings back old security gaps, says Mandiant

Infosecurity Magazine reports that Mandiant, a cybersecurity company and subsidiary of Google, has warned firms that reckless integration of artificial intelligence into their systems could lead to new security flaws and the re-emergence of vulnerabilities that were identified and resolved in the past.

The company has identified major security gaps in organizations using AI during controlled attack simulations. These include weak data management, exposed unencrypted data flows between AI tools and browsers, and flaws that enable attackers to modify security settings and bypass protections. After gaining initial access through social engineering, the AI-enabled systems were sometimes leveraged by attackers to escalate actions such as data theft and policy manipulation. The company emphasizes the importance of strict AI governance and consistent cybersecurity practices.

"It's possible that these mistakes partly come from the fact that CISOs aren't always involved in the deployment of AI workflows, among many other reasons, I don't want to speculate, but the lack of basic security controls around AI workflow deployments is there and its a significant risk," says Jurgen Kutscher, vice president of Mandiant.