AI/ML, Threat Intelligence

Automated cyberattacks possible with LLMs, study finds

"LLM" over a digital brain

Autonomous cyberattacks mimicking the 2017 Equifax hack that affected almost 147 million U.S. customers' information have been facilitated by the new Incalmo attack toolkit developed using large language models, Cybersecurity Dive reports.

Ninety percent of small enterprise environments had certain sensitive data exfiltrated by Incalmo in a simulation conducted by Carnegie Mellon and Anthropic researchers, who noted LLM usage for high-level attack strategy and both LLM and non-LLM agents for exploit deployment and other less demanding tasks. With Incalmo showing promise in executing cyberattacks without human intervention, modern cybersecurity defenses' capabilities in thwarting such a threat remain uncertain, according to lead researcher Brian Singer. "Currently, a lot of cybersecurity defenses rely on human operators and I am not sure how well that will scale up to machine-timescale defenses. For this reason, we are currently exploring research into defenses for autonomous attacks and LLM-based autonomous defenders," said Singer.

An In-Depth Guide to AI

Get essential knowledge and practical strategies to use AI to better your security program.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds