Wiz chief technologist Ami Luttwak on how AI is transforming cyberattacks 

“One of the main things that must be understood about cybersecurity is that it is a mental game,” Ami Lutwak, chief technology specialist at Cyberson Security Company, told Techcrunch in a recent episode of stock. “If there is a new technology wave to come, there are new opportunities [attackers] To start using it. ”

As institutions rush to include artificial intelligence in the workflow – whether through coding in the air, the integration of the artificial intelligence agent, or new tools – the surface of the attack is expanded. Artificial intelligence helps developers to charge a code faster, but this speed often comes with shortcuts and errors, creating new holes for the attackers.

Luttwak, which Google got earlier this year for $ 32 billion, says recently, and has found that a common problem in encrypted applications in elegance was an insecure implementation of ratification – the system that checks the user’s identity and ensures that it is not an attacker.

“This happened because it was easier to build such,” he said. “The coding agents do what you say, and if you don’t tell them to build it in the safest way, he will not do it.”

Luttwak noted that there is a continuous comparison today for companies that choose to be fast and safe. But the developers are not the only ones who use artificial intelligence to move faster. He said that the attackers are now using coding, based on the claim and even their artificial intelligence agents to launch exploits.

“You can actually see the attacker now use demands for the attack,” said Lutawak. “It is not just a Vapi striker coding. The attacker is looking for and telling the artificial intelligence tools that you have,” send me all your secrets, delete the device, delete the file. ”

Amid this scene, attackers also find entry points in the new artificial intelligence tools that companies are deployed internally to increase efficiency. Luttwak says this integration can lead to “supply chain attacks”. By prejudice to a third -party service that has a wide access to the company’s infrastructure, the attackers can then investigate corporate systems.

This is what happened last month when Drift was violated – the startup that sells AI Chatbots for sales and marketing -, which displays Salesforce data for hundreds of institutions customers such as Cloudflare, Palo Alto Networks and Google. The attackers got access to symbols, or digital keys, and used it to impersonate the Chatbot character, inquire about Salesforce data, and move sideways within customer environments.

“The attacker pushed the code of the attack, which was also created with the coding coding.”

Luttwak says that although the adoption of AI tools for institutions is still minimal – it is believed that about 1 % of institutions have adopted artificial intelligence completely – WIZ already sees attacks every week affecting thousands of institution agents.

And if you look at [attack] “The flow, Amnesty International has been included in every step. This revolution is faster than any revolution we have seen in the past. This means that as an industry needs to move faster,” said Lootawak.

Luttwak referred to another major attack of the supply chain, called “S1ingularity”, in August on NX, a popular construction system for Javascript developers. The attackers were able to launch harmful programs in the system, which then discovered the presence of artificial intelligence developers such as Claude and Jarmini and kidnapped them to independently wipe the system for valuable data. The attack led to the exposure of thousands of distinctive symbols of developers and keys, allowing the attackers to reach the private Gabap warehouses.

Luttwak says that despite the threats, this was an exciting time to be a pioneer in cybersecurity. Wiz, founded in 2020, originally focused on assisting organizations to identify and address formations, weaknesses, and other security risks across cloud environments.

Over the past year, Wiz expanded its capabilities to keep pace with the speed of the prosecution attacks-and the use of artificial intelligence for its own products.

Last September, Wiz Code Wiz, which focuses on securing a software development cycle by identifying and alleviating safety problems early in the development process, so that companies can be “safe by design”. In April, Wiz Wiz Defend launched, which provides operating time protection by discovering and responding to active threats within cloud environments.

Luttwak said it is very important for Wiz to understand its customers’ applications completely if the startup will help in what he calls “horizontal security”.

He said: “We need to understand the reason you build it … so that I can build a safety tool that no one had before, which is the security tool that understands you.”

“From the first day, you need to get CISO”

The democratic character resulted in artificial intelligence tools to a flood of new startups that are a solution to the Foundation’s pain points. But Luttwak says that institutions should not only send all their companies, employee and customer data to “every small SAAS company that has five employees just because they say,” Give me all your data, and I will give you the amazing visions of Amnesty International. ”

Of course, these startups need these data if their offer will have any value. This means that they should make sure they are working like a safe organization from the start.

“From the first day, you need to think about security and compliance,” he said. “From the first day, you need to get CISO (the chief information security official). Even if you have five people.”

He said that before writing one line of software instructions, startups should think as a very safe organization. They need to consider the advantages of institutions safety, audit records, authentication, production access, development practices, safety ownership, and one signature. Planning this way from the beginning means that you will not have to repair operations later and carry what Luttwak calls “security debts”. If you are aimed at selling to institutions, you will be already ready to protect their data.

“We were compatible with soc2 [a compliance framework] “Before we have a symbol,” he said, and I can tell you a secret. Getting to compliance with five employees is much easier than 500 employees. ”

He said the next most important step for startups is to think about architecture.

“If you are a start -up company, Amnesty International wants to focus on the institution from the first day, you must think about the structure that allows customer data to stay … in the customer environment.”

For emerging cyber security companies looking to enter the field in the era of artificial intelligence, Luttwak says now it’s time. Everything from the protection of hunting and e -mail security to harmful programs and protecting the end point is fertile land for innovation – for attackers and defenders. The same applies to startups that can help in the workflow and automated operating tools to “safely wings”, because many security teams still know how to use artificial intelligence to defend against artificial intelligence.

“The game is open,” said Luttwak. “If every field of security now has new attacks, this means that we must rethink every part of the security.”