Forescout’s Vedere Labs has published new research examining the real-world threat posed by generative AI in cyberattacks. While public concern is growing around “vibe hacking“, a term describing AI-driven, autonomous hacking, the research findings suggest the threat remains in its early stages. Based on more than 50 simulations involving generative AI models, researchers concluded that while the technology shows potential for misuse, it is not yet an imminent danger.
The research evaluates the effectiveness of leading large language models (LLMs) in performing tasks related to vulnerability research (VR) and exploit development (ED). The study spans commercial, open-source, and underground AI models.
Key findings include:
- High Failure Rates: 48% of models failed the first VR task, 55% failed the second; 66% failed the first ED task, and a staggering 93% failed the second.
- Instability and Inconsistency: Most models were unreliable, often producing different outputs across identical prompts, experiencing timeouts, or generating unusable results.
- No End-to-End Threat: No single model was capable of completing all required stages of an exploit pipeline, limiting real-world threat viability today.
- Commercial vs. Underground Tools: Commercial models performed the best, but only three produced a working exploit. Open-source tools struggled the most, while free underground models performed better but suffered from usability and output issues.
Michele Campobasso, Forescout’s Senior Security Researcher for EMEA, “This current wave of AI popularisation, AI-assisted or not, threat actors are likely to continue relying on familiar tactics, techniques, and procedures (TTPs). An AI-generated exploit is still just an exploit, it can be detected, blocked, or mitigated by patching.
“This means that the fundamentals of cybersecurity remain unchanged. Core principles such as cyber hygiene, defense-in-depth, least privilege, network segmentation and Zero Trust are still critical. Investments in risk and exposure management, network security and threat detection and response remain not only valid, but more urgent than ever.
“If AI lowers the barrier to launching attacks, we may see them become more frequent, but not necessarily more sophisticated. Rather than reinventing defensive strategies, organisations should focus on enforcing them more dynamically and effectively across all environments.”
The full blog is available here: https://www.forescout.com/blog/artificial-exploits-real-limitations-how-ai-cyber-attacks-fall-short/
The post Forescout Vedere Labs shows “vibe hacking” isn’t quite the threat it’s made out to be… yet appeared first on IT Security Guru.
The original article found on IT Security Guru Read More
