SoSafe’s report delves into the global tension between AI adoption and the resulting security risks, reflecting the insights of 500 security professionals and 100 SoSafe customers from 10 countries.
A striking 87% of respondents reported experiencing AI-driven cyberattacks in the past year, with 91% expecting a significant increase in such threats over the next three years. Despite this alarming trend, only 26% of organizations expressed high confidence in their ability to detect these attacks, highlighting their vulnerability.
Moreover, advancements in AI are facilitating multichannel cyberattacks, enabling attackers to penetrate defenses through email, text, social media, and other platforms. A significant 95% noted a marked increase in this type of attack over the last two years.
An illustrative example of this dynamic involved WWP’s CEO, where attackers utilized WhatsApp to establish trust, transitioned to Microsoft Teams for further interaction, and employed an AI-generated deepfake voice call to extract sensitive information and funds. This indicates that the adoption of AI is inadvertently widening organizations’ attack surfaces, making them more susceptible to data poisoning and AI hallucinations.
SoSafe’s survey revealed that 55% of organizations have not fully implemented measures to mitigate the risks associated with their internal AI solutions, and apprehensions are growing. Obfuscation techniques, such as AI methods designed to conceal the origins and intent of attacks, are the top concern for over 51% of respondents.
Additionally, 45% cited the emergence of entirely new attack methodologies as their primary worry, while 38% highlighted the scale and speed of automated attacks. Andrew Rose, CSO of SoSafe, stated, “AI is dramatically enhancing the sophistication and personalisation of cyberattacks. Although organizations appear aware of the threat, our data indicates a lack of confidence in their ability to detect and respond to these attacks.”
Rose added, “By targeting victims across multiple communication platforms, attackers can emulate normal communication patterns, making their attacks seem more legitimate. Simple email attacks are evolving into 3D phishing that seamlessly combines voice, video, or text elements to create sophisticated AI-powered scams.
“Even the benevolent AI that organizations use for their own benefit can be weaponized by attackers to discover valuable information, key assets, or to circumvent other controls. Many firms deploy AI chatbots for support but few consider the risk of these chatbots inadvertently assisting attackers in gathering sensitive data, identifying crucial personnel, and uncovering corporate insights. It is essential for businesses to pair their AI adoption with a robust security strategy that addresses both technological and human vulnerabilities,” Rose explained.
Niklas Hellemann, CEO of SoSafe, remarked, “While AI certainly presents new challenges, it also serves as one of our greatest allies in safeguarding organizations against ever-evolving threats. However, AI-driven security is only as effective as the individuals who operate it. Cybersecurity awareness is critical. Without informed employees who can identify and respond to AI-driven threats, even the most advanced technology can fall short. By integrating human expertise, security awareness, and the strategic application of AI, we can stay ahead of the curve and build more resilient organizations.”