Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report.

Cyber criminals are shifting focus

Increased chatter in illicit markets and dark web forums is a sign of interest. X-Force hasn’t seen any AI-engineered campaigns yet. However, cyber criminals are actively exploring the topic. In 2023, X-Force found the terms “AI” and “GPT” mentioned in more than 800,000 posts on dark web forums and illicit markets. That high level of activity provides an accurate gauge of interest. These attacks may not be happening now, but this interest indicates groundwork and planning phases.

The consolidation of the AI market will mark a turning point

Threat actors run criminal enterprises like businesses. Before investing in plans and infrastructure, they want assurances of ROI. Today, there are too many GenAI tools and platforms spread across too many companies. X-Force believes that once the market matures to where a single technology dominates a 50% market share or when three or fewer technologies corner the market, then cyber criminals will launch attacks. To achieve ROI, GenAI needs to be ubiquitous across enterprises worldwide. Without ubiquity, attacks cost too much time and money. When the market narrows, GenAI attacks will start in earnest.

Explore AI cybersecurity solutions

Past is prologue

Previous threats had similar life cycles. X-Force believes market consolidation and maturity play a role. X-Force has assessed tech disruption and threat maturity for over a decade. This year’s index offers three compelling examples that show the 50% market share milestone has on cyber threat cycles. Their first example is Windows Server market dominance, which triggered the development of point-of-sale (POS) malware and human-operated ransomware attacks that relied on Active Directory. Next, business email compromise (BEC) scams moved to the forefront when Microsoft 365 approached a 50% market share. Finally, Infrastructure-as-a-Service (IaaS) consolidation drove crypto mining malware exploits. The in-depth detail of these examples is contained in the full report and is worth a read.

AI adoption will outpace security measures

As the threat index report notes, “the rush to adopt GenAI is currently outpacing the industry’s ability to understand the security risks these new capabilities will introduce.” This outpacing is common with new technology because tech adoption tends to be more freewheeling and experimental in early phases with less oversight and regulation within a company. Plus, the newer the tech, the less aware companies are about potential vulnerabilities and what it would take to secure against them. It’s often in the aftermath of attacks that security holes become obvious.

AI security threats are coming. How can you prepare?

Better security in the AI era is a widely recognized need as AI security threats proliferate. Even though GenAI attacks aren’t happening at scale yet, the time is fast approaching. Put an incident response plan in place. Or, if you already have an IR plan, expand it to include specifics related to AI attacks. Those specifics might include tracking and defending against known vulnerabilities, adding response team members familiar with AI and increasing data protections for your AI models and data sets. You need a plan customized to your business, but the goals should be to reduce your response time, remediate the damage and recover from the attack. Include practice sessions and drills to prepare your response team for when these attacks happen.

X-Force also recommends that you establish secured AI business models that recognize that AI security is broader than AI itself. The IBM Framework for Securing Generative AI is one model. This framework includes securing training data, AI models and the infrastructure that supports both. A key benefit of AI is being able to offload operational business tasks. AI governance provides operational guardrails to ensure your AI model doesn’t stray from its original design purpose and acts as expected.

The IBM X-Force Threat Intelligence Index 2024 provides insights and recommendations for how to address the most immediate threats your business faces and the future threats you can plan for now. Download the report so you can prepare now for the GenAI security threats to come.

More from Risk Management

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

4 min read - Once relegated to the fringes of business operations, cybersecurity has evolved into a front-and-center concern for organizations worldwide. What was once considered a technical issue managed by IT departments has become a boardroom topic of utmost importance. With the rise of sophisticated cyberattacks, the growing use of generative AI by threat actors and massive data breach costs, it is no longer a question of whether cybersecurity matters but how deeply it affects every facet of modern operations.The 2024 Allianz Risk…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today