Forget AI art — AI-powered cyberattacks are what we should be worried about

An AI-powered hand reaching out of a laptop
(Image credit: Google)

From the viral Lensa app to the image generator Starryai, AI art has been in the news quite a lot lately and for good reason. Images that once took human artists hours or even days to create can now be made by an AI art generator in a fraction of that time.

However, while artists are staging mass protests over AI-generated images appearing on the site ArtStation, I’m more concerned about the implications AI will have on cybersecurity. 

Sure, automated tools that make the jobs of cybercriminals even easier already exist but imagine if they could launch coordinated campaigns and sophisticated cyberattacks with the push of a button or even worse — if an AI could carry out attacks on its own like Skynet.

These concerns are shared by the Finnish Transport and Communications Agency and the Finnish National Emergency Supply Agency which have released a new report (opens in new tab) (PDF) on the matter co-created with the cybersecurity firm WithSecure (previously F-Secure). 

As AI becomes more prevalent and we begin using it for more than generating portraits or even predicting what the next iPhone and Apple Car could look like, cybercriminals will likely look to add this emerging technology to their arsenal. Fortunately, the report found that the use of AI in cyberattacks is still quite limited at the moment.

We’re safe, for now at least

As reported by Cybernews (opens in new tab), the report’s authors found that AI isn’t really used in today’s cyberattacks. When it is used though, it’s limited to social engineering as a means to gain more information on a target.

The future is a bit more worrying, though, as cybercriminals will likely develop their own AI within the next five years. This AI could be capable of finding vulnerabilities, collecting information on compromised systems or targets or even planning and launching cyberattacks.

In the report, WithSecure intelligence researcher Andy Patel points out that nation-state hackers will likely be the first to deploy AI in their attacks as they have significantly more resources than your run-of-the-mill cybercriminals. However, this technology “will likely trickle down to less skilled adversaries and become more prevalent in the threat landscape,” according to Patel.

Although nation-state hackers and cybercriminals will get their hands on AI technology at some point, cybersecurity firms and tech giants like Google already use AI to detect new threats. As long as their AI models and programs aren’t surpassed by hackers, most of these new threats will likely be thwarted. However, we’re only human and AI could be used to trick us into falling for scams we’d normally avoid.

AI-powered phishing attacks will likely arrive first

Fish hook on a keyboard

(Image credit: Shutterstock)

When it comes to AI-powered cyberattacks, the report suggests that we’ll first see AI pop up in phishing and voice phishing (or vishing) attacks due to how well the technology does at impersonation.

Deepfakes are a great example of AI being used to impersonate important people like government officials and celebrities. Now imagine if all the work used to create a deepfake video or image was put into designing a chatbot that pretended to be someone official either in emails or over the phone. How many people would willingly give up sensitive, personal information if they thought this chatbot was someone from law enforcement or even a relative or a friend.

AI-powered phishing attacks are certainly a future threat we need to look out for but they likely won’t become commonplace anytime soon. At the same time, there will probably be signs that cybercriminals are looking to leverage AI in their attacks before they even begin carrying them out. There’s no doubt in my mind that governments and companies around the world are already preparing to deal with this threat for when it does rear its ugly head.

How to stay safe online

AI-powered cyberattacks are still a ways off, but there’s plenty you can do now to protect yourself from today’s cyber threats. 

Passwords are often the weakest link when it comes to security, which is why you should ensure you’re using strong, complex and unique passwords for each of your online accounts. To do so, you can use a password generator — there are plenty of free ones available online. 

For additional protection though, you may want to consider using one of the best password managers, as they can securely store your passwords, help you come up with new ones and many can alert you when one of your passwords was exposed in a data breach.

Meanwhile, the best antivirus software can help protect your PC, the best Mac antivirus can keep your Apple computers secure and the best Android antivirus apps are worth taking a look at as well since there are so many malicious Android apps.

When it comes to phishing and other online scams, you should always carefully inspect any emails you receive from unknown senders. Look for spelling and grammar mistakes as these are a big red flag and you should also check the sender’s email address as scammers frequently impersonate big brands like Amazon or PayPal.

While there isn’t a whole lot you can do to defend against AI-powered cyberattacks on your own, improving your security hygiene will help you build the habits you’ll need to stay safe online in the future.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.