What is the single most important finding in the 2024 SANS report?

For the first time, all five of the most dangerous new attack techniques identified are directly powered by Artificial Intelligence, indicating a fundamental shift in how cyberattacks are developed and executed.

How does AI make phishing attacks more dangerous?

AI, particularly Large Language Models (LLMs), can generate highly convincing, grammatically perfect, and contextually aware phishing emails at a massive scale. It can also create deepfake audio or video to impersonate trusted individuals, making social engineering far more believable.

What is a 'prompt injection' attack?

A prompt injection attack involves crafting a malicious input (a 'prompt') to trick an AI model, like a chatbot, into performing an unintended action. This could include bypassing its safety filters, revealing sensitive data it was trained on, or generating malicious code.

Are AI-powered defenses enough to stop these attacks?

While AI-powered defense tools are essential for detecting sophisticated threats, they are not a silver bullet. A comprehensive strategy requires updated employee training, strong verification processes (especially for financial transactions), secure AI development practices, and robust data governance.

SANS report: The top 5 most dangerous new attack techniques are all powered by AI

An unprecedented shift in the threat landscape

Each year, the cybersecurity community turns its attention to the SANS Institute's list of the most dangerous new attack techniques, a bellwether for emerging threats. The latest report, however, marks a watershed moment. For the first time in its history, every single one of the top five techniques is directly enabled or enhanced by Artificial Intelligence (AI). This is not an evolution; it's a fundamental change in the nature of cyber conflict.

According to John Pescatore, SANS Director of Emerging Security Trends, while AI has long been a topic of discussion, the widespread availability of powerful generative AI and Large Language Models (LLMs) in 2023 was the inflection point. Adversaries now have democratized access to capabilities that were once the domain of highly-resourced nation-states. Understanding these five AI-driven attack vectors is the first step toward building an effective defense.

The five horsemen of the AI apocalypse

The SANS report deconstructs how attackers are weaponizing AI. These techniques are not just theoretical; they are being actively developed and deployed, increasing the speed, scale, and sophistication of cyberattacks.

1. AI-powered phishing and social engineering

Traditional phishing emails are often plagued by grammatical errors and generic greetings, making them easier to spot. AI eradicates these tell-tale signs. LLMs can now generate flawless, hyper-personalized, and contextually relevant messages that mimic a target's communication style. By scraping public data from social media and corporate websites, an AI can craft a lure that references a recent project, a colleague's name, or a personal event, making it almost indistinguishable from a legitimate email. The danger extends beyond text, with AI-generated deepfake audio and video enabling convincing voice phishing (vishing) attacks that impersonate executives or family members with chilling accuracy.

2. AI-enhanced malware and autonomous exploitation

Malware development is also being supercharged by AI. Machine learning models can be used to create polymorphic malware that constantly changes its code to evade signature-based detection tools. More alarmingly, AI can accelerate the discovery and weaponization of software vulnerabilities. An AI agent could potentially be tasked with scanning a target network, identifying a vulnerability, generating custom exploit code, and deploying a payload, all with minimal human intervention. This moves the industry closer to the reality of autonomous cyberattacks that operate at machine speed.

3. The abuse of AI models themselves

As organizations integrate AI into their own applications, the models themselves become a new and valuable attack surface. SANS highlights several key threats in this area:

Prompt Injection: Attackers craft malicious inputs (prompts) to fool an LLM into bypassing its safety controls, revealing sensitive training data, or executing harmful commands.
Data Poisoning: By feeding malicious or biased information into an AI model's training dataset, an attacker can corrupt its behavior. This could be used to create a hidden backdoor, degrade the model's performance, or make it systematically ignore certain types of threats.
Model Inversion: A sophisticated attack where an adversary attempts to reconstruct sensitive private data that was used to train a publicly accessible model.

4. AI-driven reconnaissance and target profiling

The initial reconnaissance phase of an attack is often the most time-consuming. AI automates and scales this process exponentially. Machine learning algorithms can sift through vast oceans of open-source intelligence (OSINT)—from social media posts and professional networks to dark web data dumps—to build incredibly detailed profiles of organizations and key personnel. This intelligence provides attackers with everything they need to craft a perfectly tailored attack, identifying the weakest links and the most effective social engineering angles. This level of automated surveillance underscores the need for better personal privacy protection online.

5. Deepfakes and synthetic media attacks

The ability to create realistic fake audio, video, and images poses a severe threat to business operations and societal trust. The primary concern highlighted by SANS is the rise of "Business Email Compromise (BEC) 3.0." In these scenarios, attackers use deepfake audio to impersonate a CEO or CFO on a phone or video call, instructing an employee to authorize an urgent, fraudulent wire transfer. The convincing nature of this synthetic media bypasses many traditional checks and balances, leading to significant financial losses. Beyond fraud, deepfakes are a powerful tool for spreading disinformation and manipulating public opinion.

Impact assessment: A pervasive and escalating threat

The impact of these AI-driven attacks is universal. Financial institutions are prime targets for deepfake fraud, while critical infrastructure faces the risk of autonomous attacks designed to cause disruption. Organizations holding valuable intellectual property or customer data are targeted by hyper-personalized phishing campaigns. Governments must contend with sophisticated espionage and disinformation operations.

For individuals, the risks are just as severe. The line between genuine and fake communication is blurring, making everyone vulnerable to advanced scams, identity theft, and blackmail. The very fabric of digital trust is at risk, as seeing or hearing is no longer believing.

How to protect yourself: Adapting defenses for the AI era

Defending against AI-powered attacks requires a multi-layered strategy that goes beyond traditional security tools. Both organizations and individuals must adapt their security posture.

For organizations:

Enhance Security Training: Update employee awareness programs to specifically address AI-generated threats. Use simulations of sophisticated phishing emails and deepfake audio to teach employees how to spot the subtle clues.
Implement Multi-Channel Verification: For any sensitive action, especially financial transactions or data access requests, enforce a strict out-of-band verification process. A request received via email must be confirmed via a phone call to a known number or an in-person conversation.
Secure Your AI Supply Chain: If you are developing or deploying AI models, adopt a secure development lifecycle. Vet third-party models, protect the integrity of your training data, and conduct adversarial testing to find and fix vulnerabilities like prompt injection.
Leverage AI for Defense: Fight fire with fire. Deploy modern security solutions that use AI and machine learning to detect anomalous behavior, identify sophisticated phishing attempts, and counter polymorphic malware.

For individuals:

Cultivate Healthy Skepticism: Treat any unsolicited or urgent request with caution, no matter how convincing it seems. Verify requests from friends, family, or colleagues through a separate communication channel.
Use Strong Authentication: Enable multi-factor authentication (MFA) on every account that offers it. This provides a critical layer of defense against credential theft.
Manage Your Digital Footprint: Be mindful of the information you share publicly online. The less data attackers have, the harder it is for them to create a personalized lure. Using a VPN service can also help mask your online activities from prying eyes.

The SANS report is not a prediction of a distant future; it is an analysis of the present reality. Adversaries have embraced AI as a force multiplier, and defenders have no choice but to do the same. The battle has shifted, and preparedness is the only path to resilience.