In discussions around the future of AI and cyber-threats, we often wonder when we can expect to see malicious or offensive AI attacks in the wild. While we have not yet seen conclusive evidence of execution, this report will show that all the tools and open-source research needed to facilitate an AI-augmented attack exist today.
This report will document an end-to-end attack lifecycle, and how each stage could leverage elements of the AI ‘toolkit’ to improve and streamline the process. Attackers will, of course, evolve their tools to drive efficiency gains, however these tradecraft improvements are iterative and do not happen all at once. Furthermore, while it is likely that adversaries today are already leveraging AI in some capacity to improve individual attack phases, this report shows an end-to-end AI-driven attack purely as a thought experiment.