That doesn’t come at the expense of complexity, adds DT’s chief security officer, Thomas Tschersich. As far as the engineer behind the honeypot is concerned, the difference between the classical and the AI-powered variety is similar to filming a movie scene using complex wooden sets constructed on a back lot or CGI: both are facades, but the latter is much less expensive while remaining nigh-on indistinguishable from a fake city street painstakingly constructed out of plywood. Even better, the AI-powered honeypot can adapt to the requests of the hacker in real time, making it more likely they’ll stay in the trap for longer periods without realizing they’re in one in the first place. In the end, says Tschersich, you can raise the authenticity of interactions with threat actors without this being associated with high investments.
That’s become more important amid a spike in attacks on organizations that begin with threat actors having already obtained valid credentials to access systems. In these scenarios, says Candela, defenders “are blind once an attacker is inside” the network. By keeping threat actors occupied at traditional attack points for longer and deploying AI-powered honeypots in less traditional locations, such as APIs and within AI agents, says Candela, organizations can steal a march on their opponents.
What, then, are we all learning from the deployment of this larger, AI-powered net? The big development, explains Candela, is the use of AI by the cybercriminals themselves. It is “democratizing attacks” with threat actors now using coding assistants to not only rapidly generate and deploy exploit code at scale but also use AI to probe vulnerabilities in target systems automatically. “Open-source AI red-team tools mean autonomous agents can now scan, exploit and adapt without human input,” says Candela.
Click Here For The Original Source.
