Subj : Agentic AI will accelerat
To   : All
From : Mike Powell
Date : Thu May 01 2025 10:16 am

Agentic AI will accelerate social engineering attacks

Date:
Thu, 01 May 2025 07:39:04 +0000

Description:
Autonomous AI systems now launch sophisticated phishing campaigns with
unprecedented effectiveness.

FULL STORY
======================================================================

AI agents are everywhere today and are reshaping how social engineering
works. These autonomous systems now independently launch coordinated phishing
campaigns across multiple channels simultaneously, operating with an
efficiency human attackers cannot match. They work continuously, make fewer
mistakes, and require no supervision to effectively target organizations.

And they are effective. AI-generated phishing emails achieve a 54%
click-through rate compared to just 12% for their human-crafted counterparts.
What makes these attacks so effective? Unlike batch-and-blast approaches, AI
agents build detailed psychological profiles from vast datasets, crafting
messages that speak directly to individual fears, habits and vulnerabilities.

More troubling is their adaptive intelligence. These systems learn from each
interaction, adjusting tactics based on your responses in real-time across
email , text, voice calls and social platforms simultaneously. A hesitant
reply becomes valuable feedback that sharpens the next approach.

Security teams find themselves outpaced as conventional defenses crumble
against threats that evolve by the minute. The production scale is equally
concerning: thousands of personalized phishing attempts generated in seconds,
each one refined by previous successes and failures.

Leading organizations are responding with their own AI-powered defensive
systems that detect subtle patterns human analysts might miss. This arms race
has also accelerated interest in fundamentally different authentication
approaches and cybersecurity awareness programs that address these new
psychological vectors.

The question isn't whether your organization will face these advanced
attacks, but whether you'll recognize them when they arrive.

But What The Heck Are AI Agents Anyway?

Between marketing hype and technical jargon, understanding what constitutes
an "AI agent" has become unnecessarily complicated. At its core, an AI agent
is simply software that can act independently toward specific goals without
constant human guidance.

Unlike traditional automation tools that follow rigid instructions, agents
perceive their environment, make decisions based on what they observe, and
adapt their approach as circumstances change. The most sophisticated agents
can plan multi-step sequences, learn from mistakes, and improve strategies
over time.

These capabilities come in different forms. Basic reactive agents respond to
triggers without memory or context. More advanced proactive agents initiate
actions to accomplish specific objectives. Learning agents continuously
refine their performance through feedback, while fully autonomous agents
operate with minimal human oversight.

What separates modern AI agents from previous technologies is their ability
to handle uncertainty and complexity. Using large language models and other
AI tools, today's agents can understand natural language, recognize patterns
across massive datasets, and navigate ambiguous situations with remarkably
human-like reasoning.

This flexibility makes agents valuable for legitimate tasks like customer
service, data analysis, and process automation. However, these same
characteristicsautonomous operation, adaptability, and social
intelligencecreate perfect tools for sophisticated social engineering when
repurposed for attacks.

Why AI Agents Excel at Social Engineering

The marriage of AI agents with social engineering creates uniquely effective
attacks that traditional security measures struggle to counter. Their
advantage comes from automating the most labor-intensive parts of social
engineering while simultaneously improving the quality of each interaction.

Reconnaissance, traditionally the most time-consuming phase, happens
automatically as agents collect and analyze digital breadcrumbs scattered
across social media , company websites, and public records. These systems
build comprehensive profiles of potential targets without human effort,
identifying vulnerabilities in seconds rather than days.

The resulting attacks achieve unprecedented personalization. Rather than
generic "Dear Customer" messages, AI agents craft communications that
reference specific projects, colleagues, interests, or recent activities.
This contextual awareness makes phishing attempts nearly indistinguishable
from legitimate communications.

Perhaps most concerning is their ability to adapt in real-time. When a target
hesitates or questions an initial approach, agents adjust their tactics
immediately based on the response. This continuous refinement makes each
interaction more convincing than the last, wearing down even skeptical
targets through persistence and learning.

The economics also shift dramatically in the attacker's favor. AI-generated
campaigns achieve higher success rates at a fraction of the cost of
traditional methods. A single operator can now orchestrate thousands of
simultaneous, personalized attacks across email, voice, text, and social
platformseach one polished and grammatically perfect.

These capabilities create a democratizing effect in cybercrime. Advanced
social engineering no longer requires elite skills or resources. The
technical barriers have fallen, allowing even inexperienced attackers to
execute sophisticated campaigns with minimal investment or expertise.

Most alarming is how these systems improve over time. Each successful or
failed attempt becomes valuable training data that refines future attacks. AI
agents effectively learn which approaches work best for specific
demographics, industries, or individuals, making each campaign more effective
than the last.

AI Agents Expand Your Attack Surface

The introduction of AI agents into business operations creates new entry
points for attackers while also expanding the scope of what they can target.
Each AI-powered system, tool, or service becomes another potential vector
requiring protection and monitoring.

Security leaders need comprehensive exposure management strategies that
account for these expanded attack surfaces. With over 80% of breaches
involving external actors, organizations must prioritize defensive measures
that address these new vulnerabilities:

Focus on external exposures. Continuously monitor internet-facing assets,
especially AI endpoints and related infrastructure, where the majority of
initial compromises occur.

Find everything: Conduct exhaustive discovery across all business units,
subsidiaries, cloud services , and third-party integrations. AI systems often
create complex dependency chains that introduce unexpected exposure points.

Test everything: Implement regular security testing on all exposed assets,
not just "crown jewel" systems. Traditional approaches miss how seemingly
low-priority systems can provide backdoor access when connected to AI
infrastructure.

Prioritize based on risk : Evaluate threats based on business impact rather
than technical severity alone. Consider data sensitivity, operational
dependencies, and regulatory implications when allocating remediation
resources.

Share broadly: Integrate findings into existing security operations through
automation and clear communication channels. Ensure relevant stakeholders
receive information that informs broader security operations and incident
response processes.

AI agents are already accelerating social engineering attacks beyond what
traditional defenses can handle. Security teams must implement robust
exposure management now, while building AI-specific detection capabilities,
or risk finding themselves outmatched by attacks they can't distinguish from
legitimate communications.

This article was produced as part of TechRadarPro's Expert Insights channel
where we feature the best and brightest minds in the technology industry
today. The views expressed here are those of the author and are not
necessarily those of TechRadarPro or Future plc. If you are interested in
contributing find out more here:
https://www.techradar.com/news/submit-your-story-to-techradar-pro

======================================================================
Link to news story:
https://www.techradar.com/pro/agentic-ai-will-accelerate-social-engineering-at
tacks

$$
--- SBBSecho 3.20-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

You are viewing proxied material from cvs.synchro.net. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.