Francisco Valencia, CEO of Secure&IT, on the challenge of AI attacks

Yesterday morning I went to a new edition of the cybersecurity conferences of Secure&IT in Madrid with a fairly clear idea: to listen to how companies are using the artificial intelligence to better defend yourself and make life difficult for cybercriminals. It was a reasonable expectation. AI has become one of the great promises of the sector and it seemed logical to think that a good part of the conversation would revolve around its new defensive capabilities.

But the day left a much deeper reading. What is moving is not just another technological layer on top of the usual systems. It is the mental framework of cybersecurity itself. The speed of change, the sophistication of attacks, and the entry of new algorithm-based tools are forcing companies to rethink everything from how they patch software to how they anticipate threats. The feeling there, listening to the speakers, was clear: we are not facing a simple update of tools, but rather a change of era.

Francisco ValenciaCEO of Secure&IT, who I was able to interview a while agoput that idea on the table as soon as it began with a particularly graphic phrase: “We have always said that in cybersecurity we are one step behind cybercrime and we are now 10 steps behind cybercrime“The statement was surprising for its crudeness, but it also helped to organize the conversation. Looking at this disadvantage head-on, without selling false certainties, may be the first step to understanding what is coming.

Cybersecurity was waiting for an ally, but cybercrime has also found one

The key is that AI has not only changed the available tools, but also the balance of the game. Valencia put it crudely because, from his point of view, cybercriminals have taken off while many companies are still trying to decide how to use AI in a safe, useful and governed way. This difference in rhythm explains a good part of the diagnosis. Attackers don’t need to resolve every internal debate in an organization, justify every deployment, or wait for a perfect corporate policy. They just need to test, automate and exploit what works.

The speaker began by addressing one of the most disturbing pieces of this new scenario: the Dark LLM. LLMs, or large language models, are the technical layer that powers applications such as ChatGPT, Copilot or Gemini: systems capable of interpreting instructions, helping to program or solve complex tasks. The companies that develop them introduce limits, filters and guardrails to prevent harmful uses, both for safety and for the ethical criteria with which they design these systems. The Dark LLM, such as FraudGPT and WormGPTstart from a much more dangerous logic: offer similar capabilities, but without those barriers.

The interesting thing is that this logic does not always depend on creating a new model from scratch. Valencia also spoke of jailbreaka way of trying to avoid the limits of conventional AI through carefully constructed instructions. It’s not simply asking a system to do something forbidden, but wrapping that request in a context that pushes it to respond where it should stop. In practice, the result can be similar: capabilities of a powerful model put at the service of uses that large companies try to block.

This leap is very well understood when we move from the tool to deception. For years we have associated many fraud campaigns with clumsy, massive and easy-to-detect messages, but AI allows us to change the scale without giving up personalization. The CEO of Secure&IT summed it up with a very clear phrase: “I don’t need to send the Nigerian’s spam to 20 million people saying that I have fallen in love with 20 million people to see who will bite. I send the same email to 20 million, but I tell each one what they want to hear“That’s the difference: the attack can still be massive, but it no longer has to seem generic.

During the presentation a term also appeared that caught my attention: malware polymorphic. It may sound very technical, even more typical of a conversation between analysts than an article to understand what is happening, but it helps to land something important. We are no longer just talking about a malicious program that enters a computer and tries to repeat itself on other computers with the same behavior. It is something much more sophisticated: a threat capable of reaching a machine, reading the environment, identifying what defenses are in front of it and generating a version adapted to that specific scenario.

The consequence for security teams is obvious: if each machine receives a different variant, detecting patterns, relating signals and reconstructing the attack becomes much more difficult. It is no longer just a matter of finding a malicious file and following its trail across the network. In a scenario where “the virus on each computer is different“, the campaign can have the same objective, but leave different traces on each team. And when the traces change, the analysis is no longer linear.

Valencia’s message about automation was one of the clearest of the day: AI is taking time away from defense. For years, companies have had some margin between detecting a vulnerability, creating an exploit, and actually exploiting it. That margin could be imperfect, but it existed. It allowed you to organize analysis, prioritize patches and update systems every certain number of months. The phrase that best condenses the change is direct: “Until now time was a weapon to defend ourselves and now time is no longer a weapon to defend ourselves.”

The consequence is very practical. If before an organization could carry out vulnerability analyzes every several months and plan updates with some calm, that scheme is beginning to fall short. According to experts, an AI tool can search for a vulnerability, identify it, prepare the attack path, and run it in a matter of minutes. When “no time passes now,” updating late is no longer just bad practice: it can mean that the defense arrives after the attack has occurred. The diagnosis already marks the ground and prepares the underlying question: how does an organization defend itself when the old window of reaction is closing.

Another point of the day left me thinking because it points to a less visible type of threat, but with enormous potential for damage: leaks that never happened. Until not so long ago, manufacturing a fake database, massive and credible enough to pass off as stolen information, was technically much more complex. Now, with AI, that scenario begins to be much closer to those who want to cause harm. We are talking about generating synthetic records, packaging them as if they came from a company or a public body and letting suspicion do the rest. Because the problem is not only whether the breach existed, but the reputational damage that can occur while proving that it never occurred.

As AI becomes integrated into businesses, the perimeter changes as well. We are no longer just talking about protecting servers, laptops or email accounts, but about protecting the data that feeds the models and agents that begin to make decisions or propose actions. During the day, a particularly relevant idea appeared: data poisoning. If an AI system relies on internal documents to summarize, decide, or detect an attack, altering those documents can change the system’s own response. The attack, in that case, is not against the interface, but against the information that the AI ​​considers reliable.

It is no secret that many people already rely on artificial intelligence to work better, study, summarize documents, write more clearly or solve tasks that previously took much longer. In fact, a good part of the revolution we are experiencing is not that AI has appeared out of nowhere, but that access to these tools has been massively democratized. The technology was not born yesterday, but now it is in the browser, on the mobile and in services that anyone can try in a matter of minutes. And there begins a new tension for companies: what for an employee may be an immediate help, for the organization may become a blind zone.

That is the territory of Shadow AI. The problem is not that a worker wants to be more productive, but that they use AI tools that are outside the company’s orbit of control. It can occur when summarizing a report, pasting fragments of an internal document, consulting client data, or asking for help preparing a presentation with sensitive information. Valencia explained it from a very specific concern: each employee can have “their own”, their own artificial intelligence, even paid for by themselves, and that makes it much more difficult to know what information comes out, what service it reaches and under what conditions it is processed.

In that effort to rethink defense, one of the proposals that seemed interesting to me was PHASR, from Bitdefenderpresented by Roberto Perez. The idea is not to block tools indiscriminately, but to reduce the attack surface according to the real behavior of each user. The PowerShell example explains it well: it is a legitimate Windows tool, very useful for administrators and technical teams, but also very exploitable by attackers in Living off the Land techniques, where functions already present in the system are abused. If a Human Resources person does not need it for their daily work, restricting them to that specific profile can close a door without affecting those who do need to use it. It is just one example, and there are surely many others outside of this day and this article, but it points to a relevant idea: if the attack becomes more adaptive, the defense also has to learn to be so.

The day did not leave me with the feeling that there is a simple answer to all of this. The CEO of Secure&IT summed it up with a sensible warning: there is “no magic or single solution,” nor a button that can make an organization immune to AI-based strategies. It did, however, leave a fairly clear picture of how cybercriminals have been able to move quickly to take advantage of these tools and how that “step” of disadvantage that was talked about before has now become a much larger gap. Many questions remain open, but one conclusion seems difficult to avoid: the cybersecurity that served until recently it is no longer enough on its own. Reducing that distance will require technical, organizational, legal and cultural changes that go far beyond a single tool.

Images | Xataka

In Xataka | The most used passwords in Spain are hacked in seconds: if yours is on this list, you have a problem