SecureIT

Yesterday morning I went to a new edition of the cybersecurity conferences of Secure&IT in Madrid with a fairly clear idea: to listen to how companies are using the artificial intelligence to better defend yourself and make life difficult for cybercriminals. It was a reasonable expectation. AI has become one of the great promises of the sector and it seemed logical to think that a good part of the conversation would revolve around its new defensive capabilities. But the day left a much deeper reading. What is moving is not just another technological layer on top of the usual systems. It is the mental framework of cybersecurity itself. The speed of change, the sophistication of attacks, and the entry of new algorithm-based tools are forcing companies to rethink everything from how they patch software to how they anticipate threats. The feeling there, listening to the speakers, was clear: we are not facing a simple update of tools, but rather a change of era. Francisco ValenciaCEO of Secure&IT, who I was able to interview a while agoput that idea on the table as soon as it began with a particularly graphic phrase: “We have always said that in cybersecurity we are one step behind cybercrime and we are now 10 steps behind cybercrime“The statement was surprising for its crudeness, but it also helped to organize the conversation. Looking at this disadvantage head-on, without selling false certainties, may be the first step to understanding what is coming. Cybersecurity was waiting for an ally, but cybercrime has also found one The key is that AI has not only changed the available tools, but also the balance of the game. Valencia put it crudely because, from his point of view, cybercriminals have taken off while many companies are still trying to decide how to use AI in a safe, useful and governed way. This difference in rhythm explains a good part of the diagnosis. Attackers don’t need to resolve every internal debate in an organization, justify every deployment, or wait for a perfect corporate policy. They just need to test, automate and exploit what works. The speaker began by addressing one of the most disturbing pieces of this new scenario: the Dark LLM. LLMs, or large language models, are the technical layer that powers applications such as ChatGPT, Copilot or Gemini: systems capable of interpreting instructions, helping to program or solve complex tasks. The companies that develop them introduce limits, filters and guardrails to prevent harmful uses, both for safety and for the ethical criteria with which they design these systems. The Dark LLM, such as FraudGPT and WormGPTstart from a much more dangerous logic: offer similar capabilities, but without those barriers. The interesting thing is that this logic does not always depend on creating a new model from scratch. Valencia also spoke of jailbreaka way of trying to avoid the limits of conventional AI through carefully constructed instructions. It’s not simply asking a system to do something forbidden, but wrapping that request in a context that pushes it to respond where it should stop. In practice, the result can be similar: capabilities of a powerful model put at the service of uses that large companies try to block. This leap is very well understood when we move from the tool to deception. For years we have associated many fraud campaigns with clumsy, massive and easy-to-detect messages, but AI allows us to change the scale without giving up personalization. The CEO of Secure&IT summed it up with a very clear phrase: “I don’t need to send the Nigerian’s spam to 20 million people saying that I have fallen in love with 20 million people to see who will bite. I send the same email to 20 million, but I tell each one what they want to hear“That’s the difference: the attack can still be massive, but it no longer has to seem generic. The attack may still be massive, but it no longer has to feel generic. During the presentation a term also appeared that caught my attention: malware polymorphic. It may sound very technical, even more typical of a conversation between analysts than an article to understand what is happening, but it helps to land something important. We are no longer just talking about a malicious program that enters a computer and tries to repeat itself on other computers with the same behavior. It is something much more sophisticated: a threat capable of reaching a machine, reading the environment, identifying what defenses are in front of it and generating a version adapted to that specific scenario. The consequence for security teams is obvious: if each machine receives a different variant, detecting patterns, relating signals and reconstructing the attack becomes much more difficult. It is no longer just a matter of finding a malicious file and following its trail across the network. In a scenario where “the virus on each computer is different“, the campaign can have the same objective, but leave different traces on each team. And when the traces change, the analysis is no longer linear. Secure&IT dedicated its cybersecurity days this year to analyzing how AI is changing the sector Valencia’s message about automation was one of the clearest of the day: AI is taking time away from defense. For years, companies have had some margin between detecting a vulnerability, creating an exploit, and actually exploiting it. That margin could be imperfect, but it existed. It allowed you to organize analysis, prioritize patches and update systems every certain number of months. The phrase that best condenses the change is direct: “Until now time was a weapon to defend ourselves and now time is no longer a weapon to defend ourselves.” The consequence is very practical. If before an organization could carry out vulnerability analyzes every several months and plan updates with some calm, that scheme is beginning to fall short. According to experts, an AI tool can search for a vulnerability, identify it, prepare the attack path, and run it … Read more