morto@piefed.social 2 days ago
I wonder if ai is enabling new attacks primarily because they allow to find vulnerabilities and coding the exploits, or because companies are using ai at their systems and putting generated insecure code into production
Gumus@lemmy.dbzer0.com 2 days ago
Vibecoding in production is definitely introducing vulnerabilities, but this is more about etablished systems. Current AI allows for cheap, fast and relatively easy exploration of vulnerabilities which in turn allows attackers to target systems that were previously not worth the effort.
There are a lot of bespoke systems, usually legacy code running on outdated OSes on obsolete hardware. This includes hospitals, banks, infrastructure, and many businesses. All viable targets now.
“Security by obscurity” doesn’t work anymore (if it ever did).