Nine out of ten of the most significant, most damaging, most widely covered cyber attacks of the last two years required no zero day vulnerabilities. They required a compromised maintainer account, a credential harvested by an infostealer, a Citrix portal without MFA, a developer targeted with a convincing social engineering campaign, a known CVE that an organisation never got around to patching, a database left exposed because nobody checked. These are not obscure attack classes. They are the same classes that have dominated breach data for a decade, and they are the classes that AI-powered attack capability - including the AI our own agents use - makes dramatically more exploitable at scale. submitted by /u/theonejvo
Originally posted by u/theonejvo on r/ArtificialInteligence