In 2019, attackers targeted Coinbase employees using emails from compromised Cambridge University accounts, building trust over weeks before deploying chained zero-day exploits against the Firefox browser. One exploit aimed to break into the browser, and the other aimed to execute malicious code on the host machine. The attack was detected within hours after an employee report and automated alerts, enabling identification of malicious behavior with response times measured in minutes and no customer funds lost. Future attacks may be faster because AI-driven adversaries could require less time and fewer steps. Frontier AI models can analyze codebases with auditor-like understanding at machine speed, enabling discovery of long-standing bugs in heavily audited systems. This capability shift can favor defenders because security depends heavily on context defenders know better than attackers.
"In 2019, sophisticated hackers spent weeks targeting Coinbase employees with emails from compromised Cambridge University accounts. The attackers patiently built trust before deploying a pair of chained zero-day exploits-a term that describes undiscovered software vulnerabilities-that took aim at the Firefox browser. One exploit sought to break into the browser, and the other sought to execute malicious code on the host machine. At the time, it was among the most advanced attacks ever directed at the corporate sector."
"The Coinbase security team caught it within hours after an employee report and automated alerts fired simultaneously. This allowed us to identify the malicious behavior. Response times measured in minutes, no customer funds lost. But I think about that incident differently now. The attacker needed weeks of social engineering and rare zero-days to get one shot at us. An AI-driven adversary wouldn't need weeks. It might not even need hours. And that's the world I'm preparing for today."
"Frontier AI models, such as those being built by Anthropic, OpenAI, and others, have crossed a capability threshold in cybersecurity that would have seemed speculative eighteen months ago. These systems can read a codebase the way an experienced auditor reads a codebase, but with the speed, memory and focus of a machine. One recent model found a 27-year-old bug in OpenBSD, one of the most audited codebases on the planet. That's a structural shift in what's possible."
"Today, that shift favors the defender. Security is, in large part, a context problem. Defenders usually know more about their own systems than attackers: the code, logs, architecture, and his"
Read at Fortune
Unable to calculate read time
Collection
[
|
...
]