AI is Lowering the Barrier for Threat Entry While Increasing Attack Complexity

Previously sophisticated attacks are now being executed by entry-level hackers with basic tool kits.

Douglas McKee
May 15, 2025
Computer Crime Concept 516607038 2125x1416 (1)

From AI-powered ransomware and business email compromise to the resurgence of Server-Side Request Forgery (SSRF) attacks, attackers are utilizing generative tools to automate reconnaissance, exploit chaining, and evasion techniques. What previously required extensive technical sophistication is being commoditized into simple toolkits, making it possible for even entry-level hackers to launch sophisticated multi-vector attacks.

As a result, we’re seeing more cyber incidents and greater impact, as existing vulnerabilities are exploited with advanced intelligence and new threats evolve at an unprecedented pace.

AI for Ransomware Attacks

Our threat team has observed AI being used for double and triple extortion attacks. This specific tactic involves encrypting an organization’s most critical data while simultaneously threatening to release sensitive information unless demands are met. This tactic is used to place even more pressure on ransomware victims to pay threat actors, as the cybercriminals are essentially holding the data hostage in multiple different ways.

In the case of triple extortion, threat actors will even go to the individuals themselves and threaten to release their data unless a ransom is paid. The growing sophistication of ransomware tools, including AI and Ransomware-as-a-Service (RaaS), has made these multi-front attacks much more accessible for even small-time threat actors.

Server-Side Request Forgery (SSRF) attacks have long been a favored tool in cybercriminals’ arsenals. In this type of attack, a threat actor essentially tricks the server into making a request to sensitive internal services within an organization. In some attacks, they may also be able to force the server to access arbitrary external services, which could result in leaking sensitive data, such as authorization credentials.

Traditionally, an SSRF attack would require expertise in identifying vulnerabilities, crafting payloads and navigating the complexities of various server configurations. However, the introduction of AI-powered tools, particularly those leveraging natural language processing (NLP) and generative models, has reduced the technical barrier to entry. Some of the ways AI tools have lowered the barrier for entry with these attacks include:

  • Locating Unpatched Systems. AI-powered scanners identify legacy systems with unpatched SSRF vulnerabilities, even in large, complex infrastructures.
  • Automating Exploit Chaining. AI streamlines the process of chaining SSRF with other vulnerabilities, creating automated workflows for privilege escalation and lateral movement.
  • Evading Detection. AI enhances obfuscation techniques, making SSRF payloads harder for security solutions to detect. 

SSRFs became a critical cybersecurity concern in 2024, marked by a dramatic 452 percent increase compared to 2023. The increasing use of SSRF attacks in conjunction with other vulnerabilities, such as privilege escalation and command injection, has magnified the impact of SSRF attacks, allowing threat actors to gain broader access and more deeply penetrate targets. 

Older Threats Revitalized by AI

Some of the most widely used SSRF vulnerabilities weren’t actually new. Attackers have utilized AI tools to breathe new life into exploiting older vulnerabilities that remain unpatched in many systems. Some examples include:

  • VMware vRealize Operations Manager API SSRF (CVE-2021-21975). This vulnerability allows attackers to access internal services through the vRealize Operations Manager API, leading to sensitive data exposure.
  • Microsoft Exchange Server SSRF (CVE-2022-41040). A significant flaw that enables attackers to exploit Microsoft Exchange servers, bypassing authentication and potentially leading to remote code execution.
  • Spring Cloud Netflix Hystrix Dashboard SSRF (CVE-2020-5412). A vulnerability in the Hystrix Dashboard was exploited to target internal services, exposing sensitive information. 

The continued use of these older SSRF vulnerabilities illustrates the persistent risks of delayed patch management, and the resurgence of older vulnerabilities on the backs of AI means that organizations need to continue worrying about these older vulnerabilities while simultaneously preparing for newer threats. 

Before the rise of generative AI, threat actors needed to have a specialized skillset, including mimicking company writing styles, crafting highly contextualized phishing emails, and knowing how to avoid tripping the wires on traditional security systems while carrying out their attacks. AI tools can now do all of this for the threat actors at a high level, meaning that any threat actor who knows how to craft an AI prompt can now conceivably carry out one of these attacks. 

AI in Open-Source Software Security

Generative AI provides the benefit of accelerating coding and increasing accessibility, but, simultaneously, it may introduce vulnerabilities when not properly validated. Attackers can also utilize the same AI tools being used to accelerate coding for nefarious purposes, such as identifying and exploiting weaknesses in an organization’s systems, which creates an even greater need for stricter code validation and review processes. 

The convergence of AI automation and cybercrime is ushering in a new age of threat sophistication, scale, and ease of use. Ransomware attacks are becoming more aggressive and sophisticated, legacy exploits are being employed with fresh precision, and AI is enabling even novice attackers to execute campaigns that once required high-level expertise.

As the divide between older and newer threats continues to be obfuscated by automation and generative AI, companies must refresh their defenses, enriching patch management, deploying security technology with AI awareness, and doubling down on detection, response, and user education.

The risks are greater than ever before, and the window of opportunity to transform is narrowing.      

Latest in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
May 1, 2025
Hacking Alarm
The Pros and Cons of Implementing a Bug Bounty Program
May 15, 2025
Soc
Building a Cybersecurity-First Culture in U.S. Manufacturing
May 15, 2025
Ep134
Security Breach: Dark AI, Hacker Evolutions Speeding Vulnerability Exploitation
May 15, 2025
Related Stories
Smishing Attack Fran Rodriguez
Cybersecurity
Cybercriminals Are Having More Success with Low-Tech, Human-Centric Attacks
Hacking Alarm
Cybersecurity
The Pros and Cons of Implementing a Bug Bounty Program
Soc
Cybersecurity
Building a Cybersecurity-First Culture in U.S. Manufacturing
Today in Manufacturing Podcast
Sponsor Content
Today in Manufacturing Podcast
More in Cybersecurity
Today in Manufacturing Podcast
Sponsored
Today in Manufacturing Podcast
Today in Manufacturing has a new podcast brought to you by the editors of Industrial Media. In each episode, we discuss the five biggest stories in manufacturing, and the implications they have on the industry moving forward.
May 1, 2025
Hacking Alarm
Cybersecurity
The Pros and Cons of Implementing a Bug Bounty Program
While not new, the approach is gaining traction.
May 15, 2025
Soc
Cybersecurity
Building a Cybersecurity-First Culture in U.S. Manufacturing
Nation-state threats and AI tools have made it vital to embed cybersecurity into workplace culture.
May 15, 2025
Ep134
Cybersecurity
Security Breach: Dark AI, Hacker Evolutions Speeding Vulnerability Exploitation
Deeper dives into OT priorities will be key to making breaches more difficult.
May 15, 2025
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
Navigating Manufacturing’s Third-Party Access Risk
Ways to manage external access while reducing exposure to possible breaches.
May 15, 2025
Protection Background Technology Security 524882074 701x502 (1)
Cybersecurity
MCP Server Could Revolutionize API Security
The tool allows for interacting with APIs using natural language.
May 8, 2025
General Cyberattack
Cybersecurity
Huntress Debuts Managed SIEM to Simplify Cybersecurity
The platform offers compliance support, investigation, detection, response and threat hunting.
May 8, 2025
Ai Safety Image
Cybersecurity
AI in Manufacturing: Balancing Benefits, Risks, Security and Compliance
Hasty implementations of AI will create regulatory penalties, cyberattacks and operational disruption.
May 8, 2025
Ransomware
Cybersecurity
Report Links Infostealer Logs to Ransomware Surge
The malware is fueling new attacks and helping bad actors evolve the complexity of their operations.
May 8, 2025
Peach Istock Ai Cyber
Cybersecurity
Future-Proofing the ICS
Using machine learning to advance AI and redefine OT cyber defense.
May 8, 2025
Industrial Cyber
Cybersecurity
Beachheads and Safe Havens: How Threat Actors Gain Access and Maintain Control
How focusing on three key building blocks can help improve OT security.
May 8, 2025
Oil Refinery At Night 000064533213 Medium
Cybersecurity
CISA Warns of Unsophisticated Cyber Actors Targeting OT
'A simple script, when aimed at an unprotected valve, sensor or controller, can have very real consequences.'
May 8, 2025
Peach Istock Ai Cyber
Artificial Intelligence
AI Data Centers: Securing the Future
As industries race to leverage AI's potential, a sophisticated and evolving threat landscape is rising.
May 1, 2025
Coding
Cybersecurity
Email Remains Primary Gateway for Disinformation and Cyberattacks
Many adopt email authentication but half lack effective protection against spoofing.
May 1, 2025
People Cyber Metamorworks
Cybersecurity
Preparing for a Cybersecurity Audit
It may appear daunting, but this four-step process can help streamline your efforts.
May 1, 2025