Wiz chief technologist Ami Luttwak on how AI is transforming cyberattacks

Ami Luttwak, the chief technologist at cybersecurity firm Wiz, recently shared compelling insights on how the rise of artificial intelligence is reshaping the landscape of cyber threats. Speaking on a recent episode of Equity, he emphasized that cybersecurity has become a mental challenge, especially with new technological advancements providing fresh opportunities for malicious actors. As organizations increasingly integrate AI into their operations—through methods like vibe coding and AI agent incorporation—the potential for cyberattacks grows. While AI enables faster code delivery, it often introduces vulnerabilities due to shortcuts taken during development. Luttwak pointed out that one prevalent issue in applications built with vibe coding is the insecure implementation of authentication systems, which are critical for verifying user identities. "It’s easier to build without considering security," he noted. In addition to developers, attackers are also leveraging AI tools for their malicious activities. Luttwak explained that attackers can now utilize prompts to exploit vulnerabilities, demonstrating a shift in how cyber threats are executed. He elaborated on a recent incident involving Drift, a startup offering AI-powered chatbots, which experienced a breach that exposed sensitive Salesforce data for numerous enterprise clients, including industry giants like Cloudflare and Google. The attackers utilized compromised tokens to impersonate the chatbot and access confidential information. Despite the relatively low adoption rate of AI tools in enterprises—estimated at around 1%—Wiz has observed a surge in attacks impacting thousands of companies weekly. This alarming trend underscores the pressing need for the cybersecurity sector to adapt rapidly. Luttwak cited a significant supply chain attack on Nx, a popular JavaScript build system, where attackers deployed malware that exploited AI developer tools to extract valuable data. In response to the evolving threat landscape, Wiz has expanded its security solutions. Originally focused on identifying misconfigurations and vulnerabilities in cloud environments, the company has adapted its offerings to counteract AI-related risks. Recent launches include Wiz Code, which secures the software development lifecycle, and Wiz Defend, designed for active threat detection in cloud setups. Luttwak advocates for a proactive approach to security, especially for startups entering the AI space. He stresses that from day one, organizations must prioritize security and compliance, even with minimal staff. This includes having a Chief Information Security Officer (CISO) and planning for security features before writing code, to avoid incurring future 'security debt.' Moreover, he advises startups to consider their architecture to ensure customer data remains secure within their environments. For those aiming to innovate in cybersecurity, there are ample opportunities in areas like phishing protection, malware defense, and workflow automation. Luttwak concludes by highlighting that as cyber threats evolve, so too must our strategies for defense, making this a critical time for innovation in the cybersecurity sector.