Plus: the first zero-day exploit built by AI has been discovered. A few months before he won the Nobel Prize in economics in 2024, Daron Acemoglu published a paper that earned him few fans in Silicon Valley. He argued that AI would give only a small boost to US productivity and would not eliminate the need for human work. Two years later, Acemoglu's measured take has not caught on. The technology has advanced quite a bit since his cautious predictions, but the data is still largely on his side. Here are the three things Acemoglu is paying closest attention to in AI right now .

We can now add cybercrimes to the list of growing concerns associated with artificial intelligence. Google's Threat Intelligence Group (GTIG) said it discovered, for the first time ever, a threat actor using a zero-day exploit that it believes was developed by AI. Zero-day vulnerabilities are often the most dangerous since they're unknown to the targets, leaving them with zero days to prepare for the attack. Google said in the report the threat actor was planning to use it in a mass exploitation event, but its proactive discovery may have prevented its use. Google added that it doesn't believe its own Gemini models were used, but still has high confidence an AI model was part of discovering the vulnerability and weaponizing an exploit.

A former Google CEO has warned that artificial intelligence be used to kill people in the future. Eric Schmidt - who spent two decades at the helm of the search giant, told a gathering of senior executives Wednesday that he believes AI presents an'existential risk' for humanity'defined as many, many, many, many people harmed or killed.' The software PhD said the technology, which Google is helping spearhead through its relatively primitive Bard chatbot system - could be'misused by evil people' when it becomes more advanced. Schmidt, who recently chaired the US National Security Commission on AI, is the latest in a slew of former Google staffers to come out publicly against the rapid development of the technology in recent weeks. Schmidt told a CEO summit in London that'misused' AI could lead to'many, many, many, many people harmed or killed.'

Hacking events have increasingly been in the news this year, as a range of serious ransomware and supply chain hacks have wrecked chaos on businesses and infrastructure. The latest (as of July 2021) is a supply-chain-ransomware attack against Miami-based software firm Kaseya, affecting 1500 of its customers - with the hackers (threat-actors) demanding $70 million in cryptocurrency to release the data. According to the World Economic Forum, cyber-attacks now stand side by side with climate change and natural disasters as one of the most pressing threats to humanity. No doubt ways will eventually be found to detect and pre-empt these latest styles of attack. The cybersecurity industry is defined by continual, if largely gradual, innovation - as new threats emerge, technology that protects, detects and responds to the attacks also emerges. This cat and mouse dynamic has been a fundamental trait of the industry to date: a permanently iterating relationship that supercharges the development of new technologies on both sides, where even a small edge over adversaries can pay dividends (or ransoms).

Editor's Note: Hamsa Srinivasan contributed to this article. Most organizations have robust cybersecurity initiatives in place. However, it's no secret that such initiatives are not fool-proof. As the sophistication and complexity of cyber attacks increase, application security needs to rely on dynamic processes that can respond to more significant, rapidly-evolving threats. As the number of applications running on the cloud and mobile devices increases, security needs to be more pervasive and intelligent than ever.

For many criminal organizations, attack techniques are evaluated not only in terms of their effectiveness, but in the overhead required to develop, modify, and implement them. To maximize revenue, for example, they are responding to digital transformation by adopting mainstream strategies, such as agile development to more efficiently produce and refine their attack software, and reducing risk and exposure to increase profitability. Knowing this, one defensive response is to make changes to people, processes, and technologies that impact the economic model of the attacker. For example, adopting new technologies and strategies such as machine learning and automation to harden the attack surface by updating and patching systems or identifying threats forces criminals to shift attack methods and accelerate their own development efforts. In an effort to adapt to the increased use of machine learning and automation on the part of their targets, we predict that the cybercriminal community is likely to adopt the following strategies, which the cybersecurity industry as a whole will need to closely follow.

Data breaches and cyber attacks have become harder to deter over the last few years. According to Cisco's 2018 Annual Cybersecurity Report, for example, the expanded volume of both legitimate and malicious encrypted traffic on the web has made it more difficult for security professionals to recognize and monitor potential threats. As a result, many security professionals are looking to leverage machine learning to advance cybersecurity. Before exploring the ways machine learning can improve cybersecurity, it is important to first understand what machine learning actually is. To begin with, machine learning is not one in the same with artificial intelligence (A.I.), which is part of a broader initiative to enable computers to reason, solve problems, perceive and understand language.

On March 9, 2017, ZT, an underground technologist and writer, read his upcoming novella: Architects of the Apocalypse, to a group of his adherents in the basement of an abandoned bar in Nashville, Tennessee. The occasion was the Third Annual Meltdown Congress--an underground, invitation-only organization dedicated to the survival of the human species in the face of near certain digital annihilation. I was present, along with three of my compatriots, plus about 30 gray hat hackers (hackers or cybersecurity experts without malicious intent) who represent the cream of the American hacking community. It chronicles an age in which artificial intelligence and its adjutant automata run the world--in which humanity is free and is cared for entirely by the automata. The artificial intelligence in this novella has organized itself along hierarchical lines, and the ultimate decision-making function is called "The Recursive Decider."

How do you stop someone from exploiting a vulnerability in your software when you don't know that the vulnerability exists? That's the problem faced by cyber security experts who try to stop zero-day exploits. If you're lucky, a friendly spots the vulnerability and tells you about it so you can fix it before any damage is done. If you're unlucky, the hackers find it first and you find out after the attacks begin on day zero. Mega-corporations like Google and Apple are attacking this problem with bounties offered to anyone who can hack their software.

According to an unsubstantiated report by equity research firm Baird, citing no evidence, the blame falls on the open-source server framework, Apache Struts. Could the root cause of the hack be a Struts security hole? If that's the case, is it the fault of Struts developers or Equifax's developers, system admins, and their management? The Apache Struts Project Management Committee said in a statement that while they're sorry Equifax "suffered from a security breach," they're not ready to take on the burden for this all-time security fiasco.