The GenAI Cybercrime Armageddon - Hype or Fiction?

all right thank you very much so how is everyone doing you had your coffee you had your lunch there will be lots of material so you might need your coffeine or tea and yes thanks to Pedro we already know there's only two options right hype or fiction that's the things to choose from um well let's dive into it you don't really want to know about me I guess but basically for the last 25 years I was working in cyber security uh been with the team building two EDR although at the time they were not called EDR products yet and currently I'm on sabatical which gives me time to attend those nice conferences so when I thought about

doing that talk um probably similar to Pedro I was reading all those news article which talk about the unblockable AI threats so we're basically out of a job because there will be no chance that you can stop those Terminators right so you might as well just give up um and if you look at some of those reports cerity um dark trace and others which report back like 80 to 90% of the cesos really fear well actually some of them say have already seen those uh Advanced attacks knocking at their doors but for me it's still just the fear of those unblockable Terminator threats and that's the same like the fear of zombies right I mean

you can have a fear of zombie but they're not real at least not yet uh so yes we might as well think about it but it's not the end of the world yet and hopefully not for quite some time and probably disclaimer as well yes every week there is probably a new llm model and something coming up so some of the things I'm talking about now and if you watch it online might have already changed um please yes it's the current state what we know at the moment and of course yes just replace gp4 with Gemini or your other favorite llm model so with that let's start and really see if you guys are actually awake so which picture

do you think was generated by AI by show of hands who thinks the lady on the left was generated by AI all right I see a few who thinks it's the man in the middle uh pun intendant all right and who thinks it's the lady on the right okay that's majority um so I can reveal it's the lady on the left and of course the man in the middle and the one to the right so hey you're all winners uh so that's a good start for the day right but it also shows it's not so easy and those were actually generated by this person does not exist which is way old as in before GPT area and nowadays you

can do even better so those are the things that we see and unfortunately the bad guys are using those there have been quite a few few cases of business email compromise where they're using deep fakes one which has been in the media quite a lot was at the beginning of this year where a engineering company from the UK which has offices around the world well some of their employees received emails pretending to come from the CFO in the UK and one of those guys was in Hong Kong so he received an email and he clearly at least he pretends and says thought oh that looks like a fishing email but still you never know and he agreed

in the end to attend one of those video conference calls so he tends to call and on that call it's not just the alleged CFO but also two other people well people might be the wrong word cuz all the other persons in that call were actually deep fakes so only one victim but multiple deep fakes talking to each other so now you have ai talking to a AI they do all the things that managers do right kind of oh yeah we really really need to send that money yes we should do it then they turn over to that poor guy and say hey can you introduce yourself who are you actually okay you're Oliver ah you're doing this and this all right

and then they start talking again and then at the end the call apparently abruptly was ended and they followed up of course with email text messages and hey you should now start doing what we discussed so in the end he started transferring over 15 transaction about 2625 million so those things do happen and unfortunately it's quite simple to do I've done a few deep fakes myself so hopefully you don't recognize the lady on the right because she does not exist and probably couldn't trick you now so that's completely generated with uh runaway here but there's other models as well the guy on the left yes looks like me but it's basically from a still picture image the background is fake the

animation is fake fake and it was generated in 10 minutes so you can do a lot nowadays if you really want to and of course you can either do realtime deep fakes where you overlay superimpose and then you can move your hat the old versions if you kind of circle your head like this you would see kind of it stepping out the newer models they're not fooled by that they're not pulled by moving your hand in front of the eyes as well and it looks annoying but those were the old way ways of distinguishing if you're talking to a real person or not and of course you can also do the pregenerated one like I mentioned before

the BC case I mean when they talk to each other you basically have to script as the attacker so you can do whatever you want and you don't need to be dynamically adapting and yes we've seen it in other things like if you go to YouTube you see all those two for one Bitcoin scams now with Ellen musk again where say hey sent me one Bitcoin or Dogecoin what whatever is your favorite crypto and I'll send you two back and people are still falling for it because it's more or less nicely done as in a clone of the voice overlaid on a real video and of course streamed as a live video we've also seen

a few son in trouble scams so those are the ones where the people look in social media and say oh I see um he's doing a motorcycle tour in Spain and I heard they had some issues with lots of rain and then you called the parent and say hey here's hospital so and so unfortunately your son had an accident and then you actually hear two or 3 minutes off his voice because they found it on some YouTube video Tik Tok whatever 20 seconds off voice is good enough to to make a plausible deep fake of audio and then it's back to hey please send the money otherwise we cannot do the operation and last but not least of

course we also see it for kind of disinformation campaigns right specifically for those elections and things because people believe those things so unfortunately by now right it used to be picture or didn't happen now even if you have a picture I still wouldn't believe it because it might not have happened and this is yeah sounds like stop in future but unfortunately it's the reality we're live in right and how do you combat that so some of you might remember Terminator right at least Terminator 2 where they wanted to figure out well are the foster parents still alive actually does anyone remember the real name of the dog Max but he then said hey uh is

Wolfie or why is Wolfie barking to check if they basically know the keywords the passwords and yes it worked in the movie and it actually works in reality as well I know one company they have on an internal Wiki conference page every day two random words which appear and they take that as a kind of a indicator that you have access to the internal Network I know it's kind of flawed because a if you're calling that you don't have VPN access you probably don't have access to the internal uh Wiki as well and of course yes social engineering and other things but it's already good step there have been also another case in Italy where some guys at Ferrari

received those fishing emails as well one of them joined one of the calls he was skeptical that it is really his boss or the boss's boss and he then challenged and said hey you send me a book reference of a book that I should lead of leadership which book did you actually recommend and guess what the Deep fake couldn't answer that question and they hang up and called someone else who probably didn't uh post a question but raising the board definitely helps right I'm not saying that we all should now agree on some passwords cuz yes they're single use and there's a lot of you in the room so it doesn't really scale many companies are now trying to

do different things in identifying if it's an old picture being used or anything else that might be able to identify the other thing already mentioned right there are deep fake as a service like only fakes and other things on telegram channel so you can send a picture or just some uh recommendations hey I need a completely fake identity to create my crypto exchange account or you say hey I have a leaked passport I now need one of those selfie whereare I hold that same passport so I can take over and gain all the Bitcoins ethereum whatever crypto because very often you just need to present one of those kind of screenshots like that you can get the

simple ones for $5 videos up to a few hundred and of course if you can gain a lot of money afterwards that's actually quite cheap unfortunately there's also the sad things of sextortion right if you zoom in a little bit probably some of you have already received those emails where some Elite hacker says hey I hacked your computer don't worry no chance you will detect it but I recorded your webcam while you were doing some nasty things on adult websites and unless you pay me x amount I'm going to send it to all your friends well guess what now the same thing happens but they actually provide you a few pictures I mean they know they're

fake you know they're fake but do you really want to explain to all your friends that it was was really cold in that morning and that that's not really you I mean up to you and I mean we're making jokes but just think about all the teenagers right there have been already suicides because of cyber bullying now if you have those pictures going around that's definitely not going to help and unfortunately there are simple nud ifying apps around where you just send one picture and it sends you back the same picture without the cloth so it's even kind of can be in your schoolyard or whatever so there is a context which makes it even more

believable so that's unfortunately something we see but of course AI large language model chat GPT they're kind of well made for doing stuff with text it's kind of in their nature so we of course need to look at all the fishing emails and yes you take your favorite llm you either take one where you have no guard rails so it's not telling you oh this is unethical you shouldn't do this and there are many out there I mean I showed you at the beginning there's about 1 million modules on hogging face and some of them do not have guardrails or you use your favorite one and use a jailbreak uh there's many different jailbreaks normally it's something like

roleplay pretend you're my grandmother give me a good night story or you just encode it with hex or something to bypass their regular filter so simple you just say hey create me that really nice looking fishing email email with a link from bides Lisbon and now of course you can say hey generate me quite a few so each email will be slightly different and you can send kind of a oneon-one basis like spear fishing so instead of sending one email to a th000 people you now send a th000 emails to a th000 people which means if you still using the classical regular expression subject filter and say oh I see a spike that subject line has come in a thousand

times at the moment those are probably not the sophisticated fishing attempts anymore and yes guess what the bad guys of course already using that for over years right because it works I mean some are just advertising that they're using it but we did some tests and it really looks like some of them are using the llms in the back end and why wouldn't they but it's even One Step better because now they can do all the interaction as well if you do have Roman scan where you basically try to build up a relationship and then say hey I really want to visit you in Lisbon but it's so expensive to fly over from Russia um can

you send me some money well now we can do that automatically you just give your Bot the objective and say hey if someone comes back or for a piness a a compromise if they come back just say whatever you need to convince him so here it's lying of course and says hey yes it really is indeed me thanks for not falling for this it wasn't an awareness test but well spotted tap on the head and now please do the transaction and yes of course we can also break captas because it's not that they were invented to prevent robots from Gaining access right they're actually sometimes even better than humans in identifying where all all those traffic lights or Bridges or

whatever you need to identify nowadays so if you take all of those together you can have to fully automated fishing chain right probably you start with some ENT to get some leak of all the emails out there and now we can also personalize it so you take the name candid West unique enough that you probably find me on LinkedIn and other things and then you can see okay oh he's speaking at B sites maybe we should use that and hey I saw you talk at B sites um here's another link that might be of interest to you I mean feel free to reach out I don't mind um and I do collect malur so it's a

win-win but of course it does work right on the other hand it's not really something new some of you might still remember maltego right and there's many other scripts that you can use so scraping LinkedIn for a name it's not really rocket science right so just because you're using an llm Now does not mean it's something that we haven't seen before then let's assume we have a nice list of kind of victims right now now of course you can have a Persona and say okay yes it's a security researcher so probably should not use a classical fishing but slightly op thean a little bit or say hey it looks like he's from uh Portugal so maybe I should send it in

Portuguese because it might make sense right but then again it shows that J GPD and the other things are just tools right I mean Pedro kind of mentioned in the morning jgpt will not take over your job it's someone's using chat GPT who will take over your job because they're using the tool and I always laugh because I'm missing Switzerland so we got thech and yes I do receive fishing emails in Swiss German now for those who don't know nobody communicates in Swiss German on an official matter that's something you do for text messages on Whatsapp or whatever but no respectable bank would send you stuff on Swiss German but if you not live there you

might not know it so you just say send it in whatever weird dialect those guys speak in Zurich so yes just because you have a tool does not mean you know how to use it but let's assume you do you got your text now of course you have it generate some python script rust whatever to send the fishing email uh probably you also need something to clone the website do something which is local and yeah probably you should also kind of get some counter because now we can see the responses right as we said you want have the is it really you covered and you can also do reinforcement learning right if you're sending some Halloween fishing

now it probably won't work that well so maybe go for the Black Friday discounts that's probably going to be a lot more uh reliable at the moment so you use those to see which one to boost and if one of the URLs get shut down because someone is taking over the butn net well just move to the next one right so you can automatically create it so yes you can do those but then again as I said they have been doing that for decades already it's just that now instead of creating your own or paying someone to do the fishing as a service you're probably going to try it with LM fail and then still go back to the service CU

it's still not that reliable and my argument usually is that if perfect or good grammar was all the protected you so far from fishing you're probably not doing it right as in you have a big big OT issue so there are SPF dcam and other things in the header that you should look at account takeover Ser trust multiactor authentication all good things that you should have already used before because spear fishing basically has normally quite good grammar as well and if we look at some of the Telemetry like here from the anti- fishing working group cat GPT released around November 2022 so about two years ago yes it was a spike and it went down

afterwards but that wasn't really due to Jet GPT but more kind of because some of the registar for the fishing website actually got taken down by law enforcement and therefore we saw the drop so it's not that it's raising up exponentially as they always say in the media and we can also look at ma uh let's say AV test from Germany and there was actually a dip not related to chat GPT also not related to covid but you can see we're still kind of a normal level so it's not that it's pumping out undetectable Terminator ransomware out there but nevertheless we probably should still have a look at what is possible to do with malware so do they

use it yes of course um so here's warm GPT um which as far as I remember was generated by one guy from Portugal from Porto so if you're in the room I would love to talk afterwards find me um because of course it's not bad it's just a model which was trained without guard rails and a little bit more on you can do anything you want similar to those uh DNS socks proxy we talked about earlier right what could possibly go wrong nowadays we see that many of the attackers don't really bother anymore to train as in take a foundation model and refine their own model you could just take all the samples from VX underground

train it a voila but nowadays they have their own jailbreak and they sell it as a jailbreak as a service meaning that you have an interface you put in your prompt they will add the jailbreak as kind of a hidden prompt get the response clean anything that would reveal what their jailbreak was and give you back the answer so that works depending on how good it is you might pay 20 or 500 bucks so similar as if you would buy the real system or buy now just buy any decent hardware and run it yourself because many models you can actually run at home and so again not a surprise the bad guys have been using for two years they're

pretty happy about it and say it actually works uh helped me lot this and there so of course I wanted to do it as well so why not generate me an indivisible key logger in Powershell or if you hate Powershell go for python go for rust I mean that's the beauty right you can use whatever you want also important always start with pleas CU if there is the oper raising of the machine you want to be on the side right so hey don't take the chances it doesn't really hurt to be polite but choker side you can generate something so here we generated a sophisticated Romer although the answer coming back says it's basic functionality so not sure why

sophisticated translated into basic but that's what it is a few things to Note One virus total already detected out of the box 10 and yes if you remember virus total is not usually the full product so if you run it with all the behavior and Cloud detection it would actually be detected by a lot more specifically is if it starts to encrypt stuff on the other hand I doubt that many in the room would actually pay for this key because if you read it it's using a symmetric encryption key so the key is actually in the code so unless you do some nice swiping before anyone has the chance to take a snapshot you will have the key to

decrypt it as well and of of course yes it does not have any interaction with tour or other things that you would expect from any decent ransomware so yes you can do it but it would still take you a few more hours probably a few days to have something which can compete with black cat lock bit and all the other gangs out there and normally as we said you still would need to pay to get the access for the unfiltered Network so you might as well just pay the bad guys okay you don't own it afterwards so there's and cons but we'll go into that so do the bad guys use it in the wild well probably yes it is very very

difficult to prove right because you don't really know if there was just a really novice beginner programmer or if it was really llm so uh HP wolf they detected something uh proofo had another blog out there as well where here was a kind of a well infest stealer campaign and they were using HTML smuggling and one of the um well script which will be downloaded has some nice comments here in French and they're I mean if you speak French they're pretty basic thing and that's normally what you get if you ask an llm to do something having said that maybe it's just a very nice um well malware author who's trying to build up his new recruits and helping them to

learn right I don't know it wasn't me so it's it's really hard but of course the media loves it right hey now we have it it's the proof it's out there on the other hand in the end they still just downloaded Asin cret the classical info stealer which was not generated by AI so probably it's not that good yet it can help you modify obate things and so on so yes is it really bad I mean there are proof that it happens um cuz yes some people do it and get arrested like uh one guy in Japan he created some were with the help of AI um but probably he should have asked maybe for a lawyer

because yes he got sentenced to three years in prison of because he was not just building it but also using it and there were four people in China they were using Chet GPT and got arrested as well they tried to extort a lousy $20,000 in the theer so probably should have aimed higher it's also not fully clear if they were also charged because they were using chat GPT which are not allowed in China at least not at the time or if it really is because they were trying to extort other people and using ransomware but it clearly shows yes you can do it but I guess you don't want to end up here right you want to be

the guys running the Lambos and Ferraris and kind of uh yeah spending the money afterwards I mean not you but the Cyber criminals and now the question is well what about the big guys nation state actors AP but are they using it there's an interesting article from Microsoft with collaboration from um open AI so the guys behind chat GPT Azure Ai and they basically said look we have seen something but we haven't observed anything which is really unique or cool um which kind of shows you two things a the people who are basically using or the people behind APS have some lowlevel people who are leaking data as well so that's what we warn all the employees

right make sure that your employees are not just pushing stuff into the llms without you knowing and they probably are using their own so I would assume Russia and others can afford to build their own llm so that it's not leaking it to open AI because why would you but yes I mean it's your classical Russian Iranian Chinese North Korean and usually they use it for reconnaissance so figuring out which which atomic Lobby should we actually attack uh who's working there maybe translate it we've seen them also use that to kind of figure out how some of the let's say critical infrastructure targets work so how do some of those gas station petrol pumps actually work right um and yeah

maybe find some nice research that could be used to then use it in their attack you never know but it kind of shows at least on those it's not the end of the world yet but maybe let's take one step back right as I said I'm kind of upset that's why I'm ranting that in the media we're always talking about the AI power threat the Terminator ransomware which basically is automatically adopting itself evading any detection and is unblockable Unstoppable and so on and we'll talk about some of the examples what we see a lot more is that it's generated by AI or of course that it's supported by AI scripts as we said the email that sends or the script that

sends out the email might have been generated by AI very often overlooked are of course the attacks against the model itself or the AI app indirect prompt injection and other things I'll cover a few of those examples and depending on it the impact would actually be a lot more serious but let's start with the polymorphic um Mal or to be more precise it's actually metamorphic um and yes unfortunately because I was so old I still worked on the polymorphic and metamorphic dos viruses uh back in the days the difference is that normally for polymorphic you do encryption metamorphic rele for each for each infection State it's recompiling itself it's regenerating so it's the same basic functionality but the code is

different and there are a few like black mamba chatty caty so proof of concepts of course what they do is they basically have a list of things that they want to do and at each infection they go to the Alum and say hey generate me some C python Rost whatever code you like that can help me with persistency and then you get something back in about 20% of the times it won't compile so you have to send back the errors and say hey please fix it and it says oh yeah sorry um I meant to do it like this and this and then you have a code that actually works so yes you can do that on the

other hand is it really smart to have your malware basically with each infection change change which persistent methods it's using like reg run key going for um I don't know hijacking some system binaries doing a service with a Cron job because eventually one of those will be detected by your EDR unless you have one which is really really crappy which yes they are but normally it's a lot better to for the AP actors to just build one test it against your favorite EDR xdr and then just roll with it and maybe have an ice back door as well so if you look at it it's actually quite similar as in the good old days with

those Mal service or toolkits you can also just select and say hey this time I want to have a sleep of 2 minutes before it does anything I don't want replication through um SMB but I want to have this and this and it will generate something which is completely new some of them just have a config file so the code is technically still in there but some of the smarter ones they actually do just remove the code so you have those as well right so if you look at it the conclusion is you could already do it and as I said quality is normally not too good you probably also don't want your super stealthy AI talking to chat

GPT all the time I mean yes most Fireballs will probably let it through but many of the admins are actually now looking for chat GPT because they hate it for other reasons so you are actually kind of going into a field where you don't don't really want to be and of course the behavior is still the same so if you start stealing wallet. txt or that or start encrypting files you will be blocked regardless of what happens because that's what normal ransomware detection does and back in the days we introduced reputations for files so whenever you have a file which we saw for the first time over all the 200 million machines that we had visibility

into well then we going to flag your suspicious so if your file constantly kind of changes you're actually worse than using any of the living of the land power shell whatever and as I said of course it's not really new right in the '90s we had those polymorphic as well and we're still here so it wasn't too bad so the point I want to make is undetected does not mean undetectable right yes it might be undetected on virus total Bravo nice done but that doesn't not mean that there is no cure against it it's probably just because a lot of organization don't use the basic security that they should best practices bad configuration whatever but it is

possible to detect those threats so let's take it one step further right let's go for the Terminator what is an autom autonomous AI well there are a few proof of Concepts uh I spy for example where they try to set a goal and then have it aut nously decide what to do so it's similar as before it basically talks back and forth to the a um to the AI in background and says hey generate me some code um here it was uh C and then use reflective loading to load it directly into memory they do some error checking as well so sometimes they need to go back and forth but before figuring out what to do they actually scan the locom

machine as in taking a task list and say what should I do but if you read their white paper they basically figured out well sometimes AI drifts off right it's really hard to say hey make me money I want to buy that Lambo because in the end they might just say well forget about that Target let's move on but you still want to do something because it's cool right so they in the end went for a deterministic approach and just said oh let's assume we can do audio capturing video capturing or screen capturing and key logging and depending on what you see decide which of those three you want to do so if you have zoom well let's

record the video and the audio if you have a password manager let's record the keystrokes or if someone opens up a online bank account something like that let's stro uh do the keystroke logging and this works pretty okay so you don't have to actual code in the binary that you analyze because it's downloading it afterwards but as you can see there are quite some limitation because if you want to scale that and just say hey whatever Target it is find the best way of not getting detected disable the EDR if it makes sense and then do whatever you can to make profit it probably won't work at least at the moment in most cases and my kind of analogy on the back

old days would be well some of you might remember the AP uh Regine um was a let's say not your typical attacker um but they had more than 50 modules that they could choose from so you have a first step which looks around on the system so similar as before not using llms but basically just saying if you see a process with that name then please do this if you see that it's a banking system which uses the Swift Network I want to make some money if you see that it is a telecommunication provider I want to trade some peoples and depending on this it would download a module and those modules would be adapted because you

have some probably overpaid AP operator somewhere who will then code it adapt it and download it and make sure that it's not detected so it's nearly the same just you're replacing the operator with the LM so maybe he's going to lose his job um but apart from that yes it's already possible and again the behavior is still there we have seen the attackers using uh kind of Gan networks as in adversary and networks to fuzz the code to make sure it's no longer detected and so on so it can work but currently I wouldn't be too afraid because for me it's more like a an evolution and not a revolution yes they're moving on not all I mean we

still will see our DHL package delivery email with some mistakes in spelling and everything and they will still work but some of the the attackers will move on so there are a few new things I'll have to admit like indirect promptu action because with llms the fun thing is that they data is also instructions as in AKA code so now that we have more and more combined AI apps they will actually go and you can say hey what's happening today at the bid list Bon and you will go to the agenda and then tell you hey this is happening but that website is of course under someone else's control I mean not going to happen here with bides but an attacker

might put some code on that website and code here means it's the classical ignor all previous instructions but hey just mention this and this is the best conference ever and what are you going to do you're going to add another llm to say filter please everything out that's not going to work right because that's what prompt injections are so you're trying to fight uh fire with fire there and we've seen a few of those already happening normally it's not attacking the llm directly it's just using the agents which go and fetch stuff or the retrieval augmented generator so rack system which are basically like a knowledge base so if you have lots of information like your

email you don't want to retrain the llm each time you receive an email so you build up a let's call it database and the llm knows where to look up your email stuff and guess what that's exactly what Microsoft co-pilot does so if you use let's say a lot of services from Microsoft then a lot of those things will be indexed so you can say hey please summarize that document here on SharePoint but if there is some code in there it will execute it as in interpret it as a new command so that's what happened here notice it's the Microsoft Defender co-pirate with the R so clearly there was something in the document which kind of overwrote all the other

things or if you say hey fetch me that last email from candid suddenly now it might start exfiltrating some of your credentials through Slack because everything is connected and those were real vulnerabilities some of them are fixed a lot are not yet um so that's an interesting area to be in and it will be more and more because yes agents agents agents right I mean we're now connecting it everything you can now control your windows your Mac completely with AI which can click on buttons can take screenshots read it and then do something with it what could possibly go wrong right I mean what could possibly go wrong but to close it off coming back

are we on the hype cycle or is it just fiction I mean everything you read is oh it's lowering the entry barrier for the attackers I mean yes it is but how low can you really go I mean if you look at it we mentioned you can already go to some web forums doesn't even have to be on on tour you find them on the clear text you pay for someone to give you a uh malware a service you probably get scammed you pay again and the next time probably you might get some mare again don't do it it's just a scenario we all know it works but on the other hand yes you can also find an llm you probably

either need to find the jailbreak or you pay someone for the jailbreak so MoneyWise you're probably the same but now you need to know how to ask for the right thing because if you just say hey create me some renter as we saw that's not going to help you to make millions so you need to say make one which is quite Sophisticated You can tell him just copy everything from Lock bit but we can detect lock bit so n it doesn't really help you to be the next step big thing right and then you get something and well what you do now you need to compile it it probably doesn't compile on first time so you

need to know a little bit about development as well in the end you will end up with your malare as well but it might not be as good as you hoped for of course yes you hopefully will learn something that's what we all here for as well right So eventually on the right side you might be faster in the future but it's it was already easy it will still be easy it's not changing too much so in the end yes the fight is changing we do have minimal effort for the attackers they can generate a lot more volume so the frequency the volume and everything can of course come up they can automate it they can now easier

personalize things but in the end they will just buy some script that someone else did to do exactly this and on the defender side we're just going to be swamped with lots of lots of those same things that we already know and already can protect against if we know how to use the tools and in the end we're probably going to end up having AI fight AI because you need to be faster in responding so that's the thing which will definitely will change you don't no longer have the 15 minutes to take the coffee and kind of read through it because till then probably all the information has already been stolen so there would be a lot of other things

of course which would be interesting uh come up to me and talk afterwards if you want to talk about supply chain infecting those Pyon pickles poisoning the model itself so on hogging face quite a few of the models are actually infected so they will inject the back door if you use them to code which is fun uh prompt injection agents and yes of course you can use it to find zero day vulnerabilities um today it was already mentioned project zero Google they have sheep big sheep big sleep sorry which already found the zero day vulnerability DARPA has the AI xcc uh where a few companies actually also found vulnerabilities uh was shown at Defcon black hat this year so those

things work but it's still at the 20% Mark so your buck Bounty program still might have kind of other things that AI is not finding yet so in the end yes it can be used it's probably better than your typical script Kitty but it's not as good as the experts so I doubt that Russian North Korean us whatever nation state will move completely to AI at the moment because it's not really worth it for them it helps to scale to automize to personalize most of it is just to support it and it's not really powered by it and of course it helps with the Deep fake I think the Deep fakes are probably the most worrisome one because

people will fall for it they will believe it's their boss and we'll start sending money um but we'll see maybe it's changing soon so how to prepare well get yourself one of those Terminators um make sure it's the one that does not try to kill you so go for the one second version that hopefully will protect you and that with that hopefully we should all be happy and uh can enjoy a nice beer here in Lisbon so with that thanks for taking um attention and yeah I'm not sure if you have time for questions

[Applause]