Connect with us

Infosecurity

A Chasm at the Top: 75% of CISOs Say Executives Don’t Understand the Cyber Risks Employees Face

Published

on

CISO executive cybersecurity gap

The Numbers Are Stark: A Leadership Disconnect

More than three-quarters of cybersecurity chiefs believe the executives they report to simply do not grasp the real-world dangers their employees face online. That is the headline finding from a new report by MetaCompliance, released July 9 and based on a survey of over 200 CISOs across Europe. Specifically, 78% said C-level leaders lack a full understanding of the cybersecurity risks tied to everyday employee behavior.

This disconnect comes at a particularly dangerous moment. Workers are being hammered by phishing attacks, and the rapid rise of generative AI has given attackers powerful new tools to craft convincing scams. The result? A growing tension between the security teams on the front lines and the boardroom above them.

Why the Boardroom Gap Matters Now More Than Ever

It is not just a matter of bruised egos. This CISO executive cybersecurity gap has real consequences. According to the survey, 79% of CISOs said executive support for security awareness initiatives fades over time. Initial enthusiasm for a new training program or a security push evaporates, leaving cybersecurity leaders to fight evolving threats with dwindling backing from above.

That lack of sustained support makes it far harder to protect the organization. Employees remain the weakest link, and the threats are getting smarter. AI-based social engineering attacks have become increasingly sophisticated and scalable. As James Mackay, CEO of MetaCompliance, put it: “Attackers are no longer relying on obvious scams or poorly written phishing emails. They can now create highly convincing impersonation attempts, social engineering attacks and fraudulent communications at scale.”

Mackay added that the situation demands something more than a one-off training session. “Human cyber risk is no longer just an awareness issue or a training issue; it is a strategic business risk,” he said. “But our research shows that many CISOs are still trying to drive change without consistent senior support, clear ownership or a shared understanding of the risk across the business.”

Confidence Is Dropping — and AI Is a Big Reason Why

The survey reveals that half of CISOs now feel less confident in their organization’s cyber resilience than they did just 12 months ago. The primary culprit? The rise of highly sophisticated, AI-driven attacks. These are not the clumsy phishing emails of yesteryear. Modern attacks use large language models (LLMs) and AI agents to mimic real colleagues, vendors, or executives with startling accuracy.

This erosion of confidence is a red flag for any organization. When the person responsible for security starts to doubt the company’s defenses, the entire posture is weaker. And the problem is compounded by internal fragmentation.

Fragmented Policies and Siloed Thinking

Another reason CISOs are struggling, according to the report, is a lack of joined-up thinking across the business. Different departments often operate under different security policies, creating gaps and inconsistencies. One team might have strict access controls, while another takes a lax approach. This inconsistency can lead directly to data loss or a full-blown incident.

The rise of generative AI in the workplace has only deepened this chaos. A worrying 40% of the CISOs surveyed said they fear employees are sharing sensitive information with public generative AI platforms like ChatGPT. This kind of shadow use can result in serious data breaches or privacy violations, and it often happens without the knowledge of the IT or security team.

What Needs to Change: Sustained Executive Backing

Fixing this problem is not about buying a new tool or running another phishing simulation. It requires a fundamental shift in how the board views cybersecurity. The CISO can no longer be a lone voice in the wilderness. Executives need to treat human cyber risk as a core business risk — one that demands ongoing attention, not just a quarterly check-in.

Mackay summed it up bluntly: “If leadership support fades after the initial push, organisations are left exposed. Building resilience against AI-enabled threats requires sustained executive backing, better stakeholder alignment and a more intelligent, behaviour-led approach to managing human cyber risk.”

For CISOs, the takeaway is clear. Bridging the CISO executive cybersecurity gap is not optional; it is survival. Without a shared understanding at the top, even the best security strategy will eventually fall apart. And with AI-powered social engineering growing more convincing by the day, the cost of that disconnect is only going to rise.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Infosecurity

A 15-Year-Old Used ChatGPT to Wreck an Anime Streaming Service. Now He’s Under Arrest.

Published

on

Japanese teen arrested

A teen in Japan allegedly weaponized ChatGPT to tear down a major anime platform from the inside.

Tokyo police have arrested a 15-year-old high school student for a cyberattack that forced an anime streaming service offline for more than a month. The suspect, whose name has not been released, lives in a city near Tokyo. He is accused of exploiting a server vulnerability on Bandai Channel, a subscription-based anime platform, to fraudulently cancel over 46,000 user accounts.

The case is drawing attention not just for the scale of the disruption, but for the tool the teenager used to pull it off: ChatGPT.

According to the Tokyo Metropolitan Police Department, the boy analyzed the service’s network traffic, identified a flaw in its servers, and then wrote a malicious program with the help of OpenAI’s chatbot. That program automated the attack, flooding Bandai Channel with fraudulent data in November 2025. Thousands of subscriptions were wiped out. The company had no choice but to suspend the entire platform while it rebuilt its systems and refunded angry customers.

How the attack worked

The teenager didn’t just stumble into the server room. Police say he reverse-engineered the platform’s network communications, spotted a weakness, and coded a script to exploit it at scale. ChatGPT helped him write the malicious code quickly and effectively.

The attack itself was blunt: send fake cancellation requests en masse, overwhelm the system, and watch accounts vanish. But the aftermath was anything but simple. Bandai Channel remained offline for over a month. The operator had to repair damaged infrastructure and process refunds for tens of thousands of subscribers.

Police say the company detected the breach early and blocked the suspect’s IP address. That didn’t stop him. He simply kept switching addresses and continued the cancellations from new locations.

A self-taught programmer with no grudge

When investigators finally caught up with him, the boy didn’t deny it. He admitted to the attacks and told police he held no grudge against Bandai or its parent company, Bandai Namco — one of Japan’s largest entertainment conglomerates and the publisher of globally famous video game franchises. Instead, he explained that he taught himself programming and simply enjoyed analyzing network communications. The attack, he suggested, was more about curiosity and technical challenge than malice.

His first arrest came in June, on a separate charge: logging into another user’s account without permission. That arrest triggered a deeper investigation that tied him to the November attack.

Bandai Namco’s history with cyber trouble

This isn’t the first time the company behind Bandai Channel has faced a serious security incident. In 2022, Bandai Namco disclosed a breach that may have exposed customer data after unauthorized access to systems used by several of its Asian subsidiaries. The AlphV ransomware group later claimed responsibility for that attack.

The 2025 incident, though smaller in scope, was arguably more disruptive in practice — taking an entire streaming service offline for weeks. The company reported the attack to police in November, and investigators identified the suspect by analyzing communication records.

What this case says about the next generation of hackers

A 15-year-old using ChatGPT to build an attack tool is a wake-up call. It shows how generative AI lowers the barrier to entry for serious cybercrime. You no longer need years of coding experience or access to dark-web forums. A chatbot can help you write the exploit.

Law enforcement in Japan is taking the case seriously, but the broader implications are harder to police. As AI tools become more powerful and more accessible, we’re likely to see more teenagers — and younger — experimenting with them in dangerous ways. The line between learning and breaking the law is getting thinner by the day.

For now, the boy faces legal proceedings in a country known for its strict cybercrime laws. Bandai Channel is back online. But the incident leaves an uncomfortable question hanging in the air: how many more curious kids are out there, armed with ChatGPT and a server vulnerability?

Continue Reading

Infosecurity

How a Hacker Used AI ‘Vibe-Coding’ to Map an Active Directory Network in Real Time

Published

on

vibe-coded malware

A PowerShell Script That Screamed ‘AI’

On June 3, a threat actor broke into a corporate network. They didn’t use a polished exploit kit or a dark-market trojan. They used a PowerShell script that an LLM had vibe-coded — built line by line through plain-English prompts, with errors pasted in until it finally ran.

Security firm Huntress recovered the script from the incident and published its analysis on July 8. The file’s name alone gave it away: “100% Working AD Information Gathering Script – FULLY FIXED”. That phrasing, Huntress noted, is a dead giveaway of a back-and-forth with a large language model — a human copying error messages back into the chat until the AI spat out something that compiled.

The attacker didn’t even bother to edit out the placeholder server name the LLM had invented as an example. It was still in the code, untouched.

What the Vibe-Coded Malware Actually Did

Once executed, the script set out to map the target’s Active Directory environment. It harvested user accounts, computer names, security groups, and trust relationships, dumping everything into neatly formatted spreadsheets. Then — and this is the part that caught researchers off guard — the LLM had apparently added its own flourish: a tidy HTML report summarizing the stolen data.

“The script was over-engineered in the way only an AI would produce it,” Huntress wrote. A human coder would pick one method to find the domain controller. This script had five separate fallback methods, each one more convoluted than the last. It also loved colorful console output — another AI hallmark.

The AI Fingerprints Were Everywhere

Huntress called the script a “case study in how criminals are weaponizing AI.” The telltale signs included:

  • Left-behind comments from the LLM’s example code
  • Unnecessary complexity in logic branches
  • A default server name that was never replaced
  • Excessive error-handling loops that no human would write

The Same Old Smash-and-Grab, Just Faster

Despite the novelty of the tool, Huntress was careful to say: AI isn’t changing the game fundamentally. The intrusion followed a classic playbook. The attacker logged in over RDP with stolen credentials, dropped the script into a common Windows folder, and ran it to scout the terrain.

For exfiltration, they used legitimate cloud tools — s5cmd and SharpShares — to siphon the data out. No custom backdoors. No sophisticated C2 infrastructure. Just a familiar smash-and-grab, accelerated by an AI-generated reconnaissance tool.

Why Signature Detection Fails Against Vibe-Coded Malware

Here’s the real headache for defenders: that script was one of a kind. It had never been seen before, and it will almost certainly never appear again in the exact same form. The file hashes and static signatures that antivirus products rely on were completely useless.

“Vibe coding lowers the barrier to entry for cybercrime, allowing unsophisticated actors to generate highly capable, evasive tooling on the fly,” Huntress warned. Even a mediocre attacker can now spin up bespoke, one-off tools with nothing more than a browser and a clear prompt.

What Defenders Should Do Instead

Huntress’s recommendation is blunt: abandon signature-based thinking. Behavioral analytics — watching what a process does rather than what file it is — catch the underlying actions that no LLM can hide. The script still had to enumerate Active Directory. It still had to reach out to the domain controller. It still wrote spreadsheets to disk. Those behaviors are hard to mask, regardless of how the code was generated.

The Takeaway for Security Teams

This isn’t a warning about some future threat. It’s a post-mortem of an attack that already happened. The era of AI-generated, vibe-coded malware is here, and it’s handing unsophisticated criminals the ability to produce custom tooling on demand.

The code may be messy, over-engineered, and littered with AI hallmarks like orphaned comments and placeholder server names. But the threat it poses is very real. Defenders need to shift their focus from “what file is this?” to “what is this process doing?” — because the AI can write the script, but it can’t hide the behavior.

Continue Reading

Infosecurity

Agentic AI Helped a Lone Attacker Breach Cloud Systems in 72 Hours — Here’s How

Published

on

A 72-Hour Cloud Compromise Fueled by Agentic AI

It used to take weeks for a lone attacker to pull off a cloud compromise. Now, thanks to agentic AI, it can happen in three days. That’s the central finding from a new report by Israeli security vendor Sygnia, titled Inside an AI-Assisted Cloud Attack: Familiar Techniques at Unfamiliar Speed.

The report details how a single threat actor broke into an AWS environment, aiming for extortion. They didn’t rely on novel malware or zero-day exploits. Instead, they weaponized AI to accelerate tried-and-tested cloud attack methods. The result? A complete compromise in just 72 hours — a timeline that would have traditionally spanned weeks.

This isn’t a story about a new vulnerability. It’s a story about speed, scale, and the exploitation of basic control gaps.

How the Attack Unfolded: Secrets, Backdoors, and Impact Actions

The attacker began by obtaining an access key to one of the target’s AWS accounts. The entry point? Weaknesses in an internet-facing application — a common but often overlooked flaw.

Once inside, they deployed agentic AI workflows to run four parallel tasks simultaneously:

  • Searching for secrets and credentials across the AWS environment. This included plaintext secrets in S3 buckets, API keys from application databases, credentials stored in AWS Secrets Manager, and parameters in AWS Systems Manager Parameter Store.
  • Creating backdoors and persistence mechanisms — such as spinning up new access keys and IAM users, establishing reverse shells on EC2 instances and ECS containers, and modifying deployment files.
  • Exfiltrating data from RDS databases.
  • Performing impact actions to demonstrate capability: denying access to S3 buckets, scaling ECS services down to zero, creating ACL rules to block network access, and purging SQS queues.

These aren’t exotic techniques. But running them concurrently with AI orchestration made them devastatingly fast.

Why the Attack Succeeded: Visibility and Identity Gaps

The report stresses that the attacker didn’t just benefit from AI. They also benefited from the organization’s weaknesses in visibility, monitoring, identity controls, and incident preparedness.

Secrets management was a mess. Identity governance had holes. Deployment workflows lacked guardrails. Cloud permissions were overly permissive. In short, the environment was primed for exploitation — and agentic AI simply turned the crank faster.

Avi Dayan, VP of incident response at Sygnia, put it bluntly: the key takeaway for his team was the speed of movement post-intrusion and the sheer volume of malicious activity executed in a short window.

“This case underscores a growing challenge for defenders,” Dayan said. “As large language models and agentic AI become more accessible, they have the potential to lower the barrier to entry, accelerate attack workflows, and enable less sophisticated or resource-constrained threat actors to operate with unprecedented speed and scale.”

What Defenders Can Do: Containment Measures That Matter

Sygnia’s report doesn’t just describe the problem — it offers a set of practical containment measures for network defenders. Here’s what they recommend:

  • Restrict cloud management access through IP allowlisting, permitting access only from trusted locations.
  • Disable remote access VPN connectivity until containment steps are complete.
  • Restrict outbound internet connectivity for workloads, servers, and cloud resources to approved destinations only.
  • Apply firewall policies and network ACLs to block communication with known malicious infrastructure and restrict access to accidentally exposed assets.
  • Enforce IP restrictions on source code repositories and development platforms.
  • Route all app traffic through web application firewalls (WAFs).
  • Implement network segmentation and isolation controls to limit lateral movement.

These aren’t flashy solutions. They’re basics. But as this attack shows, basics matter more than ever when attackers can move at AI speed.

The Bigger Picture: Agentic AI Lowers the Bar for Attackers

This isn’t the first time researchers have flagged the threat of agentic AI in cyberattacks. Earlier this year, a separate team claimed they had built the first fully agentic ransomware, dubbed JadePuffer. The pattern is clear: AI isn’t just helping defenders — it’s supercharging attackers.

What makes this case particularly sobering is that the attacker wasn’t a sophisticated nation-state group. It was a lone actor, using publicly available AI tools to multiply their reach. The techniques were old. The speed was new.

For cloud security teams, the message is urgent: fix your identity governance, lock down your secrets management, and improve your visibility. Because the next attacker might not need weeks. They might only need a weekend.

If you’re looking to shore up your defenses, start with cloud security breach prevention and incident response speed improvements. The clock is ticking faster than ever.

Continue Reading

Trending