Kevin BeaumontNov 14

Volexity put out a report about likely GenAI being used in cyber attacks by China... and it contains IOCs! It's a good report.

It has all the low hanging fruit classics defenders have been aware of forever, e.g. .rar files with .exe files inside, all of the "GenAI malware" was detected out of the box across all leading vendors etc etc.

Also the payloads contain unique phrases (and Wav files, lol) which made them easy to detect.

https://www.volexity.com/blog/2025/10/08/apt-meets-gpt-targeted-operations-with-untamed-llms/

Show threadKevin BeaumontNov 14

The samples are worth a pull and look, there's tons of existing community detections you can use for them.

Because of the embedded strings it's super easy to track the threat actor.

Show threadKevin Beaumont

Volexity piggy backed on the (slightly crap) WSJ article about GenAI citing Anthropic for publicity over this, which isn't ideal, but I get it.

The leading take away for defenders, now there's some actual IOCs, I think is... keep defending. If your existing vendors and controls aren't picking this stuff up, you have a crap vendor.

You shouldn't really be getting owned by widely detected .exes in .rar files from random websites. It isn't advanced cyber warfare.

Nov 14 at 4:55pmWeb
Show threadKevin BeaumontNov 14

If this is the best the entire cyber industrial complex can find for China and Russia GenAI threats.. the reality 3 years into the GenAI "war" is that people are fighting you with water pistols at present.

Water pistols are annoying, but if you can't defend against a child spraying you with water, you're already in trouble.

So keep calm and carry on. You probably haven't even worked out how to patch your edge VPN appliance anyway.

Show threadKevin BeaumontNov 14

Also, if you're about to hit reply and go "but Kevin, soon they'll be able to hack past any security control! AI is god!" then.. a) get on LinkedIn to post that stuff and b) AI isn't god. It's a probability engine repeating things people already know.

The entire cyber industry is already built around detecting that. The cyber industry and the AI industry have a financial incentive to scare you into buying Agentic AI agents and such. Don't fall for it without _real_ evidence, not 'could'.

Show threadKevin BeaumontNov 14
Addition: https://bsky.app/profile/rndmamusings.bsky.social/post/3m5m6bggxdk24
Show threadcerementNov 14

@GossiTheDog

this is starting to read like: “Tons of water and electricity and computing power versus one regex”

Show threadDr. Christopher KunzNov 14
@GossiTheDog 🫡 This.
Show threadloucoveyNov 14
@GossiTheDog I've been having endless interviews with cyber companies pushing the rapid growth of AI use by criminals. I keep pointing out that even while the number of attacks is increasing with genAI tool, the percentage of successful attacks is crashing. So AI makes cybercriminals less efficient... just like it does for companies that layoff workers to replace them with agents. None have come up with a decent response.
Show threadderptronNov 14

@GossiTheDog Your conclusion b doesn't really follow from any of your stated facts.

For example, if instead of b you go with, "God is a probability engine endlessly repeating crap people already know," suddenly a lot of stuff starts to fall into place. Gives The Bible some context.

Maybe more than we realize if we posit the invention of time travel. Has anyone actually read that book to see if there's a disclaimer from an AI in it?

Show threadFor I am CJ   Nov 14

@GossiTheDog

But Kevin....

<s> Surely Ai will some day... many more generations of (fake) Ai from now... it will be capable of
</s>

Just kidding...

Sadly, I didn't book mark this, but here's how well the industry pivot to selling "agentic" as the next hype cycle is going:

One of the AI companies (I think it was Anthropic)... recently introduced the ability to have your 'agents'... run scripts

So NOW.. you can have the AI that Leader-Shit is forcing 'down'... just be a stub for running a python or PowerShell script... that your team could have written to 'automate' something in the first place