TZUTC: -0500   
   MSGID: 1087.consprcy@1:2320/105 2c78ce58   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   Agentic AI will accelerate social engineering attacks   
      
   Date:   
   Thu, 01 May 2025 07:39:04 +0000   
      
   Description:   
   Autonomous AI systems now launch sophisticated phishing campaigns with   
   unprecedented effectiveness.   
      
   FULL STORY   
   ======================================================================   
      
   AI agents are everywhere today and are reshaping how social engineering    
   works. These autonomous systems now independently launch coordinated phishing   
   campaigns across multiple channels simultaneously, operating with an   
   efficiency human attackers cannot match. They work continuously, make fewer   
   mistakes, and require no supervision to effectively target organizations.    
      
   And they are effective. AI-generated phishing emails achieve a 54%   
   click-through rate compared to just 12% for their human-crafted counterparts.   
   What makes these attacks so effective? Unlike batch-and-blast approaches, AI   
   agents build detailed psychological profiles from vast datasets, crafting   
   messages that speak directly to individual fears, habits and vulnerabilities.    
      
   More troubling is their adaptive intelligence. These systems learn from each   
   interaction, adjusting tactics based on your responses in real-time across   
   email , text, voice calls and social platforms simultaneously. A hesitant   
   reply becomes valuable feedback that sharpens the next approach.    
      
   Security teams find themselves outpaced as conventional defenses crumble   
   against threats that evolve by the minute. The production scale is equally   
   concerning: thousands of personalized phishing attempts generated in seconds,   
   each one refined by previous successes and failures.    
      
   Leading organizations are responding with their own AI-powered defensive   
   systems that detect subtle patterns human analysts might miss. This arms race   
   has also accelerated interest in fundamentally different authentication   
   approaches and cybersecurity awareness programs that address these new   
   psychological vectors.    
      
   The question isn't whether your organization will face these advanced    
   attacks, but whether you'll recognize them when they arrive.   
      
   But What The Heck Are AI Agents Anyway?   
      
   Between marketing hype and technical jargon, understanding what constitutes    
   an "AI agent" has become unnecessarily complicated. At its core, an AI agent   
   is simply software that can act independently toward specific goals without   
   constant human guidance.    
      
   Unlike traditional automation tools that follow rigid instructions, agents   
   perceive their environment, make decisions based on what they observe, and   
   adapt their approach as circumstances change. The most sophisticated agents   
   can plan multi-step sequences, learn from mistakes, and improve strategies   
   over time.    
      
   These capabilities come in different forms. Basic reactive agents respond to   
   triggers without memory or context. More advanced proactive agents initiate   
   actions to accomplish specific objectives. Learning agents continuously    
   refine their performance through feedback, while fully autonomous agents   
   operate with minimal human oversight.    
      
   What separates modern AI agents from previous technologies is their ability    
   to handle uncertainty and complexity. Using large language models and other    
   AI tools, today's agents can understand natural language, recognize patterns   
   across massive datasets, and navigate ambiguous situations with remarkably   
   human-like reasoning.    
      
   This flexibility makes agents valuable for legitimate tasks like customer   
   service, data analysis, and process automation. However, these same   
   characteristicsautonomous operation, adaptability, and social   
   intelligencecreate perfect tools for sophisticated social engineering when   
   repurposed for attacks.   
      
   Why AI Agents Excel at Social Engineering    
      
   The marriage of AI agents with social engineering creates uniquely effective   
   attacks that traditional security measures struggle to counter. Their   
   advantage comes from automating the most labor-intensive parts of social   
   engineering while simultaneously improving the quality of each interaction.    
      
   Reconnaissance, traditionally the most time-consuming phase, happens   
   automatically as agents collect and analyze digital breadcrumbs scattered   
   across social media , company websites, and public records. These systems   
   build comprehensive profiles of potential targets without human effort,   
   identifying vulnerabilities in seconds rather than days.    
      
   The resulting attacks achieve unprecedented personalization. Rather than   
   generic "Dear Customer" messages, AI agents craft communications that   
   reference specific projects, colleagues, interests, or recent activities.    
   This contextual awareness makes phishing attempts nearly indistinguishable   
   from legitimate communications.    
      
   Perhaps most concerning is their ability to adapt in real-time. When a target   
   hesitates or questions an initial approach, agents adjust their tactics   
   immediately based on the response. This continuous refinement makes each   
   interaction more convincing than the last, wearing down even skeptical    
   targets through persistence and learning.    
      
   The economics also shift dramatically in the attacker's favor. AI-generated   
   campaigns achieve higher success rates at a fraction of the cost of   
   traditional methods. A single operator can now orchestrate thousands of   
   simultaneous, personalized attacks across email, voice, text, and social   
   platformseach one polished and grammatically perfect.    
      
   These capabilities create a democratizing effect in cybercrime. Advanced   
   social engineering no longer requires elite skills or resources. The    
   technical barriers have fallen, allowing even inexperienced attackers to   
   execute sophisticated campaigns with minimal investment or expertise.    
      
   Most alarming is how these systems improve over time. Each successful or   
   failed attempt becomes valuable training data that refines future attacks. AI   
   agents effectively learn which approaches work best for specific    
   demographics, industries, or individuals, making each campaign more effective   
   than the last.   
      
   AI Agents Expand Your Attack Surface    
      
   The introduction of AI agents into business operations creates new entry   
   points for attackers while also expanding the scope of what they can target.   
   Each AI-powered system, tool, or service becomes another potential vector   
   requiring protection and monitoring.    
      
   Security leaders need comprehensive exposure management strategies that   
   account for these expanded attack surfaces. With over 80% of breaches   
   involving external actors, organizations must prioritize defensive measures   
   that address these new vulnerabilities:    
      
    Focus on external exposures. Continuously monitor internet-facing assets,   
   especially AI endpoints and related infrastructure, where the majority of   
   initial compromises occur.    
      
    Find everything: Conduct exhaustive discovery across all business units,   
   subsidiaries, cloud services , and third-party integrations. AI systems often   
   create complex dependency chains that introduce unexpected exposure points.    
      
    Test everything: Implement regular security testing on all exposed assets,   
   not just "crown jewel" systems. Traditional approaches miss how seemingly   
   low-priority systems can provide backdoor access when connected to AI   
   infrastructure.    
      
    Prioritize based on risk : Evaluate threats based on business impact rather   
   than technical severity alone. Consider data sensitivity, operational   
   dependencies, and regulatory implications when allocating remediation   
   resources.    
      
    Share broadly: Integrate findings into existing security operations through   
   automation and clear communication channels. Ensure relevant stakeholders   
   receive information that informs broader security operations and incident   
   response processes.    
      
   AI agents are already accelerating social engineering attacks beyond what   
   traditional defenses can handle. Security teams must implement robust    
   exposure management now, while building AI-specific detection capabilities,    
   or risk finding themselves outmatched by attacks they can't distinguish from   
   legitimate communications.    
      
    This article was produced as part of TechRadarPro's Expert Insights channel   
   where we feature the best and brightest minds in the technology industry   
   today. The views expressed here are those of the author and are not   
   necessarily those of TechRadarPro or Future plc. If you are interested in   
   contributing find out more here:   
   https://www.techradar.com/news/submit-your-story-to-techradar-pro   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/agentic-ai-will-accelerate-social-engineering-at   
   tacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426