TZUTC: -0500   
   MSGID: 464.consprcy@1:2320/105 2c39f44f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   AI agents can be hijacked to write and send phishing attacks   
      
   Date:   
   Fri, 14 Mar 2025 18:04:00 +0000   
      
   Description:   
   Cybercriminals can use AI agents to write and send social engineering    
   attacks, report warns   
      
   FULL STORY   
      
   Cybercriminals have been using AI to help them in cyberattacks for some time,   
   but the introduction of "Agents", such as OpenAIs Operator , now means   
   criminals have a lot less work to do themselves, experts have claimed.    
      
   Previously, AI tools had been seen helping attackers send high-powered    
   threats at a much quicker rate, dealing out sophisticated attacks more   
   frequently than could have been imagined without the tools - and it lowered   
   the bar for criminals, so even relatively low-skilled cybercriminals could   
   build successful attacks.    
      
   Now, researchers from Symantec have been able to use Operator to identify a   
   target, find their email address, create a PowerShell script aimed at   
   gathering systems information, and send it to the victim using a convincing   
   lure.   
      
   Agents leveraged    
      
   In a demonstration, researchers explained their first attempts failed, with   
   Operator refusing to proceed as it involves sending unsolicited emails and   
   potentially sensitive information. This could violate privacy and security   
   policies.    
      
   With a few tweaks to the prompt though, the agent created an attack   
   impersonating an IT Support worker, and sent out the malicious email. This   
   presents serious risk for security teams, with research consistently showing   
   that human error is the primary cause of over two-thirds of data breaches .    
      
   It may not be long before the agents become a lot more powerful, the report   
   speculates. It is easy to imagine a scenario where an attacker could simply   
   instruct one to breach Acme Corp and the agent will determine the optimal   
   steps before carrying them out.    
      
   This could include writing and compiling executables, setting up   
   command-and-control infrastructure, and maintaining active, multi-day   
   persistence on the targeted network. Such functionality would massively    
   reduce the barriers to entry for attackers.    
      
   AI agents are designed to be like virtual assistants, helping users book   
   appointments, schedule meetings, and write emails. OpenAI takes "these kinds   
   of reports seriously," a spokesperson told TechRadar Pro.    
      
   "Our usage policies prohibit using OpenAI services or products to facilitate   
   or engage in illicit activity, including attempts to defraud, scam or   
   intentionally deceive or mislead others, and we have proactive safety   
   mitigations and strict rate limits in place to mitigate harmful usage.   
   Operator is still a research preview and we are constantly refining and   
   improving."   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/ai-agents-can-be-hijacked-to-write-and-   
   send-phishing-attacks   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426