In fact, credential theft is currently the leading attack technique against cloud management infrastructure, cited by 67% of organizations that have suffered cloud attacks. Imagine not just the 7,000 robotic vacuum cleaners, but a whole community’s Nest or Ring devices, being controlled by an AI agent instead.
“Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly,” warned Sébastien Cano, senior vice president of cybersecurity products at Thales. When basic security measures like identity governance and access policies are weak, Cano notes, “AI can amplify those weaknesses across corporate environments far faster than any human ever could.”
Making matters worse, the very tools used to build software are lowering the barrier to entry for exploiting these systems. AI-powered coding tools—like the one Azdoufal used to easily reverse-engineer the DJI servers—make it significantly easier for individuals with less technical knowledge to uncover and exploit software flaws. Despite these escalating automated threats, only 30% of companies surveyed currently have a dedicated AI security budget, relying instead on traditional perimeter defenses built for human users.
As Eric Hanselman, chief analyst at S&P Global’s 451 Research, pointed out, a fundamental paradigm shift is urgently required.
“As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional,” Hanselman stated.
Without a radical rethinking of identity and encryption protocols, society is essentially leaving the front door wide open for the proverbial next software engineer with a video game controller.
