Skip to content
July 4, 2026
  • Linkedin
  • Twitter
  • Facebook
  • Youtube

Daily CyberSecurity

Zero-hour alerts. Unmatched analysis.

Primary Menu
  • Home
  • CVE Watchtower
  • Cyber Criminals
  • Data Leak
  • Linux
  • Malware
  • Vulnerability
  • Submit Press Release
  • Vulnerability Report
Light/Dark Button
  • Home
  • News
  • Technology
  • Artificial Intelligence will become a hacker artifact
  • Technology

Artificial Intelligence will become a hacker artifact

Do Son February 20, 2018 6 minutes read
network attack
Add as a preferred
source on Google

Machine learning is defined as “the ability to learn without being explicitly programmed,” and it can have a huge impact on the information security industry. This is a potential technology that helps security analysts analyze malware and logs to identify and fix vulnerabilities earlier. Perhaps it also improves terminal security, automates repetitive tasks, and even reduces the possibility of attacks caused by data filtering.

But the problem is that hackers also know this and expect to build their own artificial intelligence and machine learning tools to launch attacks.

These criminals – increasingly organized and increasingly diverse services available on the web – may eventually exceed the speed of defensive innovation. This is taking into account the untapped potential of technologies such as machine learning and deep learning.

“We must recognize that while technologies like machine learning, deep learning, and artificial intelligence will be the cornerstone of future cyber-defense, our rivals are struggling to implement innovations with these technologies.” McAfee CTO Steve Steve Grobman said in a media comment. “As often happens in the area of cybersecurity, the increased artificial intelligence of technology will be the winning factor in an arms race between attackers and defenders.”

Machine-based attacks may still be infrequent for the moment, but in fact, some technologies have begun to be used by criminal groups.

1, Malware escape detection

The creation of malware is largely done by cybercriminals. They write scripts to compose computer viruses and Trojans and use rootkits, password grabbers, and other tools to help distribute and execute them.

But if they can speed this process? Can machine learning help create malware?

The first example of using machine learning malware to create was a paper published in 2017 titled “Examples of Malware Generating GAN-based Black Box Attacks.” In the report, the authors uncovered how they built a Generative Anti-Network (GAN) algorithm to generate counter-malware samples, and the key was to be able to bypass the machine-learning detection system.

In another example, at DEFCON 2017, security company Endgame revealed how it created custom malware using Elon Musk’s OpenAI framework to create malware that security engines cannot detect. Endgame’s research is based on seemingly malicious binaries, and by altering some of these sections, the code looks benign and trustworthy in the anti-virus engine.

In the meantime, other researchers predict that machine learning will eventually be used to “modify code based on detection in the lab,” an extension of polymorphic malware.

2, An intelligent botnet for scalable attacks.

Fortinet, a security firm, sees 2018 as the year for “Hivenets” and “Swarmbots,” essentially marking “smart” IoT devices that can be ordered to scale-up vulnerable systems. “They will be able to talk to each other and act on shared local information,” said Derek Manky, global security strategist at Fortinet. “In addition, ‘zombies’ will become clever enough to act without the guidance of ‘botnet shepherds.’ As a result, the cellular network will grow exponentially and expand its ability to attack victims at the same time and significantly hinder the ease and response. ”

Interestingly enough, Manky said the attacks have not yet used clustering technology that could allow these cellular networks to learn from past behavior. A branch of artificial intelligence, cluster technology is defined as “the collective behavior of decentralized, self-organizing systems, natural or artificial,” and is now being used in drones and emerging robotic devices.

3, Advanced harpoon phishing become more intelligent

A more obvious application of adversarial machine learning is the use of algorithms such as text conversion to speech, speech recognition and natural language processing (NLP) for smarter social engineering. After all, you’ve been able to make this kind of software a writing style through the repeated use of neural networks, so in theory phishing email can get more complicated and credible.

In particular, machine learning can make advanced spear phishing a target for celebrities while automating the process. The system can train on real e-mail and learn to do something that seems convincing.

In its McAfee lab forecast for 2017, the company said criminals will increasingly use machine learning to analyze large numbers of privacy records to identify potential victims and establish background details that are effective against them e-mail.

In addition, in 2016, Black Hat USA, John Seymour and Philip Tully presented an article entitled “Weapon Data Science for Social Engineering: Implementing Automatic E2E Harpoon Phishing on Twitter “, which presented a recursive neural network learning that pushes fishing tackles on Twitter to target specific users. In this paper, they present the SNAP_R neural network, which is trained on spear phishing test data and is dynamically posted on the timeline of target users (and their tweets or tracking users) Extracted, making it more likely to click.

Afterwards, the system is very effective. With 90 users, the success rate of the framework is between 30% and 60%, with a considerable improvement over the results of manual spear phishing and batch fishing.

4, Threat intelligence is out of control

In machine learning, threat intelligence can be said to be mixed. On the one hand, it is generally accepted that machine learning systems will help analysts identify the real threats from multiple systems.

However, there is also a view that cybercriminals will adapt how to simply overload these alarms again. McAfee’s Grobman previously pointed to a technique called “noise floor enhancement.” “Hackers can use this technology to ‘bomb’ an environment, creating lots of proactive error messages for normal machine learning models.” Once the target recalibrates its system to filter out false alarms, an attacker can initiate an A real attack through a machine learning system.

5, Unauthorized access

An early example was published in 2012 by researchers Claudia Cruz, Fernando Uceda and Leobardo Reyes on the topic of security attacks Machine learning They use support vector machines (SVMs) to destroy a system that runs on re-validated images with an accuracy of up to 82%. All of the CAPTCHA mechanisms have been improved later, however, and researchers again use deep learning to crack the CAPTCHA code. In an article published in 2016 detailing how to use deep learning to crack a simple captcha with 92% accuracy.

In addition, BlackHat’s “I’m a Robot” study last year revealed how researchers can crack the latest semantic image captchas and compare various machine learning algorithms. The paper mentions 98% accuracy on Google’s captcha system.

6, Poisoning machine learning engine

A simpler and more effective technique is to poison a machine learning engine used to detect malware, making it ineffective, just as cybercriminals used to do with anti-virus engines. This sounds easy. The machine learning model learns from the input data. If the data pool is poisoned, the output is poisoned. Researchers from New York University demonstrated how convolutional neural networks (CNN) produce these spurious (but controlled) results through CNNs like Google, Microsoft, and AWS.

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.


We respect your inbox. Unsubscribe anytime.

Related coverage

  • Encrypted Client Hello can completely prevent operators from tracking the websites users visit
  • Broadcom’s Game-Changing Move: VMware Fusion and Workstation Now Free for All Users
  • IBM Spends $11 Billion on Confluent to Build Its AI ‘Intelligent Data Platform’
  • Google is strengthening Android security and encourages vendors to strongly encrypt devices
  • Meta Fixes ‘Broken’ Support: Rolling Out AI Assistants and New Recovery Hubs

Support Our Threat Intelligence

If you find our CVE report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee Logo Buy Me a Coffee PayPal
Crypto QR Code
USDT (TRC20):
TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm
USDT (ERC20):
0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce

Share this article:

Facebook Post LinkedIn Telegram
Written by
@DdoS · Security Researcher

Do Son

Do Son is the Founder and Editor of SecurityOnline.info. Working in cybersecurity since 2013, he reports on vulnerabilities, malware, and emerging threats, providing timely analysis to help organizations and individuals stay ahead of evolving risks.

Tags: artificial intelligence

Search

Translation

CVE WATCHTOWER
🚨

Receive alerts for vulnerabilities being exploited in the wild.

⚡

Get notified instantly when a Proof of Concept (PoC) exploit is published.

🔍

Access critical info on vulnerabilities even when marked as "RESERVED".

🧠

Insights powered by decades of expertise and global intelligence sources.

🎯

Customize alerts with up to 10 keywords for your specific tech stack.

📊

Export the raw CVE database for SIEM integration and reporting.

Upgrade Package

🚨 Active Exploits in the Wild

  • CVE-2026-48282CVSS 10.0
    ColdFusion versions 2025.9, 2023.20 and earlier are affected by an Improper Limitation of a Pathname to a Restricted...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2024-14037CVSS 9.8
    Redsea Cloud eHR contains an arbitrary file upload vulnerability that allows unauthenticated attackers to achieve remote code execution...
    Admin intel📅 Updated: Jul 3, 2026
  • CVE-2026-8451CVSS 8.8
    Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured...
    Admin intel📅 Updated: Jul 2, 2026
  • CVE-2026-8037CVSS 9.6
    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to...
    Admin intel📅 Updated: Jul 1, 2026
  • CVE-2026-45659CVSS 8.8
    Deserialization of untrusted data in Microsoft Office SharePoint allows an authorized attacker to execute code over a network.
    CISA KEV📅 Added to KEV: Jul 1, 2026
  • CVE-2026-48558CVSS 10.0
    SimpleHelp versions 5.5.15 and prior and 6.0 pre-release versions contain an authentication bypass vulnerability in the OIDC authentication...
    Admin intelCISA KEV📅 Added to KEV: Jun 29, 2026📅 Updated: Jun 29, 2026
  • CVE-2026-46817CVSS 9.8
    Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmission). Supported versions that are affected...
    Admin intel📅 Updated: Jun 29, 2026
  • CVE-2026-28496CVSS 9.4
    FOSSBilling is a free, open-source billing and client management system. Versions prior to 0.8.0 have a Server-Side Template...
    Admin intel📅 Updated: Jun 25, 2026
Powered by CVE Watchtower

🔴 Live Critical Threats

  • CVE-2026-58426CVSS 9.6
    Gitea Actions Artifacts V4 signed URL HMAC ambiguity allows cross-repository artifact read...
  • CVE-2026-58289CVSS 9.0
    Access of resource using incompatible type ('type confusion') in Microsoft Edge (Chromium-based)...
  • CVE-2026-22874CVSS 9.6
    Gitea versions up to and including 1.26.2 have incomplete SSRF protection in...
  • CVE-2026-20896CVSS 9.8
    Gitea Docker image versions up to and including 1.26.2 use REVERSE_PROXY_TRUSTED_PROXIES=* by...
  • CVE-2026-4321CVSS 9.8
    Improper neutralization of special elements used in an SQL command ('SQL injection')...
  • CVE-2026-14544CVSS 9.8
    A flaw was found in HPLIP (HP Linux Imaging and Printing Software)....
  • CVE-2026-9725CVSS 9.1
    The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress...
  • CVE-2026-13768CVSS 10.0
    Gardyn devices expose a privileged iothubowner key. Access to this key will...
  • CVE-2026-57100CVSS 9.9
    Server-side request forgery (ssrf) in Microsoft Entra Provisioning Service (SyncFabric) allows an...
  • CVE-2026-45499CVSS 9.9
    Server-side request forgery (ssrf) in Azure OpenAI allows an authorized attacker to...
Powered by CVE WATCHTOWER

Get Zero-Hour Vulnerability Alerts

Critical CVEs, CVSS scores, and PoC updates — straight to your inbox every week.

    We respect your inbox. Unsubscribe anytime.

    Our Websites
  • Penetration Testing Tools
  • The Daily Information Technology
  • Daily CyberSecurity

    • About SecurityOnline.info
    • Advertise with us
    • Announcement
    • Contact
    • Contributor Register
    • Login
    • About SecurityOnline.info
    • Advertise on SecurityOnline.info
    • Contact Us

    When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works

    • Disclaimer
    • Privacy Policy
    • DMCA NOTICE
    • Linkedin
    • Twitter
    • Facebook
    • Youtube
    © 2017 - 2026 Daily CyberSecurity. All Rights Reserved.