AI doesn’t yet do any hacking. It is a force multiplier for both red teams and for blue teams. Red teams (hackers) can use AI to learn to program/script better or faster, or more importantly to more accurately speak in the natural language of their target (thereby building more trust).
Basic security hygiene is the most important first priority for every company. Basic password reuse, unpatched applications, email/SMS phishing, false invoices, etc are the most common security issues. If a company didn’t have a handle on those things before ChatGPT, AI helps their adversaries be more efficient.
There was already an issue where the value / reliability of cyber insurance was questioned, and if ChatGPT creates more successful fraud, premiums will likely continue to risk, making insurance increasingly unaffordable.
How can I be afraid by AI if my smartphone use to give its root to anybody but me (bank apps, the vendor, Quallcomm, FBI, Pegasus)?
[dead]
If your security posture is mostly filled with current best practices then AI hacks aren't anymore scary than regular hacks.
Phishing is by far the number one way we have been hacked in the past. Education, MFA and soon passwordless logins are the best way to prevent phishing. If your CEO calls you and asks for your network credentials, DON'T DO IT!!! It doesn't matter that it sounds a lot like them.
For personal use devices, we are are already required to install some "endpoint protection" app if we want to access company resources. I don't do it simply so I don't have to and I get to say I don't have access to email outside of work hours.
AI hacks are not any more sophisticated than regular hacks; it's more like the level of technical sophistication has been lowered to make use of them. This is constantly happening anyway, as hacks are integrated into commodity pen testing frameworks.