A new era of AI is emerging and it’s more autonomous than ever before. Agentic AI is set to transform the way people interact with technology, marking a paradigm shift in artificial intelligence.
Unlike generative AI (GenAI), agentic AI is proactive, and can solve complex problems and make decisions autonomously without human oversight. While these capabilities will prove hugely beneficial for enterprises, it is highly likely that ransomware groups will also look to exploit agentic AI to execute more effective attacks with much greater efficiency, at scale.
Security professionals should take note because today’s emerging agentic AI models are set to revolutionize cybercriminal tactics and supercharge the ransomware exploits of bad actors. With that in mind, let’s take a look at how security teams should prepare for the floodgate of possibilities on the horizon.
Head of Offensive Security at Six Degrees.
Agentic AI – what’s different?
Back in 2022, the release of ChatGPT ignited concerns among security experts who postulated that threat actors could leverage generative AI to do bad things. Fortunately, these predictions about an AI security apocalypse proved unfounded. Instead, cybercriminals used gen AI tools to streamline tasks such as generating and debugging malware code and industrializing the creation of sophisticated phishing content.
It turned out that while gen AI’s coding and scripting abilities boosted some aspects of their activities, it offered cyber-attackers limited incremental capabilities when it came to how they undertook some key malicious tasks. However, the emergence of agentic AI in late 2024 marks a whole new era in AI development and potentially changes the rules of the game where ransomware is concerned.
Designed to autonomously make decisions, problem solve, and act dynamically in real-time, agentic AI systems are capable of independently pursuing complex goals with limited human supervision. Context-aware, dynamic, and highly adaptable to changing environments and events, agentic AI does not rely on human guidance to determine which potential actions to take. It goes ahead and acts.
These new incremental abilities have the potential to transform how ransomware gangs overcome the technical and operational bottlenecks that, until now, have restricted their ability to launch successful attacks at scale.
The current state of play: how ransomware gangs operate
To reduce their workloads, today’s cyber threat actors will use specialist independent Initial Access Brokers (IABs) to find targets and secure a foothold in target networks. Having outsourced infiltration and paid an IAB for this access, they are able to focus on the task of identifying which assets to encrypt and the best way to deliver the malware payload and conduct the extortion.
This is not as straightforward as it sounds. It requires a lot of skill and manpower to move laterally around the network, determine the best way to pivot and get from A to B, and identify where the organization’s most valuable data is located – all without being detected.
Today, this is a highly manual process that is difficult for humans to do reliably and efficiently. Indeed, many ransomware attacks are abandoned mid execution either due to human errors or mistakes that trigger antivirus software or data detection and response tools, or because it is simply too challenging to identify a potential payload trove of high value data.
The emergence of agentic AI, however, closes the skills gap for threat actors. As well as making it easier to evade detection and launch attacks, it could also scale up the number and speed at which these attacks are executed.
Making life easier for ransomware groups
In the not too distant future, ransomware groups could be using agentic AI to boost up their ‘manpower’ and handle all the heavy lifting around identifying which assets to target and the best way to compromise these.
Whether it is identifying exploitation paths of least resistance, finding ways to circumvent firewalls and EDR tools, researching and validating what data is located where, or determining which data presents the most promising target, these agents could decide the optimal point at which to execute the attack.
In other words, agentic AI will be able to determine a target and figure out the most effective and efficient way to compromise it. Plus, it will automate every aspect of the attack execution process, independently handling all fetching and enumeration tasks as it navigates its way through the network and covers its tracks as it goes.
In addition to lowering the skills and resource bar for threat actors, agentic AI reduces the time it takes to plan and execute a highly sophisticated attack to a matter of minutes – all of which will make it difficult for security professionals to detect and shut down threats. Ransomware gangs using agentic AI will also be able to improve the effectiveness of their attacks, and will acquire the automated resources they need to conduct multiple attacks in parallel.
In summary, AI agents will make ransomware operations faster and more reliable. Requiring little or no human input, agentic AI can work in a predictable and highly efficient manner and tell ransomware gangs exactly where to focus and what to focus on.
Looking ahead: evaluating the impact
Cybercriminals have proven adept at leveraging GenAI to streamline certain aspects of the ransomware attack cycle and improve their productivity in these areas. In recent years the number of ransomware gangs using AI to hone the production of malware has grown significantly. The emergence of AI agents that can reason, plan and act autonomously is set to make ransomware attacks more scalable, more effective, and more efficient to undertake, with attack cycles reducing from weeks to near real-time.
While agentic AI promises to automate, refine, and power up how ransomware gangs compromise targets on an industrial scale, security experts also predict that autonomous AI agents are set to become a critical defense tool for cyber security teams. By delegating intrusion detection and network monitoring and analysis tasks to agentic AI, security teams can up their game when it comes to detecting and shutting down cyber threats. It should also be possible to use AI agents to simulate assets that will tempt and misdirect hackers into connecting their malware and generating an intrusion alert.
In terms of timelines, agentic AI is still under development and we are unlikely to see it being widely leveraged by ransomware gangs for a few years yet. This gives cyber security defenders ample opportunity to get one step ahead and develop the agentic AI tools and algorithms that will be needed to stop them.
Making proactive preparations
While organizations don’t need to worry about the immediate impacts from agentic AI right now, they should keep a finger on the pulse when it comes to its ongoing development and use. For security teams, keeping up with this fast evolving threat landscape depends on finding ways to integrate AI agents into their own defense techniques.
One thing is for sure: where agentic AI is concerned the race is on. It remains to be seen who will get there first – attack or defense.
We’ve compiled a list of the best online cybersecurity courses.
This article was produced as part of TechRadarPro’s Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
