PRESENTED BY
Cyber AI Chronicle
By Simon Ganiere · 12th August 2025
Welcome back!
📓 Editor's Note
This week was busy in the cyber world. The traditional Black Hat and DEF CON conferences were in full swing. Unsurprisingly, AI was part of the show! The usual debate of AI for good vs. AI for bad was definitely present. A couple of key items:
Cisco released their Foundation-sec-8B-Instruct (Hugging Face page) Based on Llama-3.1, the model is trained exclusively on security data. It is therefore ideal for key tasks such as SOC, intelligence, and extraction of TTPs, among others. It's definitely something to try!
There are quite a few reports and news items related to AI misuse by threat actors. The Crowdstrike Threat Hunting report is an interesting one with some great facts and numbers:
a 442% growth in fishing operations between the first and second halves of 2024. I talked about this a lot, as deepfake (voice and video) technology is super easy for threat actors to misuse.
The infamous North Korean group is using generative AI to support the creation of identities and deepfake interviews.
WIZ focused on NVIDIA and the exploitation of vulnerabilities in their software/hardware stack, which basically gives the "key to the kingdom." (as most of the AI applications are running with NVIDIA components. More information on their talk is available here and more information about the vulnerability here. Wiz also released a tool to generate with AI misconfigured Dockerfile and Docker compose manifest. Sounds a bit strange but this is perfect for honeypots and testing detection rules. More details here.
Overall, this is very much aligned with what we have seen in the recent past: neither the defense nor the attack can escape AI. The adoption on both sides is progressing, albeit at different speeds (attacks have the edge, in my opinion—at least for now), and this means that cybersecurity professionals need to be at the forefront to understand both the defensive and offensive sides of AI.