[Caice-csse] AI & Cybersecurity: use of agentic AI to design, develop & implement a phishing attack

[N Narayanan]

A very interesting piece of work from Symantec:

Open AI's Operator agent upon prompting discovered a Symantec employee's email address via deduction based on other company emails that were public (as the target employee's email wasn't publicly available online), and drafted a malware PowerShell script. Once it had established the email address, it drafted the PowerShell script. It opted to find and install a text editor plugin for Google drive. Interestingly, Operator visited several web pages about PowerShell prior to creating the script, seemingly to get some guidance on how it could be done. Finally, the agent generated a reasonably convincing email urging the employee to run the script, attached the script to said email, and sent the email without requiring any proof of authorization.

News article - https://www.darkreading.com/threat-intelligence/openai-operator-agent-proof-concept-phishing-attack<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.darkreading.com%2Fthreat-intelligence%2Fopenai-operator-agent-proof-concept-phishing-attack&data=05%7C02%7Ccaice-csse%40eng.auburn.edu%7C412a052787b6447e47f208dd62ee8122%7Cccb6deedbd294b388979d72780f62d3b%7C0%7C0%7C638775498769253921%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=0YOBo3CUurEc4MmBNbe%2B3XPnOIZB0pwwo24WntMrSc4%3D&reserved=0>
Symantec blog post - https://www.security.com/threat-intelligence/ai-agent-attacks<https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.security.com%2Fthreat-intelligence%2Fai-agent-attacks&data=05%7C02%7Ccaice-csse%40eng.auburn.edu%7C412a052787b6447e47f208dd62ee8122%7Cccb6deedbd294b388979d72780f62d3b%7C0%7C0%7C638775498769269955%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=u9VhLByxpQvGlh8a9IOJRA3tF3yHaXRZrm51sBFAWbs%3D&reserved=0>


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.eng.auburn.edu/pipermail/caice-csse/attachments/20250314/ebc76f8b/attachment.htm>