How AI is Accelerating Identity-Based Threats

A recent AWS attack serves as a stark reminder: AI is the new force-multiplier for cybercrime, giving threat actors the velocity they need to outpace legacy security. Threat actors are using AI to compress attack timelines and amplify operational, financial, and reputational risk. Attacks that once spanned days now only take minutes, outpacing the capabilities of legacy tools.

AI-Accelerated Credential Exposure

In this particular incident, the attackers stole exposed credentials from a public S3 bucket to gain access to the organization’s cloud environment, according to Sysdig.

Public cloud storage remains a gold mine for adversaries: easy to create, difficult to audit at scale, and often misconfigured (left public, like in this incident) or forgotten. The affected S3 buckets were named using generic AI nomenclature, making them easy targets during reconnaissance. Predictable naming conventions combined with missing access controls yield searchable entry points for attackers.Once attackers gained access using the stolen credentials, AI acted as both the architect and the accelerator. Within eight minutes, the threat actor achieved administrative status. Large language models (LLMs) automated lateral movement, generated privilege escalation code, and systematically hunted cross-account permissions, attempting to access every account in the organization.

AI as a High-Value Target

As AI becomes central to organizational operations, it’s no longer just a tool that enables attacks — it’s also a high-value target in its own right. Proprietary models, training datasets, and GPU compute capacity have direct business value.

Organizations invest millions in AI capabilities, inadvertently creating assets that attackers can monetize, ransom, or repurpose. In this incident, the threat actor abused managed AI services and provisioned GPU resources, indicating that AI infrastructure itself was part of the objective. This dual role of AI — as both an attack enabler and a ‘crown jewel’ — underscores the need for protection that considers AI’s speed, potential impact, and value.

The Integration of Basic Hygiene and Behavioral Monitoring

Guarding against AI-powered threats while protecting AI resources begins with the fundamentals: Basic cyber hygiene.

Properly configuring access controls, enforcing least-privilege policies, and auditing cloud storage reduce exposure to compromised credentials and misconfigurations.

That said, even the most advanced defenses can’t compensate for poor hygiene — in this case, proper security practices could have prevented attackers’ initial foothold. Nonetheless, because no team or system is perfect, attackers will inevitably gain access. Credentials will be compromised, misconfigurations will occur, and attackers will operate at machine speed. Continuous monitoring fills this gap, enabling defenders to detect anomalous lateral movement and privilege escalation in real time, even when attackers authenticate legitimately.

Network-derived identity signals provide clarity into how accounts are actually being used. When an account that normally accesses databases during business hours suddenly attempts cross-account role assumptions at 3 AM, that deviation signals a potential compromise.

Activity-based monitoring supports both detection and investigation, helping teams piece together the full story — where the account went, what it did, and what it touched — bridging the gap between initial access and privilege escalation.

Preparing for AI Exploitation & Securing AI Assets

Fast-moving AI attacks and the growing value of AI infrastructure demand security that protects both access and assets. An integrated approach — combining preventative hygiene, behavioral monitoring, and real-time identity detection — addresses the entry points attackers exploit, the speed at which attackers operate, and the risks to valuable AI resources.

Learn how organizations are evolving detection and monitoring capabilities to safeguard AI resources and contain risk before it spreads.