AI tools are being increasingly abused to launch cyberattacks

ChatGPT, Gemini, and Claude are often the origin of advanced cyberattacks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

A growing number of cyberattacks are being launched with the help of Artificial Intelligence (AI) and Large Language Models (LLM), new research has claimed.

A report from Imperva noted between April and September 2024, its Threat Research team analyzed thousands of attacks, finding retail sites collectively experience more than 500,000 AI-powered attacks every day.

These attacks, the researchers explain, often originate fromAI toolssuch asChatGPT, or Gemini, alongside bots designed to scrape websites for LLM training data. Cybercriminals were said to be using these tools mostly in business logic abuse attacks, DDoS attacks, bad bots attacks, and API violations.

Business logic attacks

Business logic attacks

Business logic abuse was described as the most common AI-driven attack, taking up almost a third (30.7%) of all incidents. It involves abusing legitimate features of different apps and APIs to carry out cyberattacks. DDoS are a close second (30.6%), while bad bot attacks take up a fifth (20.8%). The bots are designed to scrape pricing data, run credential stuffing, as well as inventory hoarding.

“In previous years, we’ve seen security threats like Grinch bots and DDoS attacks cause major disruptions during the holiday shopping season, affecting both retailers and consumers alike. Now, with the widespread availability of generative AI tools and LLMs, retailers are contending with a new wave of sophisticated cyberthreats,” said Nanhi Singh, General Manager of Application Security at Imperva.

Singh added retail businesses need robust defenses, and a comprehensive strategy, otherwise, they are risking losing sensitive personal information, including credit card details, people’s addresses, and other account information.Identity theftand similar attacks can lead to a tarnished image, loss of business, lawsuits, and regulator fines.

More from TechRadar Pro

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

I’ve been a Firefox power user since it launched 20 years ago – here’s why it still beats Chrome and Safari