Sleuthcon Keynote - How Cybercriminals (ab)use AI

Transcript

1. ANOTHER AI TALK BUT WE NEED TO TALK ABOUT HOW

   CYBERCRIMINALS ACTUALLY (AB)USE AI. Thomas Roccia / SecurityBreak.io ANOTHER AI TALK

2. Thomas Roccia Founder SecurityBreak Prev: Microsoft, McAfee Labs... www.SecurityBreak.io Haters

   will say AI

3. How attackers really use AI Why you should care What

   you can do against How we can shape the industry AGENDA SecurityBreak.io

4. SecurityBreak.io

5. CAPABILITY 2021 (MANUAL) 2026 (AI/llm) MALWARE Skilled coders required LLMs

   generate scripts & payloads PHISHING Manual personalization AI automates lures at scale IMPERSONATION Text-based BEC & email fraud; low-fidelity Deepfake voice/video from 3 sec audio. And BEC As A Service RECON Manual scanning & social media scraping AI agents auto-map orgs, correlate leaks instantly VULNS Fuzzing & RE AI finds exploit almost autonomously; help to generate PoC exploits EXTORTION Ransomware AI-driven disruption; AI ransom notes boost payment rates + Vibe coded ransom leak “UNDERGROUND” AI SecurityBreak.io

6. Leak an AWS key on GitHub. Within minutes, it is

   tested against Bedrock. Within hours, it is behind a public reverse-proxy reselling uncensored Claude to other criminals... billed to you! LLMJACKING: WHEN ATTACKERS STEAL YOUR AI BILL SecurityBreak.io https://permiso.io/blog/exploiting-hosted-models

7. AI SEO POISONING SecurityBreak.io Creating crafted fake support page from

   offical chat gpt https://www.huntress.com/blog/amos-stealer-chatgpt-grok-ai-trust

8. EVILTOKENS BEC AS A SERVICE SecurityBreak.io Role prompting including templating

   "${tokenObj.email}" and report guidelines Custom scoring to identify if a target is interesting Identification of exploitable payment flow Email thread that could be hijacked including attack scenario suggestion. Identify flaws in payment processes. Potential target user and their payment authority Generation of multiple attack scenario based on previous context gathering https://blog.sekoia.io/eviltokens-an-ai-augmented-phishing-as-a-service-for-automating-bec-fraud-part-2/

9. Attackers get access to repos They publish backdoored package (npm/pypi)

   Developer / CI runs `install` Install scripts run automatically Payload steals secrets Secrets are sent to attackers Attacker uses stolen creds to publish more backdoored packages More victims install packages → worm spreads through ecosystem Attackers watch projects used by AI developpers SHAI-HULUD SecurityBreak.io https://opensourcemalware.com

10. 1. Fake AI Packages Published to npm, PyPI, Crates.io 22-package

    of fake security Web3 tooling 2. Poison AI Assistants Plants .cursorrules & CLAUDE.md on dev machines to trick AI into running fake "security scans" 3. PRs to AI Repos Injects poisoned configs via open- source contributions to LangChain, Langflow, etc. We use AI coding agents, we ship faster with less review, and attackers know it. EXPLOITING THE AI ECOSYSTEM SecurityBreak.io Attacker Exfiltrate creds: API Key, SSH, token, Crypto Wallets

11. MALWARE POWERED LLM PromptLock PromptFlux QuietVault 8eea1f65e468b515020e3e2854805f1ef5c611342fa23c4b31d8ed3374286a90 eb0687daed29f3651c61b0a2aa4a0cdcf2049a1ebae2e15e2dd9326471d318a1 e24fe0dd0bf8d3943d9c4282f172746af6b0787539b371e6626bdb86605ccd70

12. In January 2026, OpenClaw emerged as a general agent Its

    ClawHub marketplace grew from 5,700 skills in February to 44,000+ by April. Attackers flooded ClawHub with malicious skills dowloading payloads to harvest credentials THE PUBLIC SKILLS MESS SecurityBreak.io

13. Moltbook is a the reddit of agents Attackers prompt injected

    posts read by agents to exploit them PROMPTINJECTION VIA MOLTBOOK SecurityBreak.io https://promptintel.novahunting.ai/molt/78ea6b8f-2050-4fc7-b305-91f343b2c92c

14. MEXICAN GOVERNMENT BREACH SecurityBreak.io https://cdn.prod.website-files.com/69944dd945f20ca4a27a7c47/69d8bb5aea59e31efb3b8a7f_Tech_Report_ai_breach_mex_gov.pdf

15. Prompts are everywhere in modern AI. And that is exactly

    why they are now the attack surface! SecurityBreak.io

16. INDICATOR OF PROMPT COMPROMISE (IOPC) SecurityBreak.io IoPCs are patterns or

    artifacts within prompts that indicate potential exploitation, abuse, or misuse of the model. IoPCs facilitate the identification of attacks on AI models and the exploitation of their functionalities for adversarial purposes. Prompt manipulation Abusing legitimate functions Reused or suspicious prompt patterns Abnormal or unexpected model outputs Prompt manipulation, injection attacks, adversarial tokens, and jailbreak attempts. Influence ops, malware, sensitive data extraction, misinformation, social engineering. Prompts that show consistent formatting, repeated phrases, or recurring structures across multiple instances. Potentially revealing hidden exploitation attempts or harmful activities.

17. NOVA HUNTING SecurityBreak.io The Rule Name specif ies the title

    of your NOVA rule. Meta refers to the section that outlines the metadata associated with your rule. Keywords def ine a strict matching with strings or regex Semantics detects prompts with similar meaning or intent LLM detects deeper intent using model- based understanding of the prompt. Condition def ines the logic that triggers the rule based on matched patterns. www.novahunting.ai

18. PROMPTINTEL SecurityBreak.io https://promptintel.novahunting.ai

19. HOW THE COMMUNITY LEVERAGES NOVA SecurityBreak.io Nova Hunting Nova Hunting

    Nova Hunting Nova Hunting AI THREAT HUNTING FOR ADVERSARIAL PROMPTS AND AGENTIC WORKFLOWS AI THREAT HUNTING FOR ADVERSARIAL PROMPTS AND AGENTIC WORKFLOWS AI THREAT HUNTING FOR ADVERSARIAL PROMPTS AND AGENTIC WORKFLOWS AI THREAT HUNTING FOR ADVERSARIAL PROMPTS AND AGENTIC WORKFLOWS Sandyclaw, skills hunting https://sandyclaw.permiso.io/ Skill-Veil https://github.com/seifreed/skill-veil Nova Rule Agent Skills https://github.com/marcopedrinazzi/ nova-rules-helper Threatfeeds to Nova https://github.com/xampla/threatfee ds-to-nova Carapace https://github.com/xampla/carapace DetectionStream https://detectionstream.com/nova Nova to STIX https://www.dogesec.com/blog/mod elling_nova_rules_structured_cti/ www.novahunting.ai

20. AI accelerates defenders and attackers Attackers exploit agents, MCPs, SKILLs,

    plugins... Code is deployed and created faster than they are reviewed Supply chain is no longer just code. It is agents, tools, prompts, and data TAKE AWAY SecurityBreak.io

21. THANK YOU contact at SecurityBreak.io Are you deploying AI systems

    and need visibility and monitoring? Reach out!