Español
Ami Luttwak, chief technologist at cybersecurity firm Wiz, recently shared insights with TechCrunch on how artificial intelligence (AI) is reshaping the cybersecurity landscape. “Cybersecurity is ultimately a mind game,” Luttwak explained. “Whenever a new technology emerges, it presents attackers with new opportunities.”
As businesses rapidly integrate AI into workflows—through vibe coding, AI agents, or other tools—the overall attack surface expands. While AI helps developers deliver code faster, this speed often introduces mistakes and insecure shortcuts, which can be exploited by attackers.
Wiz, acquired by Google earlier this year for $32 billion, observed that many AI-assisted applications show insecure authentication implementations. “Developers often leave security gaps because AI coding agents do exactly what they are told,” Luttwak noted.
Attackers are also leveraging AI. They use vibe coding, prompt-based instructions, and AI agents to exploit vulnerabilities. Luttwak highlighted that attackers can even manipulate AI tools inside organizations to access sensitive data, delete files, or bypass security controls.
Supply Chain Risks Amplified by AI
New AI tools deployed internally may inadvertently create supply chain vulnerabilities. For example, in a recent incident at Drift, attackers exploited AI chatbots to access Salesforce data of major enterprise clients including Cloudflare, Palo Alto Networks, and Google. Using tokens to impersonate the chatbot, attackers queried data and moved laterally across corporate environments.
Another major example is the “s1ingularity” attack on Nx, a JavaScript build system. Malware detected AI developer tools like Claude and Gemini, hijacking them to scan systems autonomously and exfiltrate sensitive data, including thousands of developer tokens and private GitHub repositories.
The Need for Security by Design
Luttwak emphasizes that AI adoption in enterprises is still low, yet attacks are already occurring weekly. To address this, Wiz has developed solutions such as:
- Wiz Code: Secures the software development lifecycle by identifying vulnerabilities early, promoting a “secure by design” approach.
- Wiz Defend: Provides runtime protection to detect and respond to threats in cloud environments.
Startups and enterprises alike must adopt security from day one. Luttwak stresses the importance of having a CISO from the start, planning security architecture, access control, authentication, and audit processes before any code is written. This approach prevents “security debt” and ensures readiness for enterprise clients.
Opportunities for Cybersecurity Innovation
The democratization of AI creates opportunities for both attackers and defenders. Startups focusing on phishing protection, malware defense, endpoint security, workflow automation, and “vibe security” have fertile ground for innovation. Many security teams still don’t know how to use AI to defend against AI, making this a critical moment for advancement.
“The game is wide open,” Luttwak concluded. “Every area of security now faces new attacks, which means we must rethink every part of cybersecurity.”
