CSA warns frontier AI cuts exploit time from months to hours

In an advisory, it flagged faster exploit creation using frontier AI models, with risks to enterprise cyber defence.

The Cyber Security Agency (CSA) highlighted cybersecurity risks from frontier artificial intelligence (AI) models, which can reduce the time needed to find software vulnerabilities and develop exploits from months to hours, according to an advisory issued on 15 April.

CSA said these AI systems can analyse large codebases, identify security weaknesses, and speed up vulnerability discovery, which increases both defensive and offensive cyber capabilities.

The agency said there are no signs of active misuse, but noted that the same capabilities could be used by bad actors to carry out cyberattacks faster and at greater scale.

CSA outlined steps for organisations to reduce risk including patching high-risk vulnerabilities on internet-facing systems, using multi-factor authentication for admin access, and isolating development and testing environments.

It also advised firms to strengthen cloud security settings, apply least-privilege access controls, and ensure denial-of-service protection is enabled for exposed systems.

Longer-term measures include improving network segmentation, strengthening supply chain security, speeding up patch management, and increasing monitoring of possible attack routes.

CSA said organisations should strengthen basic cyber hygiene and security controls as AI-driven risks continue to evolve.