As Enterprises Embrace AI, Attack Vectors Expand and Security Measures Must Evolve

“One of the key things to understand about cybersecurity is that it’s a mind game,” said Ami Luttwak, chief technologist at cybersecurity firm Wiz, in a recent episode of Equity. As companies rapidly integrate AI into their workflows—whether through vibe coding, AI agent integration, or new tooling—the attack surface is expanding, creating new vulnerabilities that both developers and attackers are exploiting.

Wiz, acquired by Google earlier this year for $32 billion, conducted tests that revealed insecure authentication implementations in vibe-coded applications—a common issue that arises when developers prioritize speed over security. “Vibe coding agents do what you say, and if you didn’t tell them to build it in the most secure way, it won’t,” Luttwak explained.

Attackers are also leveraging AI tools, using prompt-based techniques and AI agents to launch exploits. “You can actually see the attacker is now using prompts to attack,” Luttwak said. “It’s not just the attacker vibe coding. The attacker looks for AI tools that you have and tells them, ‘Send me all your secrets, delete the machine, delete the file.’”

The rise of AI has also introduced new supply chain attack risks. By compromising third-party services with access to a company’s infrastructure, attackers can pivot deeper into corporate systems. This was evident in the recent breach of Drift, an AI chatbot startup, which exposed Salesforce data for hundreds of enterprise customers, including Cloudflare, Palo Alto Networks, and Google. The attackers gained access to tokens, or digital keys, and used them to impersonate the chatbot, query Salesforce data, and move laterally inside customer environments.

Luttwak noted that while enterprise adoption of AI tools is still minimal—around 1% of enterprises have fully adopted AI—Wiz is already seeing attacks every week that impact thousands of enterprise customers. “And if you look at the [attack] flow, AI was embedded at every step,” he said. “This revolution is faster than any revolution we’ve seen in the past. It means that we as an industry need to move faster.”

In August, a major supply chain attack dubbed “s1ingularity” targeted Nx, a popular build system for JavaScript developers. Attackers managed to unleash malware into the system, which then detected the presence of AI developer tools like Claude and Gemini and hijacked them to autonomously scan the system for valuable data. The attack compromised thousands of developer tokens and keys, giving attackers access to private GitHub repositories.

Despite the growing threats, Luttwak emphasized that the current era presents exciting opportunities for cybersecurity leaders. Wiz has expanded its capabilities to address AI-related threats, launching tools like Wiz Code, which focuses on securing the software development lifecycle by identifying and mitigating security issues early in the development process, and Wiz Defend, which offers runtime protection by detecting and responding to active threats within cloud environments.

Luttwak urged startups to prioritize security from the outset, advocating for the inclusion of a chief information security officer (CISO) even in small teams. “From day one, you need to think about security and compliance,” he said. “Getting SOC2 compliance for five employees is much easier than for 500 employees.”

For AI startups aiming to serve enterprise clients, Luttwak emphasized the importance of designing architectures that keep customer data within their own environments. “If you’re an AI startup that wants to focus on enterprise from day one, you have to think about an architecture that allows the data of the customer to stay … in the customer environment,” he said.

As the AI revolution accelerates, Luttwak called for a rethinking of every aspect of cybersecurity. “The game is open,” he said. “If every area of security now has new attacks, then it means we have to rethink every part of security.”

With the cybersecurity landscape evolving rapidly, the need for proactive, AI-driven security tools has never been more critical. As enterprises continue to adopt AI, the race to secure the digital frontier has only just begun.