Wiz Chief Technologist Ami Luttwak on AI’s Impact on Cyberthreats

Ami Luttwak discussing how AI is transforming cyberattacks in modern cybersecurity

Big data. Information concept. 3D render

On the fast-paced terrain of cyberspace, AI is both a blessing and a curse. While AI is advancing coding practices and enhancing security, it’s also creating ways for cybercriminals to amplify their attacks. Ami Luttwak, Chief Technologist at Wiz—a cybersecurity company Google recently acquired for $32 billion—provides a broad overview of how AI is transforming cyberattacks and what organizations can do to protect their digital footprints.

The Double-Edged Sword of AI in Cybersecurity

Luttwak refers to cyberdefense as a “mind game,” noting that with every innovation, it’s back to the drawing board for both sides of the security theater. As companies adopt more AI to power their business processes—through practices like:

“Vibe coding” (training code on natural language prompts)
Deploying autonomous AI agents
Acquiring new AI-powered tools

…the attack surface grows. While these innovations increase efficiency, they also open doors to security threats. The rapid pace of AI-facilitated development often leads to shortcuts, with developers hurrying to implement features while forgetting critical security measures such as thorough code reviews and secure configurations.

Recent tests from Wiz highlighted a common problem in AI-generated applications: the insecure setup of authentication systems. Developers prioritize speed over security because they instruct the AI to build in the quickest way available—but without explicit requirements for secure implementation. This neglect generates weak points, especially in authentication processes vital for verifying users and protecting sensitive information.

AI-Powered Attacks: A Growing Threat

The offensive use of AI is becoming more direct, as attackers leverage AI to enhance their campaigns:

Using “vibe coding” to produce malware
Employing prompt-based phishing techniques
Deploying AI agents to automate exploitation

This shift represents the democratization of cyberattack capabilities, allowing even less sophisticated actors to launch effective attacks.

Notable Examples:

Drift Hack (August 2025): Hackers breached the AI chatbot startup and used stolen tokens to access clients’ Salesforce data, including that of Cloudflare and Alphabet. They leveraged AI-assisted “vibe coding” to create software using plain-language instructions.
s1ngularity Malware Attack: Targeted the Nx JavaScript build system, injecting malicious code that detected AI developer tools like Claude and Gemini. The malware autonomously searched for sensitive data and credentials, breaching thousands of developer tokens and private GitHub repositories.

Despite enterprise AI adoption being in early stages (around 1%), Wiz reports weekly attacks affecting thousands of customers, with AI embedded at every stage of the attack flow. This escalation underscores the urgency for organizations to reevaluate their cybersecurity strategies in an AI-driven world.

The Supply Chain: A Weak Link

AI integrations also introduce new vulnerabilities in the supply chain. Compromised third-party services with broad access allow attackers to pivot deeper into corporate environments. Luttwak emphasizes that organizations must:

Be vigilant about the security practices of vendors and partners
Encourage startups to build security from day one, implementing processes like SOC2 compliance early

Additionally, architecture matters. Luttwak suggests AI startups should design systems that allow customer data to remain in the customer’s environment, reducing the risk of data exfiltration and building trust with privacy-conscious clients.

The Future of Cybersecurity: Shaping a New Era of AI-Powered Security

Even with these AI-specific threats, Luttwak views this as an opportunity for cybersecurity innovation. The evolving threat landscape allows defenders to reimagine security and stay ahead of attackers. Startups developing workflow and automation tools for “vibe security” are especially valuable, as many security teams are still exploring how to leverage AI for defense effectively.

Wiz’s Proactive Measures:

Wiz Code: Safeguards the software development lifecycle by identifying and fixing vulnerabilities early
Wiz Defend: Provides real-time protection by monitoring for active attacks in cloud infrastructure

These solutions aim to make organizations “secure by design,” embedding security from the start of development.

Luttwak stresses the importance of understanding clients’ applications to deliver meaningful security solutions. Security should become an immersive part of the user experience, not just a layer added at the end. This aligns with Wiz’s mission to democratize proactive security, ensuring that critical best practices remain effective and integrated into modern development workflows.

Conclusion

As AI continues to revolutionize cybersecurity, businesses must adapt to the changing threat landscape. While AI-enabled development brings significant advantages, it also exposes new vulnerabilities that attackers are quick to exploit. By adopting a proactive, holistic cybersecurity strategy—incorporating AI-powered tools, secure development practices, and a culture of security awareness—organizations can confidently navigate the AI era while protecting their digital assets from advanced threats.

Tags :AI cybersecurity AI security threats AI-driven malware Ami Luttwak cloud security cyberattacks supply chain security vibe coding Wiz

Leave a Response Cancel reply

Prabal Raverkar

I'm Prabal Raverkar, an AI enthusiast with strong expertise in artificial intelligence and mobile app development. I founded AI Latest Byte to share the latest updates, trends, and insights in AI and emerging tech. The goal is simple — to help users stay informed, inspired, and ahead in today’s fast-moving digital world.

view all posts