ai - AlphaHunt Newsletter

ai

Dark LLMs: When Your AI Traffic Is C2

Your “normal” AI traffic can be stealth C2 now. Dark LLMs are writing per-host pwsh one-liners, self-rewriting droppers, and hiding in model APIs you approved. If you’re not policing AI egress, you’re not doing detection. 😬🤖

forecasts

AI Agents as Regulated C2: Will Anyone Be Forced to Act?

AI just ran most of an espionage op, and regulators are still in “interesting case study” mode. 😏 We’re forecasting: 55% odds that by 2026, someone will force signed AI connectors + agent logs by default.

ai

Your AI Agents Are the New C2 — Lock Down Identity & Connectors

Anthropic just showed what happens when your “helpful” AI agents become C2: 80–90% of an espionage op automated, humans just clicking approve. Lock down identity + connectors or you’re renting your SaaS to someone else’s botnet. 🤖🚨

weekly

SIGNALS WEEKLY: The Quiet Shift- When Intrusions Start Thinking for Themselves

A Chinese crew let a jailbroken AI run most of the intrusion while FortiWeb + Firebox burn in KEV and a contractor leak drops the playbook.

unc3886

Vishing Meets Cloud: UNC6040’s Abuse of Salesforce Connected Apps for Stealthy Data Exfiltration

UNC6040 is a financially motivated threat actor specializing in voice phishing (vishing) campaigns that abuse Salesforce Data Loader connected apps to gain unauthorized access and exfiltrate sensitive data. This novel attack vector leverages social engineering via telephone impersonation of...

phishing

AI-Driven Voice Deepfake Defense: Integrating Detection and Watermarking into Healthcare SIEM and SOC Workflows

Healthcare organizations with SIEM deployments and immature SOCs face escalating risks from AI-driven vishing attacks leveraging voice deepfakes. This analysis outlines a pragmatic, phased approach for integrating AI-based voice deepfake detection and audio watermarking..

m-trends

AI-Driven Cyber Threats, Ransomware Evolution, and Supply Chain Security: We (try to) PREDICT what's coming in Mandiant's 2025 M-Trends Report

I take a SPECULATIVE deep dive into what I think might be in the 2025 Mandiant M-TRENDS report.

podcast

Whack-A-RAT: We're talking AlphaHunt on the Breaking Badness Cybersecurity Podcast

We talk about #SilverFox, DomainTools, The Vertex Project, MISP Project (@misp@misp-community.org ), #AlphaHunt, Intelligence Graphs, #AI, #IOCs, the REN-ISAC, #TTPs and more! 🛡️ We're on a mission to help enable the next generation of intelligence analysts.. If that's you, or even if you're a

ai

AI-Enabled Cybersecurity: A Game Changer in Detecting and Responding to Advanced Persistent Threats

The effectiveness of AI-enabled cybersecurity services in detecting and responding to advanced persistent threats (APTs) is a critical area of focus for organizations aiming to bolster their defenses against sophisticated cyber-attacks.

threat-actors

Evolution of Threat Actors in 2024 and Predictions for 2025

Threat actors increasingly leveraged advanced technologies such as artificial intelligence (AI) and machine learning to enhance their attacks.

ai

Evaluating Artificial Intelligence in Modern Cyber Attacks: Practical Insights and Defense Strategies

While AI technologies like machine learning are indeed being incorporated into certain cyber attack methodologies, their impact is more nuanced than often portrayed.