Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Adversaries Hijacked AI Security Tools at 90+ Organizations, Escalating Threat to Rewrite Firewalls

More than 90 organizations fell victim to sophisticated cyber attacks in 2025, with adversaries injecting malicious prompts into legitimate AI security tools to steal credentials and cryptocurrency. The compromised tools, which were designed to read data, were unable to rewrite firewall rules. However, this vulnerability has now been escalated by the introduction of autonomous Security Operations Center (SOC) agents that can rewrite infrastructure, including firewall rules, modify Identity and Access Management (IAM) policies, and quarantine endpoints.

Background & Context

The use of AI security tools has become increasingly prevalent in recent years, with many organizations relying on these tools to detect and respond to cyber threats. However, as the use of AI accelerates, so too does the potential for exploitation by adversaries. The recent 2026 Global Threat Report from CrowdStrike highlights the surge in state-sponsored use of AI in offensive operations, with a 89% increase over the prior year. This trend is concerning, as it suggests that adversaries are becoming increasingly sophisticated in their use of AI to launch attacks.

Impact on Swiss SMEs & Finance

The escalation of the threat from compromised AI security tools to autonomous SOC agents that can rewrite infrastructure has significant implications for Swiss SMEs and the finance sector. With the ability to rewrite firewall rules and modify IAM policies, adversaries can gain unfettered access to an organization's network and sensitive data. This could have catastrophic consequences for businesses, including financial losses, reputational damage, and even business failure. As a result, it is essential that organizations prioritize the security of their AI security tools and implement robust governance and controls to prevent exploitation.

What to Watch

The introduction of autonomous SOC agents that can rewrite infrastructure marks a significant escalation of the threat landscape. As these agents become more widespread, it is likely that we will see an increase in attacks that exploit their capabilities. Organizations should be on high alert for any signs of compromise, including unauthorized changes to firewall rules or IAM policies. Additionally, they should prioritize the implementation of robust governance and controls to prevent exploitation, including regular security audits and penetration testing.

Source

Original Article: Adversaries hijacked AI security tools at 90+ organizations. The next wave has write access to the firewall

Published: April 21, 2026

Author: louiswcolumbus@gmail.com (Louis Columbus)

---

Disclaimer: This article is for informational purposes only and does not constitute financial advice. Consult a licensed financial advisor before making investment decisions.