Dutch cyber officials warn AI accelerating discovery of software vulnerabilities

Dutch cybersecurity officials and experts warned Friday that artificial intelligence is dramatically accelerating the discovery of vulnerabilities in computer systems, raising fears that cybercriminals could soon weaponize the technology on a wider scale.

Speaking to Dutch broadcaster NOS, Matthijs van Amelsfort, director of the Dutch National Cyber Security Centre (NCSC), said AI-powered systems can identify security flaws far faster than humans.

“In the past, it took days before an attacker exploited a vulnerability; now it is hours,” Van Amelsfort said. “That will become minutes.”

Cybersecurity experts say AI tools are now capable of uncovering software flaws that may have gone unnoticed for years.

According to NOS, cybersecurity professionals gathered this week to discuss growing risks posed by AI-assisted hacking.

“There is no panic, but it is certainly urgent,” said Dimitri van Zandvliet, chairman of the CISO Platform, a Dutch association for chief information security officers.

“This development means that vulnerabilities are being found in systems that are already twenty years old. We need to accelerate so that we fix those errors before they are exploited,” he added.

Cybersecurity company Hadrian demonstrated how low-cost AI tools can be used to identify vulnerabilities in government systems.

Rogier Fischer, a hacker working for the company, said he used an AI system to analyze the code of a government website and identify a flaw allowing access to restricted files.

“Here you can literally see the passwords,” Fischer said while demonstrating the exploit.

He said the attack was carried out using a low-cost AI program developed by OpenAI, the company behind ChatGPT, at a total cost of around €10 ($11).

Another cybersecurity company, AISLE, said it has identified more than 200 software vulnerabilities using various AI systems since September.

Jaya Baloo said even older and cheaper AI systems were capable of detecting serious flaws.

“The story was that AI was ‘suddenly’ very good at finding vulnerabilities,” Baloo said. “But we could find those same flaws with older AI systems. So why ‘suddenly’? We’ve been doing this for months.”

Experts warned that while defenders may currently hold an advantage, cybercriminals are likely to adopt the same technologies.

“Technology is often used by people with bad intentions after a few months,” Van Amelsfort said, warning that countries such as the Netherlands, with highly digitalized infrastructure, remain vulnerable to cyberattacks.

“We have already experienced ports shutting down or our data being stolen,” he said. “Attackers and defenders will continue to battle each other, also with this AI development. We really have to make sure our defense is in order.”