Artificial intelligence is accelerating cyber threats, but the approach to defending against them has not changed, a senior FBI official told attendees at a Billington Cybersecurity conference on Tuesday.
What happened
FBI Cyber Division Deputy Assistant Director Jason Bilnoski warned that both criminal and nation-state actors are actively leveraging AI in their attacks but stressed that the core structure of cyberattacks remains unchanged. Bilnoski said attacks still follow basic steps, AI simply enables them to unfold faster.
He pointed to the FBI's Operation Winter SHIELD media campaign as a model for the traditional defensive measures organizations should be implementing. CISA Acting Director Nick Andersen echoed this message at the same conference, citing the agency's recent binding operational directive requiring federal agencies to eliminate unsupported edge devices as an example of shoring up foundational vulnerabilities.
Going deeper
Attackers are increasingly using stolen or compromised credentials to move through networks undetected, mimicking legitimate user behavior rather than deploying malware that could trigger alerts. This approach makes detection harder because defenders are now hunting for legitimate-looking traffic rather than obvious malicious code.
Bilnoski described this shift as identity is the new perimeter. Organizations can no longer rely on detecting intrusion at the network boundary, they must assume adversaries are already inside and actively hunt for lateral movement using valid credentials.
What was said
FBI Deputy Assistant Director Jason Bilnoski, speaking at the Billington Cybersecurity conference said, "We have seen actors both criminal and nation-state, they're absolutely using AI to their advantage. But the way attacks unfold have not changed. Cyberattacks still follow basic steps. It just becomes an incredible speed now."
Bilnoski further advised, "Don't worry about the speed and capability of AI attacks. If you're focused on the basics, it'll help prevent the actual intrusion from occurring."
In the know
Tactics, Techniques and Procedures (TTPs) is the term used in cybersecurity to describe the specific behaviors, methods, and patterns that threat actors use to conduct attacks. Traditional TTPs have historically been easier for security teams to detect. The shift Bilnoski describes, where attackers use legitimate credentials instead, is part of a broader trend sometimes called "living off the land," where adversaries exploit trusted tools and identities already present in an environment rather than introducing foreign code.
Why it matters
Electronic health records, patient portals, and billing systems all require authenticated access, meaning that once an attacker obtains valid credentials, they can move through an organization's network while appearing entirely legitimate. Standard perimeter defenses and malware detection tools will not catch this.
For HIPAA covered entities, a breach resulting from compromised credentials can trigger the same regulatory consequences as any other attack regardless of whether traditional malware was involved. The FBI's warning that "identity is the new perimeter" is a direct challenge to healthcare organizations that may still be relying on legacy detection approaches.
The bottom line
Both the FBI and CISA are sending a message that organizations that have not locked down the basics are already behind. For healthcare entities, that means prioritizing HIPAA compliant solutions, eliminating unsupported devices, and shifting security monitoring to actively hunt for lateral movement inside the network.
FAQs
How are cybercriminals using artificial intelligence in attacks?
Artificial intelligence is being used to automate tasks such as phishing, vulnerability discovery, and credential exploitation, allowing attackers to operate faster.
What industries are most likely to be targeted by AI-enabled cyberattacks?
Sectors that store sensitive data, such as healthcare, finance, and government.
Can artificial intelligence also help organizations defend against cyber threats?
Yes, organizations can use AI-powered security tools to analyze network activity, detect anomalies, and respond to threats more quickly.
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
.svg)
