AI Is Lowering the Barrier for Cyber Attacks

By Kleiner Perkins

Categories: VC, Startup

Summary

AI agents can autonomously exploit exposed credentials at scale: researchers discovered 438 compromised accounts and successfully penetrated 7 valid accounts, revealing that incomplete 2FA setup creates critical security gaps. This demonstrates how AI is democratizing sophisticated cyberattacks for non-experts.

Key Takeaways

1. AI computer use agents can enumerate external attack surfaces and exploit exposed credentials at scale—the research found 438 exposed credentials on the dark web for a single target.
2. Incomplete 2FA registration is a critical vulnerability: attackers can register a phone number to an unfinished 2FA setup, bypassing one of the strongest security controls available.
3. Dark web credential harvesting combined with login automation creates a compound attack vector—7 out of 438 exposed credentials resulted in valid account access.
4. AI agents significantly lower the technical barrier for cyberattacks, enabling non-experts to automate complex multi-step exploitation workflows that previously required specialized skills.
5. Credential exposure on public dark web sources should trigger immediate 2FA enforcement and account verification workflows—organizations need proactive monitoring of breach databases.

Topics

• AI Computer Use Agents
• Credential Stuffing Automation
• 2FA Security Gaps
• Dark Web Reconnaissance
• AI-Enabled Cyberattacks

Transcript Excerpt

one of our agents that was a computer use agent where we went to the dark web and we got exposed credentials that were on the dark web. We enumerated the external attack surface with the agent of the target. We found 438 credentials that were exposed on the dark web and then the computer use agent took over and actually used them to log in or attempt to log in. And we found seven valid accounts, one of which landed us on a two-factor authentication registration page, which we were then able to r...