May 30, 2025 - Timo Rüppell - The Sequential Kill Chain for AI-Powered Attacks
Excerpt: We’ve talked before about Mean Time To Attack, or MTTA, which has grown alarmingly short for new vulnerabilities across the cyber landscape. In this blog, we’ll dive into the “how” and “why” of this…
Summary:
In our current cyber landscape, Mean Time To Attack is shorter than ever, and all signs point to AI being involved. And in the meantime, Mean Time to Patch isn’t getting shorter…
Blog text:
AI security is a critical challenge in 2025. Developers and security experts are struggling to stay ahead of attacks that are continuing to rise in volume and complexity. We’ve seen a rapid increase in the number of breaches and new kinds of attacks, such as indirect prompt injection. Many researchers believe that AI is partially responsible for attacks growing and advancing at such a rapid rate. Mean Time To Attack, or MMTA, is the time it takes for a new vulnerability to be exploited in the wild. In recent years, we’ve seen this number decrease dramatically to only 22 minutes. On the other hand, the Mean Time To Patch, or MTTP, is still extremely long, sitting around 50 to 160 days, which is more than enough time for attackers and bad actors to exploit the vulnerabilities repeatedly and even find more weak spots. Pictured below is the Sequential Kill Chain for AI-Powered attacks. The early stages of the kill chain- Recon, Weaponize, and Deliver, to Exploit- are occurring at a rate that seems too fast to not be automated in a lot of cases. If hackers had to do each step manually- reconnaissance into APIs or web apps looking for vulnerabilities, figuring out how to exploit them, then building and deploying the code, delivering these attacks until one of them is successful- it would take a lot longer than 22 minutes, even with the most experienced threat actors. And we already know this is possible from cases like when researchers got ChatGPT 4 to exploit one-day vulnerabilities. They tested this method across 15 different sites, container management software, and Python packages. Their findings were shocking. ChatGPT was able to correctly exploit one-day vulnerabilities 87% of the time. (IBM)
So what does this mean?
Developers and security teams need to work together and stay vigilant and aware of the risks. Since vulnerabilities are being exploited so rapidly, they need to be addressed proactively and the best way to do this is to employ the principles of “secure by design.” “Secure by design,” is effectively the process of eliminating vulnerabilities as you build. There are multiple types of ways to employ “secure by design,” including code analysis and continuous security testing throughout every stage of development. Now more than ever, security needs to be a top concern from code to cloud. We’ve talked before about how secure by design is the best way to enforce security postures before platforms even go live in their environment. But with MTTA sitting so incredibly low, and MTTP remaining high, this construct is even more critical. And unfortunately, it seems like this problem is going to get worse before it gets better. Based on the data, the industry behavior around patching has been consistent for the past two decades. Quite simply, vulnerabilities are not taken seriously enough. There also may be a need down the line for automated deployments that can fix a vulnerability and deploy the patch within minutes, instead of months. One of the best ways to do this is to rely heavily on infrastructure as code, with fully automated pipelines. Once a vulnerability is identified, push the patch in code, and initiate a build and deploy automation. This is the same for both AI security and API security. APIs power the different platforms that provide data to LLMs, so without APIs, there is no AI. Therefore: AI security is API security. And as with vulnerability exploit mitigation, the best way to fix an API is in the security of its design. Analyzing the design for security weaknesses with automated testing during the design and build phase, coupled with automated updates when issues are fixed, leads to the best and most consistent security outcomes.
Takeaways
We are seeing a rapid surge of attacks powered by AI. AI can automate steps of the sequential kill chain, as we’ve already seen with OpenAI, making it much simpler to find, analyse, and exploit vulnerabilities in real-time. For this reason, researchers suspect AI is responsible for the decrease in Mean Time To Attack of vulnerabilities. On the other hand, Mean Time to Patch remains high for vulnerabilities across the board, leaving them open to attack for prolonged periods of time. The only solution is for developers and security teams to stay vigilant by employing practices such as “secure by design,” continuously testing APIs, and patching vulnerabilities proactively, so attackers won’t even have the 22 minutes they need to find and target the weaknesses. Looking for ways to simplify your team’s AI security posture? FireTail can help. Set up a demo or start your free trial today.
The post The Sequential Kill Chain for AI – FireTail Blog appeared first on Security Boulevard.