Back to News
Artificial Intelligence

AI-Powered Cyber Attacks Expose Critical Limits of Legacy Behavioral Analytics

CyberSecurityWaala 1 week ago Mar 20, 2026
AI-Powered Cyber Attacks Expose Critical Limits of Legacy Behavioral Analytics

Artificial intelligence is making cyberattacks faster, cheaper, and harder to spot. In a new analysis, Keeper Security says attackers are now using AI to write more convincing phishing emails, mimic trusted voices with deepfakes, and generate malware that changes shape to dodge old defenses.

The core problem is simple. Many security tools were built to catch threats that look obviously suspicious. AI-driven attacks are designed to look normal. That means a system that relies only on rules, alerts, or known bad signatures can miss the attack until damage is already done.

According to Keeper Security, this shift is especially important for identity security. Attackers no longer need to break in with flashy malware every time. They can use stolen credentials, blend in with ordinary user behavior, and move slowly enough to avoid lockout thresholds or obvious warning signs.

How AI Changes Attacks

One of the biggest changes is in phishing. Traditional phishing often uses generic messages that are easier to flag. AI can help criminals create personalized emails at scale using public information. Those messages can copy the tone of an executive, refer to real events, and press victims into acting quickly. The result is a higher chance of credential theft and financial fraud.

AI is also improving credential abuse. Keeper Security says attackers can automate login attempts in ways that look human, including realistic timing between tries and targeting accounts based on context. Because the credentials may be valid, the activity can appear legitimate at first glance. That makes identity security more important than ever.

Malware is changing too. AI can help attackers generate new variants more quickly and adapt code to the environment it lands in. Instead of manually rewriting malware signatures, criminals can produce versions that mutate on the fly. This is a major challenge for signature-based detection, which depends on recognizing known malicious code.

Why Behavioral Analytics Matters

That is why behavioral analytics is now taking center stage. But Keeper Security says even behavioral monitoring must evolve. Older systems often focus on fixed thresholds, such as how many times someone logs in or where they log in from. AI-enabled attackers can stay within those limits by acting gradually and copying normal patterns over time.

Perimeter-based security also has a weakness. If a criminal logs in with valid credentials, traditional systems may treat them like a trusted user. Once inside, they can work through approved workflows, use assigned permissions, and avoid standing out. As Keeper Security puts it, the danger is not just what an attacker does in one moment. It is how that activity looks when viewed across time, identity, device, and session context.

To counter that, modern behavioral analytics needs to move beyond simple alerts and toward dynamic risk modeling. That means continuously comparing current activity with a user’s normal behavior, then weighing subtle changes in real time. It also means watching more than just one layer of the environment.

Keeper Security says visibility has to cover the full stack, including privileged access, cloud infrastructure, endpoints, applications, and administrative accounts. That approach aligns with zero trust thinking, where no user or device gets automatic trust just because it is on the network.

Defending Against Insider Risk

The company also warns that insiders can use AI tools to do more damage from within. A malicious insider already has legitimate access, which makes misuse harder to detect. AI can help that person automate credential harvesting, search for sensitive information, or draft believable phishing messages. In those cases, security teams need to look for behavior outside normal job duties, activity after hours, and repeated access to critical systems.

To limit that risk, Keeper Security recommends removing standing access and using Just In Time access, session monitoring, and session recording. The idea is to give users only the access they need, only when they need it, while keeping a close eye on what happens during the session.

The message is clear. As AI makes attacks more autonomous, defenders need analytics that are equally adaptive. Authentication alone is no longer enough. Organizations now need continuous, context aware behavioral analysis and tighter control over both human and non human identities, especially in hybrid and multi cloud environments.

In the AI era, security teams are not just looking for bad code. They are looking for bad behavior that tries very hard to look normal.

#CyberSecurity #AISecurity #BehavioralAnalytics #ZeroTrust #Phishing

#ai security #Cybercrime #Malware