Cybersecurity Today: Tiny Slip-Ups, AI Tools – and a Whole Chain of Consequences

by Joao Silva

When people picture cyberattacks, they often imagine a lone hacker smashing the system like a burglar breaking down a door. In reality, however, modern breaches tend to unfold more like a series of minor blunders piling up. A single forgotten software update, a misconfigured account or a tool left unchecked can be enough to set off a chain reaction that leads to a full‑scale breach.

Take the SolarWinds incident, for instance. Attackers slipped in via a trusted update. That one weak link ultimately exposed governments and enterprise systems worldwide in what remains a textbook example of a supply-chain attack.

Fast forward to mid‑2025, and the threats have only multiplied. In one high-profile software supply chain attack, attackers uploaded malicious versions of Nx and associated plugins to NPM. The malware stealthily harvested GitHub and NPM tokens, SSH keys and even cryptocurrency wallet data. What makes this case especially chilling is that the attackers used AI developer tools, such as Claude and Gemini, for reconnaissance and data theft, marking perhaps the first known AI-powered supply-chain attack.

At the same time, global supply chain attacks have surged. Since April 2025, the rate has doubled compared to early 2024, with IT and tech firms bearing the brunt of the increase. A recent incident involved a ransomware group claiming to have obtained data on over 41,000 customers of a single supplier that had been compromised. Beyond that, a separate supply chain campaign targeted the Python ecosystem via PyPI. Around 20 malicious packages were uploaded and downloaded over 14,000 times, each one a potential entry point for stealing cloud credentials.

AI isn’t just empowering attackers; defenders are deploying it too. Security teams are turning to AI agents, threat intelligence, predictive analytics and autonomous response systems. Google’s “Big Sleep” AI agent recently identified a critical SQLite vulnerability (CVE‑2025‑6965) that had escaped human detection. At the same event, the company also revealed new AI‑driven tools like Sec‑Gemini for log analysis and insider threat detection systems that operate without prior training data.

On the other hand, hackers are utilising generative AI to enhance the effectiveness and scalability of their attacks. Some groups are using AI to craft ransomware, automated payloads and realistic phishing lures. One cybercriminal network leveraged Claude Code to automate the full ransomware lifecycle, identifying targets, building malware, analysing stolen data and drafting ransom demands.

We should not ignore other landmark cases this year. In April 2025, the UK retailer Marks & Spencer was affected by a ransomware incident linked to a vendor breach. The fallout disrupted click‑and‑collect and contactless payments, cost the company significant losses and wiped more than £1 billion off its market valuation.

These events reveal a broader truth: almost every breach is a sequence of small vulnerabilities that are chained together. That could mean indirect dependencies you’re entirely unaware of, a forgotten third‑party tool, or a barely patched system.

AI amplifies both sides of this equation. On the attack front, it supercharges reconnaissance, malware generation, phishing and supply‑chain compromise. On the defence side, it boosts detection, response and automation. But AI is not a magic bullet. Using AI as a defender without proper controls risks generating false positives – or worse, missing stealthier attacks.

The future calls for a balanced approach:

1. Embrace AI as a force multiplier for defence – through predictive analytics, autonomous agents and rapid threat response – but with human oversight and ethical guardrails.

2. Treat every link in the supply chain as potentially vulnerable and apply tools such as Software Bills of Materials (SBOMs), dependency scanning, and zero-trust security across accounts, tools, and suppliers.

3. Utilise cryptographic verification, secure model provenance, and trusted repositories when integrating AI models into systems.

4. Maintain the basics – regular patching, vendor audits and incident response plans – while understanding that the threat is often a slow burn fuelled by tiny lapses.

If cybersecurity were a TV show, we might expect car chases or dramatic infiltration. Instead, it’s more like a quiet workplace comedy where someone forgets to install that one patch, another recycles a password, and AI quietly reshapes the scale of what’s possible. Keep those dominos upright, and your company stays out of the highlight reel, which is precisely where you want it to be.