LLMs: CyberArk Hacker Talks Attack Vectors to Watch in 2025

With AI becoming an integral part of cybersecurity operations, threat actors are beginning to take note.

Although they are providing boundless use for defence, adversaries are beginning to find ways to exploit them, creating a complex environment for individuals, businesses, and governments alike. 

The potential for LLMs to be exploited in cyberattacks represents a significant shift in how technology might be weaponised. 

Similarly, the rise of deep fake technology is poised to transform the way we think about identity verification, introducing challenges that demand innovative solutions. 

But how exactly are these being weaponised? To find out more, we spoke with Len Noe, White Hat Hacker and Tech Evangelist at CyberArk.

LLMs as attack vectors

LLMs have revolutionised industries with their ability to process and generate human-like text, but Len warns that this innovation comes with its own set of dangers. 

"LLMs will become the new APT [Advanced Persistent Threat] as nation states and even rogue actors exploit them for cyberattacks," he explains. While these models are invaluable for problem-solving, their vulnerabilities to jailbreaks and prompting hacks make them a double-edged sword.

According to Len, the release of open-source tools like HackerGPT and WhiteRabbitNeo has accelerated this risk. 

"These tools, designed for use by red teams, give anyone access to the power of an LLM that doesn’t have the guardrails other LLMs do. It will create a proof of concept for a brand new critical vulnerability when prompted to do so," he elaborates. 

This capability could lead to an unprecedented scale of attack vectors and methodologies, reducing the time-to-market for exploit codes after vulnerabilities are identified.

This raises important questions for businesses and governments: how can the benefits of LLMs be harnessed while mitigating their risks? 

As we grapple with this challenge, proactive measures, such as embedding robust security features into AI tools from the outset, will be critical.

Deep fakes and identity verification

Deep fake technology has rapidly evolved, enabling the creation of highly realistic synthetic media that can deceive even the most discerning viewers.

Len foresees this becoming a widespread issue, with significant implications for digital security. 

"As deep fakes become more widespread, we will see startups crop up in 2025 that offer identity validation-as-a-service," he predicts.

These services will push the boundaries of multi-factor authentication by incorporating biometric data, government-issued documents, and behavioural analysis. 

"They will use a combination of signatures, fingerprints, face scans, and even how a user interacts with a device or website to verify individuals for transactions and interactions online," Len explains. 

This level of scrutiny could become a necessity for activities ranging from online communications to physical transactions, as the lines between digital and physical realms continue to blur.

While these advancements promise greater security, they also raise ethical and privacy concerns. 

The prospect of implantable chips being used for authentication, as Len suggests, underscores the importance of balancing technological innovation with personal freedoms and consent.

Preparing for the cybersecurity challenges of tomorrow

The rapid evolution of technology brings both opportunities and threats. 

 "The availability of new tools and methodologies means we are entering a scale of cyber risk never seen before," says Len. 

Organisations must adopt a forward-thinking approach, investing in resilient systems and embracing innovations in identity verification to stay ahead of emerging threats.

The road ahead will undoubtedly present hurdles, but by fostering collaboration between industries, governments, and technology leaders, we can navigate the challenges and ensure a more secure digital future.

Explore the latest edition of Cyber Magazine  and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 

Cyber Magazine is a BizClik brand