AI-Powered Attacks Now Wiping Out Entire Infrastructure, Commvault Warns
Commvault warns that AI-driven cyberattacks are evolving beyond data encryption to complete destruction of virtual machine environments and hypervisors, leaving organizations in a 'dark, dead' state.
The cybersecurity landscape is undergoing a radical transformation as AI-powered threat actors escalate their capabilities, moving beyond traditional data encryption to the complete annihilation of victim infrastructure. Commvault Chief Technology Officer Brian Brockway highlighted this alarming trend, stating that attackers are now capable of wiping out entire virtual machine environments and hypervisors, leaving organizations in a "dark, dead" state.
Brockway explained that advanced AI models are rapidly identifying and exploiting software vulnerabilities at an unprecedented pace. "The more unplanned work that has to be done to react to this, that's always going to challenge priorities," he noted. This acceleration forces organizations to divert engineering resources from developing new features to addressing immediate, critical security threats, fundamentally altering development roadmaps.
Research from Palo Alto Networks indicates that frontier AI models can uncover more than seven times the typical number of software vulnerabilities within a single month compared to traditional methods. This surge in discovered flaws, coupled with attackers exploiting them within minutes rather than weeks, creates a highly compressed timeline for defense.
In response to this evolving threat, Commvault urges organizations to rethink their resilience strategies. Beyond mere backups, the focus must shift to ensuring clean system restoration, maintaining isolated recovery environments, and prioritizing the recovery of critical systems and their dependencies. Air-gapping critical data and keeping immutable, isolated copies are presented as foundational steps.
Commvault recommends rigorous testing of recovery plans against realistic attack scenarios. Brockway described the arduous process of recovering from such attacks, which often involves stripping systems down to bare metal and redeploying the entire data center. This can take days, even in well-exercised environments, underscoring the need for robust and frequently tested recovery procedures.
Organizations must prioritize the restoration of essential systems such as identity platforms, billing systems, operational databases, and cloud services. As AI becomes more integrated into core business operations, recovery plans must also account for newer dependencies like data pipelines, model repositories, and vector databases.
Continuous testing of recovery plans in isolated "cleanroom" environments is crucial. These environments should mirror production builds, allowing teams to rehearse restoration processes before a real incident occurs. This proactive approach ensures that recovery is not just a reaction but a well-rehearsed procedure.
Brockway concluded that the sheer volume of signals from AI bug-finding tools necessitates greater automation and AI integration for filtering noise, assisting with patching, and supporting deployment. Without these advancements, security teams risk becoming desensitized, leaving organizations vulnerable to devastating attacks.