According to an analyst, there will be major data breaches and fines for application developers who use generative AI (GenAI) extensively next year. Forrester made the claims in its 2024 predictions for cybersecurity, risk and privacy and trust.
Alla Valente, a senior analyst, issued a warning about the excessive use of “TuringBots”, which are GenAI assistants that aid in code creation. She emphasized the importance for developers to thoroughly scan the generated code for vulnerabilities.
By infosecbulletin
/ Wednesday , June 18 2025
Russian cybersecurity experts discovered the first local data theft attacks using a modified version of legitimate near field communication (NFC)...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
Cybersecurity researcher Jeremiah Fowler discovered an unsecured database with 170,360 records belonging to a real estate company. It contained personal...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
GreyNoise found attempts to exploit CVE-2023-28771, a vulnerability in Zyxel's IKE affecting UDP port 500. The attack centers around CVE-2023-28771,...
Read More
By infosecbulletin
/ Tuesday , June 17 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has recently included two high-risk vulnerabilities in its Known Exploited Vulnerabilities (KEV)...
Read More
By infosecbulletin
/ Monday , June 16 2025
SafetyDetectives’ Cybersecurity Team discovered a public post on a clear web forum in which a threat actor claimed to have...
Read More
By infosecbulletin
/ Sunday , June 15 2025
WestJet, Canada's second-largest airline, is looking into a cyberattack that has affected some internal systems during its response to the...
Read More
By infosecbulletin
/ Saturday , June 14 2025
Resecurity found 7.4 million records of Paraguayan citizens' personal information leaked on the dark web today. Last week, cybercriminals attempted...
Read More
By infosecbulletin
/ Friday , June 13 2025
HashiCorp has revealed a critical vulnerability in its Nomad tool that may let attackers gain higher privileges by misusing the...
Read More
By infosecbulletin
/ Friday , June 13 2025
SoftBank has disclosed that personal information of more than 137,000 mobile subscribers—covering names, addresses, and phone numbers—might have been leaked...
Read More
By infosecbulletin
/ Friday , June 13 2025
Serious security vulnerabilities in Trend Micro Apex One could allow attackers to inject malicious code and elevate their privileges within...
Read More
ALSO READ:
40 countries to sign a agreement not to pay ransom
In a blog post, she mentioned that if there are no proper protections for TuringBot-generated code, Forrester predicts that by 2024, at least three data breaches will be attributed to insecure AI-generated code. These breaches could occur because of security flaws in the code or vulnerabilities in suggested AI dependencies.
Regulatory issues may arise for apps that use GenAI products like ChatGPT to provide information to users.
Valente predicted at least one would be fined for its handling of personally identifiable information (PII).
The person mentioned that OpenAI has the means to protect itself from regulators, but third-party apps on ChatGPT may not have the same resources.
Some apps introduce risks through their third-party tech providers, but lack the resources and expertise to handle them properly. In 2024, companies should identify apps that may increase their risk exposure and focus on managing third-party risks.
The European Data Protection Board has created a task force to coordinate enforcement action against ChatGPT. This action was taken after the Italian Data Protection Authority decided to suspend the use of the product in Italy.
In the US, the FTC is investigating OpenAI.
GenAI may also play a part in Valente’s third prediction: that 90% of data breaches in 2024 will feature a human element. According to Verizon, the figure is already at 74%.
GenAI poses a significant risk to security. It enhances social engineering and enables attackers to efficiently carry out convincing phishing attacks.
“This increase [in people-centric risk] will expose one of the touted silver bullets for mitigating human breaches: security awareness and training,” argued Valente.
In 2024, CISOs will focus more on adaptive human protection. This is because NIST will update its guidance on awareness and training, and there will be more human quantification vendors available.