How a €10 AI tool easily exposed government passwords

Artificial intelligence is rapidly accelerating how quickly security flaws are found in computer systems, sparking urgent warnings from Dutch cybersecurity officials who fear cybercriminals will soon weaponize the tech at scale.

Matthijs van Amelsfort, director of the Dutch National Cyber Security Centre (NCSC), highlighted just how drastically the timeline for cyber threats has shrunk. "In the past, it took days before an attacker exploited a vulnerability; now it is hours," Van Amelsfort told Dutch broadcaster NOS. "That will become minutes," News.Az reports, citing Anadolu Agency.

The warning comes as cybersecurity professionals gathered this week to address the mounting risks of AI-assisted hacking. Experts note that AI tools are now uncovering deeply buried software flaws that have gone unnoticed for decades.

"There is no panic, but it is certainly urgent," said Dimitri van Zandvliet, chairman of the CISO Platform, an association for Dutch chief information security officers. "This development means that vulnerabilities are being found in systems that are already twenty years old. We need to accelerate so that we fix those errors before they are exploited."

To prove how accessible these threats have become, cybersecurity firm Hadrian demonstrated how a low-cost, mainstream AI program could compromise government infrastructure. Using a basic model developed by OpenAI—costing a mere €10 ($11) to run—company hacker Rogier Fischer analyzed a government website's code and successfully exposed restricted files. "Here you can literally see the passwords," Fischer revealed during the demonstration.

The capability isn't brand new, but its adoption is exploding. Cybersecurity firm AISLE reported finding more than 200 software vulnerabilities using various AI systems since September. Jaya Baloo, an expert with the firm, noted that even older, cheaper AI systems are entirely capable of detecting severe flaws, challenging the narrative that this is an overnight phenomenon. "The story was that AI was ‘suddenly’ very good at finding vulnerabilities," Baloo said. "But we could find those same flaws with older AI systems... We’ve been doing this for months."

While cybersecurity defenders currently have the upper hand in utilizing these tools to patch systems, officials warn that a pivot from bad actors is inevitable. Van Amelsfort pointed out that malicious hackers typically adopt breakthrough technologies within a few months of their release.

For highly digitalized nations like the Netherlands, the stakes are incredibly high. "We have already experienced ports shutting down or our data being stolen," Van Amelsfort warned. "Attackers and defenders will continue to battle each other, also with this AI development. We really have to make sure our defense is in order."

News.Az 

By Aysel Mammadzada