According to the World Economic Forum’s Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards report, AI is now being used to automate phishing, map organisational structures, and autonomously exploit zero-day vulnerabilities. This marks the rise of a new class of threat, one that traditional security tools were never designed to stop.
The UK’s National Cyber Security Centre (NCSC) has warned that “Over the next two years, a growing divide will emerge between organisations that can keep pace with AI-enabled threats and those that fall behind”.
This isn’t the future. It’s already here.
Today’s AI powered attackers are doing more than ever:
- Deepfake Executive Scams
AI generated voice and video deepfakes now impersonate executives and trick employees into transferring funds or credentials. For example, a UK engineering firm lost £20 million after a deepfake video of their CFO instructed an urgent transfer.
- Fake Developers and Machine Identities
Microsoft uncovered a North Korean scheme called ‘Jasper Sleet,’ which used AI-enhanced fake identities to gain employment at global companies. Since then, Microsoft has disabled over 3,000 fraudulent Outlook accounts. Generative AI makes it increasingly easy to create convincing fake contractor profiles or spoof employee identities. - Supply Chain Injection via CI/CD
AI-injected prompts now compromise build systems and open source tools inserting malicious code directly into pipelines. In 2025, GitLab’s AI assistant, Duo, was found vulnerable to prompt injection and HTML-based code theft. Attackers inserted malicious content that Duo executed, enabling private source code exfiltration, all within trusted DevOps workflows. - Automated Exploitation of Infrastructure
AI bots scan thousands of cloud environments per second, targeting misconfigured ports, unpatched services, and forgotten infrastructure. According to Imperva 2025 Bad Bot’s report, automated traffic now surpassed human traffic for the first time. Bad bots making 37% of all internet traffic, which 25% of those attacks are directly targeting businesses by exploiting misconfigurations and weak controls.The implication of this is huge. Traditional risk based security models no longer hold. Enterprises used to justify security spend by risk profiles, assuming attackers would prioritise only the most valuable targets. But when AI driven bots can indiscriminately probe every exposed service across the globe in real time, there is no such thing as a “low risk” region anymore.
Each of these examples targets a different layer, human perception, digital identity and software infrastructure, but they all share a common thread. AI isn’t just powering defenders anymore. It’s evolving attackers.
Infrastream: Built for the Age of AI Threats
After years in cybersecurity and infrastructure, we built Infrastream to restandardize how cloud environments are deployed and defended.
It’s a secure-by-default automation platform that protects your infrastructure from human error and external threats. By relying on robot executors instead of operator scripts, actions driven by the manifests are more maintainable and secure. This architecture structurally limits the exploitation window, keeping systems safe even if an employee account is compromised.
How Infrastream Neutralises Modern AI Threats
Deepfake Executive Scams: Block Execution, Not Just Access
While Infrastream can’t stop users from trusting fake videos or calls, it minimizes the impact by:
- Mandatory multi-factor authentication on infrastructure environments
- Enforcing domain-level email protections
- Triggering step-up verification for sensitive actions
- Restricting access with scoped roles and privilege boundaries to robot executors
- Capturing audit trails across services to surface suspicious behaviour early
Even if social engineering succeeds, core systems remain protected as Infrastream manifests are designed to allow for a controlled number of operator defined scripts or immediate rollback to a previous version of the infrastructure and databases in case of compromission.
Fake Users & Machine Identities: No Live Access to Exploit
Infrastream eliminates runtime tampering:
- No human outside CTO has direct access to production
- All changes flow through peer-reviewed pull requests
- Only signed, validated code is executed
Attackers can’t act without code approvals, and even compromised machines hit a dead end due to network and privilege isolation.
Supply Chain Injection (CI/CD): Stop Silent Pipeline Breaches
Infrastream makes sure only verified, secure code makes it into production, no surprises, no silent breaches.
- Stops leaks of sensitive credentials in build systems
- Requires all code changes to be verified and signed
- Checks infrastructure code for risks before it runs
- Uses leading standards (SLSA v3) to prevent tampering
You can’t prevent every vulnerable dependency, but Infrastream blocks unauthorized changes from ever reaching production.
Automated Exploitation of Infrastructure: Resilient by Design
Modern attacks are fast, automated, and relentless. Infrastream makes your cloud resilient by design.
- Prevents misconfigurations by enforcing secure defaults and templates
- Reduces human error by running all changes through Infrastream executors
- Prevents lateral movement by combining robot executors with tightly scoped service accounts, blocking the admin takeovers that typically occur in cloud environments
Even if attackers gain access to a user account, they can’t escalate privileges or move laterally. Your infrastructure remains structurally protected.
Stay Ahead of the Curve
AI isn’t just redefining how businesses operate, it’s reshaping how attackers breach them. The security threats we’re facing today aren’t theoretical. They’re already exploiting infrastructure, identity, and software supply chains at scale, faster than most organisations can respond.
Infrastream was built for this new era, where cybercrime moves at the speed of AI. By embedding security into the foundation of your infrastructure, we help teams stay ahead of the threat curve, eliminate human error, and defend against risks traditional tools can’t even detect.
“The gap between those who adapt and those who fall behind is widening. (UK National Cyber
Security Centre)”. With Infrastream, you’re not just reacting, you’re future-proofing.
Ready to Assess your Risk?
If you’re interested in learning more or would like an assessment of your current infrastructure, get in touch with our team. We’ll help you identify critical vulnerabilities, uncover inefficiencies, and build a clear roadmap to secure, AI-ready operations.
Join the Infrastream waitlist today: https://pvotal.tech/infrastream/
Source:
- World Economic Forum (January 2025). Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards report.
- National Cyber Security Centre (May 2025). UK critical systems at increased risk from 'digital divide' created by AI threats.
- CNN (February 2024). Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’.
- The Guardian (May 2024). UK engineering firm Arup falls victim to £20m deepfake scam.
- Microsoft (June 2025). Jasper Sleet: North Korean remote IT workers’ evolving tactics to infiltrate organizations.
- Dark Readings (May 2025). GitLab's AI Assistant Opened Devs to Code Theft.
- Imperva (2025). 2025 Bad Bot Report.
Written by Kam Rai
