Singapore – Hackers no longer require special skills to pose a threat to the systems that power critical services. This is due to the proliferation of new artificial intelligence tools that can accelerate the exploitation of system flaws.
Senior Minister for Digital Development and Information Tan Kiat Howe called on more than 1,000 attendees at GovTech Singapore’s STACKx cybersecurity event to take threats seriously, saying AI can be used to counter AI.
“Pandora’s box has been opened,” Tan said in his opening speech at the Marina Bay Sands Expo and Convention Center on April 17.
he was explain Threats from AI tools such as Anthropic’s Claude Mythos Preview; It has been reported that it can autonomously identify vulnerabilities in software systems and generate code to exploit the flaws.
Anthropic said the model discovered vulnerabilities in all major browsers and operating systems. Citing the risk of such technology spreading to bad actors, the company shared a new AI model We worked with a select group of companies to patch their security systems and opted not to release them to the public.
“There is consensus among experts that these developments represent a further leap forward in the threat landscape,” Tan told an audience of government leaders, chief information officers, technology experts and industry members.
“In the wrong hands, even low-skilled attackers can carry out sophisticated attacks at scale and speed. You can imagine the damage that can be done in the hands of skilled AI-enhanced operatives.”
Although Mythos does not create new types of attacks, such tools can reduce the time and resources needed to carry out cyberattacks.
Mr Tan said organizations need to fundamentally rethink their digital security systems, adding that these include systems that harden critical services. Operational technology – Historically, in most cases, only people with special skill sets could compromise.
The government has warned sector leaders and owners of critical information infrastructure to strengthen cyber hygiene measures and plans to meet with them in the coming weeks to discuss the implications for Singapore’s cybersecurity.
Mr Tan urged businesses not to view cybersecurity as just another “check item”, saying a secure environment requires industry-wide cooperation.
Visitors learn about the various steps needed to strengthen their digital security systems at the exhibition booth at the STACKx Cybersecurity event.
Photo: Lianhe Zaobao
Government has taken steps to work more closely with organizations to combat cyber threats Together, Tan said, citing new means to equip critical information infrastructure Own confidential threat intelligence and proprietary threat detection systems to defend against your adversaries.
As AI-powered automated attacks continue to surface, he also called for using AI as a countermeasure tool to detect threats early and respond quickly, saying this can reduce the asymmetry in the skills of attackers and defenders.
But at the same time, companies need to deploy AI securely so it doesn’t become a vulnerability.
“This means building capacity in testing and establishing standards to use AI safely and reliably,” Tan said.
In his keynote address at the event, GovTech Singapore chief executive Goh Wei Boon echoed Mr Tan’s advice to “fight fire with fire” by equipping cyber defenders with AI tools.
Ninety-nine per cent of government services can now be accessed digitally, but at the cost of significantly expanding the attack surface, Goh said. He added that half of the government’s 2,000-strong systems are connected to the internet.
“Before, we could focus our defenses on a few gateways and firewalls to potentially exclude attackers. Now, our perimeter has essentially disappeared.”
All websites, digital platforms and devices used by government employees are potential access points, Go said, adding that AI can now be used to more quickly find flaws in configurations and code.
Mr Goh urged businesses to build secure AI systems to protect against attackers, citing the work of GovTech Singapore, which deploys tools such as Litmus, which act as security scanners for AI systems.
The agency is also experimenting with using AI to detect vulnerable code and conducting security tests with AI agents.
“No one organization has all the resources to deal with the ever-expanding attack surface and the ever-increasing ease of discovering new vulnerabilities,” said Goh.
“The only way to overcome it is for government, industry and academia to work together to innovate and stay ahead of new threats.”
An advisory issued by the Cyber Security Authority of Singapore on April 15 recommended that domestic companies strengthen their defenses against frontier AI models that can be used to scale up cyberattacks.
Immediate mitigation measures include applying software patches for all critical and high-severity vulnerabilities, implementing multi-factor authentication across all interfaces and gateways, and reviewing user privileges to remove unnecessary access.
Correction note: Story has been edited for clarity.
