Everyone knows the benefits of backupright? If your computer or server goes down or is compromised, backups come in handy. This is a common, standard, undisputed, and easy best practice. If you don’t want to lose your data, please back it up.
For 20 years, I’ve been talking about the benefits of the technology industry’s best practice 3-2-1 backup strategy. The idea is to create three copies of all your files, two on different physical devices and one offsite. I practice what I preach and back up to several servers at home and off-site cloud storage.
There’s no news here. This strategy is exactly that, and it works. Or is it?
read more:
5 Security Strategies Businesses Can’t Mistake in the Age of AI – Why They Matter
What if I told you that everything you know and do to ensure high-quality backups is no longer viable? In fact, what if I said that in the age of generative AI?we’re all pretty confused when it comes to backups, right?
Sometimes it seems like AI is ruining everything. Now the backup is corrupted. Yes, there are days when I hate being human.
sneak in and pull down the futon
For most of this article, I’m going to talk to people who run enterprise-level IT operations. But this little nightmare can apply to home networks as well as small business networks. Even if you don’t think you’re big enough to be a target, as long as your network is connected to the Internet, you are.
This reality is especially true for AI. In the good old days, hackers trying to break into a network had to do most of the work themselves.
Yes, brute-force attack programs existed, but if the firewall was attacked hard enough and didn’t collapse, those programs simply landed on the next IP address in the list. It is only done when the target looks attractive enough for a human hacker to spend personal time and attention trying to break into a network.
But now AI can do almost everything. You’ll also be able to do all your work much faster and won’t need a continuous supply of Skittles, pepperoni, or a nap to keep up your hard work.
read more:
AI’s biggest threat comes from within – 12 ways to protect your organization
AI agents can fan out and attempt to tunnel into your network globally. Additionally, using local AI large-scale language models It’s available for download, but there’s no reason to expect that the internal guardrails of major AI companies will stop AI from moving to the dark side.
This situation can happen to almost anyone who has some technical skills but lacks a moral compass. So imagine these tools falling into the hands of a terrorist organization, hacker group, or rogue state. No network is truly secure.
Let us take this reality to its logical, even unscrupulous, unprincipled, and immoral conclusion. What can bad guys do once they get into your network? Well, they might install malware. And then there’s AI again.
According to the 2026 Pinkas Red Report, recentlymost malware is used to collect credentials or exfiltrate data. 80% of top attacks are specifically designed to avoid detection, remain hidden within a system or network, and enable stealth remote command and control.
For many years, malware has been introduced primarily for the purpose of destruction and exfiltration, system disruption, and ransom data access. This approach has created a ransomware business model for threat actors that uses encryption to lock down data and instantly wreak havoc. According to Pincus, this business model has fundamentally changed over the past year, resulting in a 38% relative decline in crypto-ransomware from 2025 to 2026.
AI makes stealth, evasion, and living on the ground more feasible within the system. Today, attackers are essentially embedding enemy agents within networks with the knowledge and ability to act independently on behalf of their nefarious masters.
Networks are no longer just dealing with malicious software. Instead, they are essentially harboring intelligent terrorist sleeper cells, operating in secrecy with as much or more skill than the IT teams tasked with defending against embedded AI.
All defenders must always join and defend the A team. However, attackers can simply clone one AI-based attack team and deploy it thousands of times, resulting in potentially asymmetric and devastating threats.
Now back to the topic of backups.
Backup: It all seemed so simple
Let’s talk about the basic premise of backup. The idea is as simple as possible. Make a copy of something on your computer or server. That way, if something happens to your machine, you have a copy of your data to restore. Easy peasy.
Just to be clear, I can’t stand the word “easy.” If you’ve ever set up a backup, you know that setting up a backup to ensure that you can restore it is neither easy nor tedious. There are many issues to consider, such as how much data to back up, whether you can back up databases and files that are locked while in use by the file system, and whether to back up incrementally or create synchronous copies.
We have already discussed the 3-2-1 approach. Where do you store your backups?Last time I checkedMy home server had 139.04 terabytes. There are probably many more, including some AI test servers I recently set up and a work computer focused on day-to-day productivity.
My approach is to back up to two dedicated in-house servers (including one that automatically shuts down all but 4 hours a week). It also sends all data (except large video files) to several cloud services for offsite backup.
The simple assumption is that the data is good before it is backed up. So if something happens and you need to restore, the data brought back from your backup is good.
Even if there were no malware, AI, or malicious actors, things wouldn’t always be that way. Backups can be corrupted and may not have been written correctly to begin with, yada, yada, yada. However, this article assumes that your backup and restore processes are stable, reliable, and working.
Of course, this is not always the case. 2025 Ransomware Trends from Ransomware Protection Software Company Veeam Research concludes that 93% of ransomware attacks target backups. Of the organizations surveyed by Veeam, 34% said their backups had been modified or deleted.
Veeam’s research does not specify the role of AI in these attacks, but as we move into 2026, there is no doubt that threat actors are leveraging AI.
Vibe-encoded ransomware
Understand this: AI-based ransomware is more than just sophisticated AI running freely within a network or lurking inside a network to extract data and credentials. Oh my god. AI-based ransomware is vibe-coded By threat actors. This approach means ransomware is just as likely to cause bugs and hallucinations Like all other vibe coding software.
Here is the promise of honor among thieves regarding ransomware: They encrypt it. you pay. They will give you the key to decrypt it. Veeam research found that 64% of businesses paid a ransom. Of these, 47% paid the ransom and had their data recovered, while 17% paid the ransom but were unable to recover their data.
Now, let’s talk about vibe-coded ransomware. Even if the thief intended to return the data, the AI-generated vibe-coded software may be so poor that the transaction cannot proceed. Do you really think that attackers using vibe coding are testing your threat engine?
Here is an example. In January 2026, the Halcyon Ransomware Research Center (a collaborative anti-malware research initiative launched by anti-malware company Halcyon) discovered a critical flaw. In a ransomware variant called Sicarii.
This malware variant successfully generates a new RSA key to encrypt the victim’s data. Then you actually use that key to encrypt the data you want. So far, so good. Or at least as good as a ransomware implementation. But then the software deletes the key. This is a bug that renders the key only once and for encryption only. there is nothing I’m going to get my data back due to a bug in that software.
aggressive intelligent agent
Now let’s move on to the case where an AI agent is covertly integrated into the network. Some of these built-in AI-driven malware can analyze network patterns, backup schedules, and storage configurations. This feature allows AI to identify points of vulnerability.
These AI-based attacks can target backup repositories, create corrupted snapshots, and leak decryption keys and other credentials. You may think your organization is protected by backups. However, if a persistent malware AI is present in your network, it could be covertly corrupting your backups and disabling your defenses.
The name BlackFog can accurately describe how I feel before drinking my first cup of coffee every morning. However, in this case, it refers to the data loss prevention company that announced the results of the ransomware investigation.. According to a BlackFog report, ransomware that acts as a sleeper within a network often persists for 11 to 24 days before being detected. This is called residence time.
During its stay, the ransomware maps the environment, locates backup servers, scans snapshot systems, and observes scheduled backup jobs to understand recovery patterns. Malicious software now uses automated reconnaissance scripts that leverage AI-style pattern recognition to classify storage systems, detect common backup software, and prioritize high-value targets such as domain controllers and backup management consoles.
Once infiltrated after a reasonable period of reconnaissance, intelligent malware attempts to capture credentials, exploit known vulnerabilities in backup strategies, and hack administrative tools to delete, encrypt, or disable backups. Some really nasty attacks specifically target immutable storage by looking for misconfigurations. Here, it attacks the management infrastructure and destroys network data before reaching backup systems.
The end result is that the malware successfully corrupts and infects the data before offsite backup encryption begins and before the backup is performed. Even if you are able to restore your data from a backup, the backup itself is already corrupted before it is created.
You’re going to love this AI thing, right?
10 ways to strengthen your network
This article is primarily intended to provide up-to-date information about this threat.
But in honor of my old boss who always insisted I never bring a problem to her without offering a solution, I’ve put together 10 possible tactics to consider to protect your network.
- Define a response playbook. Teams can be trained to follow procedures.
- Segment your network. Build internal firewalls to prevent malware that enters one network segment from migrating to other network segments.
- Check your backups regularly. Test the restore and run the test more often than you think is practical.
- Make sure your backups are clean. You can scan your backups to detect hidden malware. Some products perform this task.
- Maintain separate copies. Storage is immutable and can be kept offline. I physically turn off one of my backup servers for most of each week.
- Build alternative infrastructure. The recovery environment must be prepared in advance.
- Create a containment plan. Define an approach to quickly isolate infected systems. The segmented network described earlier helps with this task.
- Deploy endpoint protection. By investing in malware-proof software, you can block malicious code before it can run.
- Enable motion detection: Encryption attempts can be detected and stopped with proper use of intrusion detection systems.
- Always create an up-to-date chain of command. Leaders must be trained and empowered to make quick decisions and direct responses to attacks.
Well then, here you go. To be honest, I don’t think any network can be completely strengthened. That’s why I always recommend a belt-and-suspenders-and-bulletproof-jacket-and-hip-waders-and-helmet approach to network defense. Basically, just throw everything you have at it and keep adding defense.
Remember that you need to defend against all enemy actors using all attack strategies. All they have to do is find one small flaw that can sneak in and cause damage. So wear a suit. A war has begun.
This article was originally published on our sister site ZDNET.
