As enterprises race to integrate artificial intelligence (AI) into their workflows, cybersecurity leaders warn that attackers are adapting just as quickly. Ami Luttwak, chief technologist at Wiz, told TechCrunch that AI-driven development introduces new risks while expanding the attack surface for organizations.
“One of the key things to understand about cybersecurity is that it’s a mind game,” Luttwak said on a recent episode of Equity. “If there’s a new technology wave coming, there are new opportunities for attackers to start using it.”
Wiz, acquired by Google earlier this year for $32 billion, has found that AI-coded applications often suffer from insecure authentication implementations. Luttwak explained that many of these flaws occur because AI coding agents prioritize speed and ease over robust security unless specifically instructed otherwise.
Attackers Are Using AI, Too
Attackers are increasingly adopting the same tools as developers, leveraging vibe coding, prompt engineering, and autonomous AI agents to launch exploits. Some are even embedding malicious prompts directly into applications, tricking AI tools into exfiltrating data or executing harmful commands.
This shift has fueled supply chain attacks through vulnerable third-party integrations. In September, sales chatbot provider Drift was breached, allowing attackers to impersonate the tool, query Salesforce data, and infiltrate enterprise environments at companies including Cloudflare, Google, and Palo Alto Networks.
Another major incident, dubbed “s1ingularity,” targeted Nx, a widely used JavaScript build system. The malware hijacked AI developer tools like Claude and Gemini to autonomously scan systems and steal tokens, granting attackers access to thousands of private GitHub repositories.
Related: Insight Partners Confirms Data Breach Notifications After January Hack
Balancing Speed and Security
Luttwak says enterprises face a constant trade-off between fast adoption and secure practices. With only about 1% of enterprises fully adopting AI today, Wiz still detects weekly attacks impacting thousands of customers.
“This revolution is faster than any revolution we’ve seen in the past,” he noted. “It means that we as an industry need to move faster.”
Building Secure AI Startups
For startups, Luttwak emphasized the importance of “security by design” from the earliest stages. He advises implementing enterprise-grade protections, from authentication and audit logs to single sign-on, even with just a handful of employees.
“From day one, you need to have a CISO,” he said. “Getting SOC2 compliance for five employees is much easier than for 500 employees.”
He also urged startups to architect systems that keep customer data within customer environments, reducing risk and meeting enterprise security expectations.
A New Era of Cybersecurity
Founded in 2020, Wiz began as a platform to address misconfigurations and vulnerabilities in cloud environments. It has since launched Wiz Code for securing the software development lifecycle and Wiz Defend for runtime threat detection.
With AI reshaping both offensive and defensive strategies, Luttwak says the cybersecurity field is wide open for innovation. “If every area of security now has new attacks, then it means we have to rethink every part of security,” he said.
