🟡 Medium | Source: The Register — Security
Despite rapid advances in AI-powered vulnerability discovery, the most exploited weaknesses remain rooted in poor human behaviour — particularly weak and reused passwords. The article argues that attackers don’t need sophisticated AI tooling when basic credential hygiene continues to fail at scale. This serves as a reminder that technical innovation in offensive security is outpacing the fundamentals of user and organisational hygiene.
Security Architect’s Take: Prioritise enforcing phishing-resistant MFA and passwordless authentication across all cloud environments, and audit your identity stores for weak or reused credentials using tools like Have I Been Pwned integrations or cloud-native identity protection services — these remain far more likely attack vectors than AI-assisted zero-days.
Original advisory: AI may be good at finding security vulnerabilities, but it can’t beat human stupidity