Malik Haidar is a veteran cybersecurity expert who has spent years defending multinational corporations from the front lines of digital warfare. With a background that merges deep technical intelligence with high-level business strategy, he has a unique perspective on how the threat landscape is shifting from manual intrusions to automated, AI-driven onslaughts. As the barrier to entry for cybercrime plummets and the velocity of breaches increases, Malik’s insights become essential for understanding how organizations can survive in an era where attacks are no longer measured in days, but in minutes.
Our discussion covers the evolution of the cybercrime underground, focusing on how AI has transitioned from a tool for “polishing” emails in 2024 to a full-scale operational infrastructure by 2025. We explore specific technical hurdles like padded code designed to frustrate static analysis and the rise of “ClickFix” attacks that accelerate initial compromise. Malik also outlines the critical need for behavioral detection and the dangers of identity fabrication, particularly in the context of state-sponsored worker fraud and the use of AI brands as deceptive lures.
How has the integration of AI into cyber-attacks shifted from a simple tool for polishing content to a central component of the offensive workflow over the last two years?
Back in 2024, the primary use of AI was relatively superficial, mostly helping hackers fix their grammar in phishing lures or generate very basic scripts. It was a time of experimentation with malicious tools like FraudGPT, but it didn’t fundamentally change the game for seasoned defenders. By mid-2025, the picture has shifted dramatically toward a full-scale underground market for AI-enabled tools and deepfake services. Today, AI is no longer a peripheral assistant; it is embedded directly into the offensive heart, helping actors like the ShinyHunters group or North Korean hackers achieve more results with significantly less effort and cost.
Modern cyberattacks often involve AI-generated web shells and padded code; how are these specifically designed to frustrate security analysts and bypass traditional static analysis?
Attackers are now using AI to automate the creation of web shells and credential harvesters, which are the essential building blocks of a successful breach. By using AI to vary or pad code, they can create millions of versions of the same malware that look entirely different to traditional scanning tools. This tactic is specifically designed to frustrate static analysis, as the security software can’t find a consistent signature to flag. It turns the defense process into a grueling game of whack-a-mole where the volume of unique, AI-generated code snippets overwhelms even the most diligent security teams who are used to more predictable patterns.
We are seeing a trend where AI is no longer just the weapon but also the lure itself. How are threat actors exploiting the public’s trust in AI brands to gain initial access?
There is a massive demand for AI productivity tools right now, and threat actors are using that hunger as a gateway for infection. They create fake software downloads or malicious browser extensions branded as popular tools like Claude to trick users into running installation commands. Users are often so eager to try these new technologies that they ignore red flags, following fake setup steps that seem routine enough to pass their initial scrutiny. By turning the AI brand into the lure, hackers can bypass technical defenses by exploiting the psychological trust and curiosity of the average employee who just wants to be more efficient.
In the context of identity fabrication, how is AI being utilized by actors like North Korean hackers to create convincing fake profiles for corporate espionage?
Identity fabrication has become a major headache for HR and security teams, as North Korean hackers use AI to scale worker fraud to unprecedented levels. They use generative models to create highly convincing fake profiles and even deepfakes for meetings and interviews, allowing them to pose as legitimate remote workers. This isn’t just about a stolen profile photo anymore; it’s about a comprehensive digital identity that is nearly impossible to spot without deep, out-of-band investigation. Once these actors are hired, they use their legitimate access for everything from data espionage to financial extortion, all facilitated by the speed and polish of AI-generated content.
With reports suggesting that attacker breakout time has dropped to just four minutes, what radical shifts must CISOs make in their containment and detection strategies?
A four-minute breakout time means that by the time an alert reaches a human analyst’s screen, the damage is likely already done. CISOs can no longer rely on manual intervention and must shift toward automated containment to keep pace with these machine-speed attacks. This requires implementing behavioral detection across endpoints, identity, and the cloud, so the system can instantly revoke access or isolate a device once it spots an anomaly. We have to treat AI as operational infrastructure on our side as well, using automation to match the pace of operators who are launching, adjusting, and repeating campaigns at industrial scale.
What is your forecast for the future of AI-driven cybersecurity?
I believe we are entering an era where traditional tells like typos or poor grammar will vanish entirely, replaced by flawlessly polished social engineering that is impossible for users to distinguish from the real thing. Organizations will be forced to move toward out-of-band verification for every sensitive request, such as a phone call or a physical token to approve a payment or an installation. As AI makes attacks cheaper and faster to scale, the successful companies will be those that invest heavily in threat research to track the new volume and timing patterns these automated campaigns create. Ultimately, our defense-in-depth strategies must be built around the reality that we are no longer fighting humans, but algorithms that don’t sleep.
