AI‑Driven Credential Stuffing Jumps 70% YoY, Bypassing Rate Limits

Palo Alto Networks’ Unit 42 reports a 70% year‑over‑year surge in credential‑stuffing campaigns that now leverage generative AI. Attackers feed leaked username‑password pairs into large language models, which then produce highly plausible password variations and guess lists that mimic real user behavior. By crafting these AI‑enhanced guesses, the bots evade traditional rate‑limiting and lockout mechanisms that assume random or low‑quality attempts.

The spike threatens organizations that still rely on password reuse and weak password policies. Successful attacks can lead to account takeover, lateral movement, and data exfiltration. Defenders must tighten password hygiene, enforce MFA everywhere, and deploy AI‑aware detection that flags abnormal credential‑guess patterns, such as rapid, high‑entropy password variations that differ from typical human input.

Categories: AI Security & Threats, Identity & Access Management, Threat Intelligence, #AI Security & Threats

Source: Read original article