AI speeds VPN exploits

A virtual private network is the software many companies use to let remote staff into internal systems, and security vendors say attackers are now using artificial intelligence to find and exploit those openings faster than defenders can react. (cio.com) Zscaler’s ThreatLabz 2026 Virtual Private Network Risk Report, published March 25, said 79% of surveyed information technology and security leaders fear the speed of artificial-intelligence-driven exploitation. Its survey of 822 professionals also found 61% reported encountering artificial-intelligence-enabled attacks in the previous 12 months. (cio.com) CrowdStrike said on February 24 that artificial-intelligence-enabled adversary activity rose 89% year over year, while average eCrime breakout time fell to 29 minutes in 2025 and the fastest observed breakout took 27 seconds. In one intrusion, CrowdStrike said data exfiltration started within four minutes of initial access. (crowdstrike.com) The problem for companies still built around virtual private networks is visibility. Zscaler said 70% of organizations have limited or no visibility into artificial-intelligence-enabled threats moving over virtual private network connections, and only 24% have deployed artificial-intelligence-powered monitoring. (cio.com) A virtual private network can also widen the blast radius after a login because it often grants broad network access once a user connects. Zscaler said many teams are still defending remote access with inspection gaps and access models that move more slowly than attackers do. (cio.com) The same threat feed points to a second pressure point: software supply chains. Palo Alto Networks’ Unit 42 said on March 31 that TeamPCP compromised Trivy, Keeping Infrastructure as Code Secure, LiteLLM and the Telnyx Python software development kit, injecting infostealers into GitHub Actions and the Python Package Index between late February and March 2026. (unit42.paloaltonetworks.com) Trend Micro said the LiteLLM compromise was especially dangerous because the package acts as a gateway between multiple large language model providers and can hold application programming interface keys, cloud credentials and Kubernetes secrets in one place. The company said malicious LiteLLM versions 1.82.7 and 1.82.8 stole credentials, moved laterally across Kubernetes clusters and left a persistent backdoor for remote code execution. (trendmicro.com) The feed also highlighted ClickFix, a social-engineering trick that tells users to copy and run commands themselves. Microsoft said in August 2025 that ClickFix campaigns had targeted thousands of enterprise and consumer devices daily, and Recorded Future said on March 25 that it had identified five distinct ClickFix clusters hitting both Windows and macOS. (microsoft.com, recordedfuture.com) Recorded Future said those ClickFix clusters have been observed since at least May 2024 and impersonated brands including Intuit QuickBooks and Booking.com. The company said the technique is likely to remain a primary initial-access vector through 2026 because it shifts execution into built-in tools and around many browser and endpoint controls. (recordedfuture.com) Microsoft and Recorded Future both describe the same basic pattern: a fake verification or troubleshooting prompt persuades a user to paste commands into Windows Run, PowerShell, Terminal or other native tools. That turns a browser lure into user-launched malware on both Windows and macOS machines. (microsoft.com, recordedfuture.com) Taken together, the recent reports describe a narrower response window across three fronts at once: faster intrusion through virtual private networks, poisoned developer tools that expose secrets, and social-engineering lures that push users to infect their own devices. The common thread is speed, with attackers compressing the time between first touch and credential theft, lateral movement or data loss. (crowdstrike.com, cio.com, unit42.paloaltonetworks.com, recordedfuture.com)