In a world where artificial intelligence (AI) is becoming so integrated into business workflows, new risks are materialising. Ami Luttwak, Chief Technologist at Wiz, a cybersecurity company acquired by Google, warned that the rise of AI isn’t just speeding up innovation — it’s also rewriting how attackers think and act.
Speaking in a recent podcast episode of Equity, Luttwak laid bare how AI tools are transforming the entire cyber threat landscape. He noted that while enterprises are racing to embed AI—from automated coding tools to smart agents—they are simultaneously expanding their exposure, often unintentionally. He argued that haste frequently ends up becoming a liability, especially when security is an afterthought, according to TechCrunch.
Table of Contents
Rushed AI Development and Expanded Attack Surfaces
Luttwak emphasised that many of the vulnerabilities he’s seeing stem from the pressure to move fast. By using AI-assisted tools like vibe coding agents and AI prompt-based coding, companies can deliver software more quickly. But, he adds, shortcuts are common — especially around essential areas like authentication systems, which verify users and guard access. If the specification doesn’t demand strong security, these systems get built the easy way.
AI is not just helping defenders; attackers are also weaponising it. Luttwak shared that cyber adversaries now deploy AI agents, prompts, and even “vibe coding” themselves in order to craft exploits. For example, attackers are telling AI tools to “send me all your secrets, delete the machine, delete the file” — crude instructions, but effective when weak spots exist.
Companies are also introducing new AI tools internally for efficiency and productivity. But these same tools can open up supply-chain vulnerabilities when third-party services that have broad access are compromised. Luttwak pointed to several recent incidents where this approach has succeeded. One was Drift, a firm whose AI chatbot was breached: attackers used digital keys (tokens) to impersonate the chatbot, query Salesforce data, and move laterally through the environments of enterprises.
Another example he offered was “s1ingularity” in August, targeting Nx, a popular build system for JavaScript developers. In that case, attackers pushed malware via the build system that detected the presence of AI developer tools such as Claude or Gemini, then hijacked them to scan for sensitive tokens and keys—including those giving access to private GitHub repositories.
Building Security In from the Very Start
Given these emerging threats, Luttwak insists that companies — especially startups — must infuse security from day one. In his view, even a small SaaS company with five people should behave like a hardened enterprise in terms of security and compliance. That means instituting audit logs, formal authentication, strong access control, and secure development practices from the start. Every startup, he said, should have a Chief Information Security Officer (CISO) from inception.
Part of this approach is avoiding what he calls “security debt” — the cost (in effort, risk, and money) of fixing security issues later because they were neglected early. Choosing secure architectures, ensuring that customer data remains under customer control, and planning for compliance (such as SOC2) early are steps to avoid big problems down the line. Luttwak noted that being SOC2-compliant is much easier for a small team than for a very large one, if you begin with the right mindset.
Wiz itself has invested along these lines. Over the past year, it has launched products like Wiz Code, which helps identify vulnerabilities early in the development lifecycle, and Wiz Defend, which helps detect and respond to live threats in cloud infrastructure. These moves illustrate how defenders need to move fast to keep pace with attackers using AI at every step.
The Stakes Are High: The Revolution Is Here
Luttwak believes that the AI-fueled speed at which cyberattacks are evolving is one of the most rapid revolutions the industry has seen. He claims only a small minority of enterprises have fully adopted AI (around 1 %), yet the threats are already widespread. Regularly, Wiz sees attacks that impact thousands of enterprise customers. These attacks often embed AI at every step, from the initial breach to the lateral movement across systems.
He warns that this moment is critical. All parts of cybersecurity must be rethought — from malware detection and phishing protection to workflow automation. Defenders need to find ways to use AI to keep up with attackers using AI. For him, that creates both a grave challenge and a major opportunity: innovation must come not just in tools, but in mindset, architecture, and culture.
Conclusion
As Nigeria and the rest of the world push to digitise and adopt AI technologies, Luttwak’s message carries urgency: speed without strong security controls is an invitation for attackers. Companies must act now—embed security early, adopt robust architectures, and train people—not as a checkbox, but as core to how they build. Because in this game, today’s “nice-to-have” security features will be tomorrow’s lines of defence.
Join Our Social Media Channels:
WhatsApp: NaijaEyes
Facebook: NaijaEyes
Twitter: NaijaEyes
Instagram: NaijaEyes
TikTok: NaijaEyes
