AI is Getting Personal

AI Spotlight
The top use cases for AI…are personal.

AI is now embedded in many people’s daily lives and routines. Even more so than when you got your first Tamagachi. Instead of feeding and entertaining your digital friend, you’re having full fledged conversations with AI chatbots. Of course, you aren’t forgetting your manners either, you’re saying “please” and “thank you,” even if it’s costing OpenAI millions.

Let’s get more specific. How are people using GenAI in 2025? March Zao-Sanders asked that question and wrote an HBR article based on this research.

The top GenAI use case surprised me. It was for personal and professional support, which moved to the top spot from third last year. The prior year’s winner was technical assistance and troubleshooting, which dropped to fourth this year.

Let’s get personal and dig a layer deeper. The #1 use case was for therapy/companionship, and #3 was for finding purpose in life. I didn’t expect either of these, but I can see the positives.

It’s great that AI is lowering the barrier of entry to getting help. Mental health is not something to mess with but people struggle to seek out the help they need. I think people are leaning into this with AI because it removes the perceived embarrassment or shame in asking another human for help. You essentially remove the risk of judgement.

Studies have shown that the fear of being judged, like during public speaking, runs deep in humans. It ties back to humans being social creatures, and “anything that threatens our status in our social group, like the threat of ostracism, feels like a very great risk to us.” Without the group, the chances of survival go down.

One thought I can’t shake is whether AI takes us further from the answers we seek. It’s almost ironic that we are leaning on machines to guide us in seeking our purpose in human life. It’s almost as if The Hitchhiker’s Guide to the Galaxy is playing out in real time with trying to understand “the meaning of life, the universe, and everything." Spoiler, it’s 42.

If we as humans are social animals, part of finding these answers may be building connections with other humans and actively working through that together. That journey ultimately gives meaning and purpose in what we do.

Wow, that got heavy. I wasn’t sure this would go when I started writing, but it gives you a lot to think about. Let’s start by looking out for each other, remembering how to build human connections, and working past our differences in opinion. A chatbot can suggest how to do that, but you need to be put into practice with other humans.

So, disconnect from the chatbot for a bit and go talk to another human today.

Security Deep Dive
Some Attackers Have One Job

The cyber criminal ecosystem is one of specialization. Gone are the days where one hacker did it all. Why become an expert in hacking into someone’s company, when you can pay someone else to do that for you?

Hello, Initial Access Brokers (IABs). They specialize in hacking into organizations. They’ll run Internet-wide scans to find vulnerable network devices or brute-force logins with weak credentials. Then, they sell that access to a cyber criminal wanting to take it further. A recent CyberInt IAB report shed light on this market. So let’s explore.

Remote access is an IAB’s BFF. Windows Remote Desktop (RDP) remains a top seller. No shocker there. Anyone still leaving RDP Internet accessible probably isn’t paying attention to security. The astute eye will see that spike in VPN sales in 2024. You can thank certain VPN vendors for that. Per a Forescout report, 20% of exploited vulnerabilities in 2024 targeted VPNs. Ouch.

Any vulnerability in remote access tech can be a gold mine for IABs. They scan the Internet and collect compromised companies like Pokemon cards.

More supply means low prices. Cyberint found that 58% of IAB listings were less than $1,000. The higher priced items typically reflect some larger companies that could fetch a higher ransom for encryption or data theft.

The average ransomware affiliate looking to make a few spare million can forego that fancy new pair of $1K shoes they want, and instead opt to purchase access to a company. If we take BakerHostetler’s average $500K ransom payment figure from their latest annual report, that $1K investment is a very nice return.

You’re not special. I’m sorry to go against what your mom told you. IABs don’t care about who you are when they start their campaign to hack companies in bulk. They’re just looking at your tech and whether it’s hackable.

It’s like going to Costco without knowing what free samples they will have. You secretly hope it’s mozzarella sticks, but you’ll figure out what they have when you get there and adjust your excitement level in the moment.

I give that background, because the “most targeted” industries can sometimes be a misnomer. I think of these stats as the most vulnerable industries AND maybe the industries IABs prefer. It’s not that they are always actively targeting specific industries. And don’t forget that the total number of companies in each industry can skew these numbers.

You don’t see many dolphin trainers getting hacked. It’s not because they’re more secure or have a clear mission-driven porpoise. It’s because there just aren’t many of them. That and VPNs don’t work well underwater, so I’m told.

As for the size of the impacted companies? It ranges, but Cyberint saw companies between $5M - $50M made up 60% of IAB offerings last year.

Remember, IABs dont’ target you, they target the tech you’re running. As one example, Fortinet VPNs have had a rough couple of years with tons of new vulnerabilities constantly popping up. Per Enlyft, 46% of Fortinet’s customers are <$50M in revenue. Coincidence?

Security & AI News
What Else is Happening?

🤣 Some jokesters in Silicon Valley reprogrammed walk signs to play deepfake audio of Mark Zuckerberg and Elon Musk. This is possible because the devices are often secured (or not) with default passwords. This reminds me of when, years ago, people reprogrammed road signs because, again, they had default passwords.

🦅 We always hear about nation-states hacking into other countries, but you don’t usually hear about the US doing it. Of course they are! China accused the NSA of carrying out cyberattacks against the Asian Winter Games. The claimed motives are weird, specifically that they attempted to disrupt the “smooth running of the Games.” It’s a weird thing to flex on, especially when we know China has been hacking US companies for years stealing R&D secrets.

🧸 Nation-states are adopting cyber criminals’ favorite new toy, ClickFix, to gain initial access into their targets’ networks. ClickFix is a basic technique where a phishing website prompts the victim to run code on their system through the Windows run command. That code is typically something that downloads a backdoor to their system. It’s a tactic that became popular with infostealers. It’s working as nation-states like North Korea, Russia, and Iran add it to their toolkit.

❌ Google is using AI to fight ad fraud. In 2024, LLM-supported analysis helped suspend 39.2 million accounts and stop 5.1 billion ads. Those are mind-boggling numbers. It’s a great example of how defenders can use AI to speed up their analysis.

🐕‍🦺 Here’s another AI-enabled pen-testing tool, Nebula. It’s described as “commanding a very diligent junior hacker.” It can help you automate specific tasks, like running a network scan and then taking steps to gain further information on what it finds. It’s still human-driven, but I don’t think we’re far off from some basic agentic AI pen-testing platforms.