AI‑Enabled Threats Spotlighted at RSAC Cryptographers Panel: Risks to Code, Data, and Cryptography
What Happened – At the 35th RSAC Cryptographers’ Panel, leading researchers warned that rapidly advancing AI agents can discover zero‑day vulnerabilities, manipulate codebases, and expose sensitive personal data. The discussion covered differential‑privacy defenses, embedding cryptography in neural nets, and key‑management challenges for quantum‑ready systems.
Why It Matters for TPRM –
- AI‑driven tooling may become a supply‑chain vector, compromising third‑party software and services.
- Differential‑privacy and cryptographic safeguards are still nascent, increasing the risk of data leakage for vendors handling regulated information (e.g., HIPAA).
- Quantum‑era key‑management adds long‑term uncertainty for encryption‑dependent contracts.
Who Is Affected – Technology SaaS providers, cloud‑infrastructure firms, AI‑code generation platforms, cryptography vendors, and any organization that outsources software development or relies on third‑party APIs.
Recommended Actions –
- Review third‑party AI‑assisted development tools for secure‑by‑design controls.
- Validate that vendors employ differential‑privacy or homomorphic‑encryption techniques where personal data is processed.
- Update key‑management policies to include quantum‑resistant algorithms and rotation practices.
Technical Notes – The panel highlighted that AI agents can scan open‑source repositories to locate exploitable bugs, but no public AI‑generated cryptographic break has been demonstrated yet. Threat models must now incorporate “agentic AI” as a potential adversary, and key‑management solutions must address both classical and post‑quantum requirements. Source: DataBreachToday