MIT releases, then quietly removes, nonsense AI cybersecurity paper

submitted by
edited

pivot-to-ai.com/2025/11/03/mit-releases-then-qu…

The paper is absolutely ridiculous. It describes almost every major ransomware group as using AI — without any evidence (it’s also not true, I monitor many of them). It even talks about Emotet (which hasn’t existed for many years) as being AI driven. It cites things like CISA reports for GenAI usage … but CISA never said AI anywhere.

Safe Security just happen to sell an agentic AI product, which they tout as being developed with MIT, and they wave this paper around as evidence of the imaginary AI ransomware problem they claim their product can totally fix.

Kevin notes that a pile of MIT academics, including Michael Siegel, director of CAMS and lead author on this paper, happen to be on the Safe Security advisory board. This conflict of interest is at no point disclosed in the paper… The paper finishes by recommending “embracing AI in cyber risk management”. Safe Security marketing material is cited in the references for the paper!

1
96
1

Log in to comment

Hot Top New Old

So, do they loose their job for such blatant abuse of their positions?

 reply
6

Comments in TechTakes@awful.systems

The only nice feeling here is that of every joke we science students made about the management school being validated.

 reply
23
edited

That’s quite a remarkable claim. Especially when the actual number of attacks by AI-generated ransomware is zero. [Socket]

If even a single case pops up, I’d be surprised - AFAIK, cybercriminals are exclusively using AI as a social engineering tool (e.g. voice cloning scams, AI-extruded phishing emails, etcetera). Humans are the weakest part of any cybersec system, after all.

The paper finishes by recommending “embracing AI in cyber risk management”.

Given AI’s track record on security, that sounds like an easy way to become an enticing target.

 reply
13

Does this extremely funny case count? Regular malware that asks claude what it should steal from your workstation, using your claude credentials. (This is the only thing remotely resembling an AI powered attack I’m aware of and its very silly)

 reply
2

(Looks at thumbnail)

If the lying machine doesn’t know how many r’s are in strawberry, it probably can’t count the number of counties in Ireland, either.

 reply
7