MIT Sloan Quietly Shelves A.I. Ransomware Study ⇥ doublepulsar.com
Thomas Claburn, the Register:
Do 80 percent of ransomware attacks really come from AI? MIT Sloan has now withdrawn a working paper that made that eyebrow-raising claim after criticism from security researcher Kevin Beaumont.
The Generative AI craze started in 2022. It’s over 3 years in. If you ask any serious cyber incident response company what initial access vectors drive incidents, they all tell you the classics — credential misuse (from info stealers), exploits against unpatched edge devices etc.
This isn’t a theory — this is from the actual incident response data of the people responding to cyber incidents for a living. I do it. Generative AI ransomware is not a thing, and MIT should be deeply ashamed of themselves for exclaiming they studied the data from 2800 ransomware incidents and found 80% were related to Generative AI. There’s a reason MIT deleted the PDF when called out.
The original article was covered by Efosa Udinmwen at TechRadar, claiming “only 20% of ransomware is not powered by A.I.”, while the controversy was covered by Efosa Udinmwen at TechRadar — hey, that sounds familiar — saying it was “cited by several outlets” though “the report drew immediate scrutiny for presenting extraordinary figures with little evidence”. Which is a weird thing because Udinmwen does not mention TechRadar’s original coverage, nor link to it, nor is there sufficient skepticism in the original article, nor has there been an update to include a link to the new article pointing out it is nonsense.