Hackbots Now Pose the Biggest Cloud Security Risk, With Attacks Done in Minutes

Bots and automated hacking tools have rapidly become the leading threat to cloud security, allowing cyber criminals to steal credentials, move money, and launch other attacks with unprecedented speed. According to Sergej Epp, Chief Information Security Officer at Sysdig, attackers are using automation to exploit misconfigurations and deploy more complex attacks — including installing cryptominers and moving laterally within organizations.

This wave of automation has drastically reduced the time hackers need to breach systems: while human attackers are typically detected after days, hackbots can exfiltrate sensitive data in as little as five minutes. Epp predicts that these attacks will only become more sophisticated as hackbots are powered by large language models (LLMs).

Epp warned that companies lacking sufficient cybersecurity resources — what he calls those "under the cyber poverty line" — will be especially vulnerable. He advised organizations to take immediate action by inventorying all cloud assets, identifying and fixing misconfigurations, and implementing continuous security monitoring. Real-time detection and response are vital to match the speed of automated threats.

The growing pressure for businesses to quickly adopt Artificial Intelligence (AI) heightens the risks. Epp noted that most organizations focus on the security of AI models; however, the greater concern is within the supporting infrastructure. With over 1.8 million models available on platforms like Hugging Face, blind trust in third-party models is dangerous. Basic antivirus scans are ineffective, and there's currently no technical solution for certain AI-focused attacks, such as prompt injection.

Threats can even be hidden within seemingly innocuous files, such as shared documents or PDF invoices processed by AI. To counter this, AI workloads must be protected with runtime security — including zero trust principles, defense-in-depth, and runtime agents inside every container to detect and halt abnormal activity.

Complicating things further, the ephemeral nature of the cloud means that 60% of containers exist for less than a minute, making real-time protection and intelligent data collection essential. Epp emphasized the importance of collecting and analyzing the right data subset, and highlighted the need for smarter, autonomous solutions that can recommend and implement security measures rapidly.

The consequences of failure are asymmetric: while a hacker’s mistake is easily forgotten, a defender’s error could have severe financial and reputational consequences. To keep pace with evolving threats, Epp stressed: "We need to speed up the adoption of security controls. To go fast in business, we need to go fast in security as well."