Summary: In 2024, credential stuffing attacks surged due to a blend of infostealer infections and extensive data breaches, marking a troubling trend in cybercrime. The emergence of AI agents, specifically Computer-Using Agents, presents a new challenge, enabling attackers to automate credential exploitation on a large scale without needing extensive coding. This shift towards automation amplifies existing vulnerabilities within identity systems, making credential-based attacks easier and more pervasive than before.
Affected: Organizations relying on SaaS applications and identity management systems
Keypoints :
- Credential stuffing attacks were fueled by billions of stolen credentials available online, significantly impacting web application security.
- The introduction of Computer-Using Agents like OpenAI Operator allows for the automation of credential attacks, making them accessible to low-skilled attackers.
- Many organizations are vulnerable due to password reuse and misconfigured identity systems, which attackers can exploit at scale using advanced automation.
Source: https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html