Yassin Watlal, Head of System Engineering and Solutions Architect META at CrowdStrike, shares key takeaways from GISEC 2025, shedding light on AI-driven cyber threats and defense innovations.
Dubai— During GISEC Global 2025, discussions centered on Artificial Intelligence (AI) and its transformative impact on cyber threats.
Yassin Watlal, Head of System Engineering and Solutions Architect META at CrowdStrike, offered insights to Tahawultech.com into the growing sophistication of cyber attackers using AI.
Yassin Watlal, Head of System Engineering and Solutions Architect META at CrowdStrike, offered insights to Tahawultech.com into the growing sophistication of cyber attackers using AI.
Watlal explored the evolving strategies to counter these advanced threats, from AI-enhanced phishing attacks to insider threats like Famous Chollima. Watlal shared valuable perspectives on how businesses could secure their systems and adapt to rapid technological innovations, addressing the evolving cybercrime landscape, AI’s role in defense, and practical security measures to mitigate risks.
Interview Excerpts:How was GISEC this year compared to last year, would you like to share some insights?
GISEC Global 2025 fostered significant engagement and insightful discussions this year, particularly focusing on the profound ways in which Artificial Intelligence (AI) is reshaping the landscape of cyber threats. Attendees actively participated in exploring the evolving tactics of threat actors leveraging AI, as well as the defensive strategies and innovative solutions being developed to counter these sophisticated attacks. The conversations delved into the implications of AI for various aspects of cybersecurity, including threat detection, incident response, vulnerability management, and security automation. The level of engagement underscored the collective interest and concern within the cybersecurity community regarding the transformative impact of AI.
What are the key findings from the 2025 GTR that you would like to share with us?
Current threat actors possess significant funding and meticulously planned objectives in their campaigns. A notable emphasis on identity threats has been observed, evidenced by a 50% increase in dark web advertisements offering compromised credentials. This has led to expedited attacks, with an average breakout time of 48 minutes, defined as the time for initial machine infection and lateral movement. The fastest recorded breakout time was 51 seconds.
Current threat actors possess significant funding and meticulously planned objectives in their campaigns. A notable emphasis on identity threats has been observed, evidenced by a 50% increase in dark web advertisements offering compromised credentials. This has led to expedited attacks, with an average breakout time of 48 minutes, defined as the time for initial machine infection and lateral movement. The fastest recorded breakout time was 51 seconds.
What is the role of Gen AI in modern cybercrime?
AI is utilised by cyber attackers to enhance their attacks, integrating it as a novel component within their global arsenal. Generative AI is primarily employed to refine emails prior to launching phishing campaigns, thereby improving their authenticity and appeal to recipients. Consequently, a significant increase in click-through rates has been observed, with AI-generated emails achieving a 54% click-through rate compared to a 14% rate for human-authored emails. This technology also reduces the skill threshold required for less sophisticated threat actors to engage in malicious activities.
AI is utilised by cyber attackers to enhance their attacks, integrating it as a novel component within their global arsenal. Generative AI is primarily employed to refine emails prior to launching phishing campaigns, thereby improving their authenticity and appeal to recipients. Consequently, a significant increase in click-through rates has been observed, with AI-generated emails achieving a 54% click-through rate compared to a 14% rate for human-authored emails. This technology also reduces the skill threshold required for less sophisticated threat actors to engage in malicious activities.
Can you tell us more about the insider threats like Famous Chollima? And what are some of the mitigation strategies companies can adopt?
The threat actor group Famous Chollima, based in North Korea, employs artificial intelligence to generate fraudulent applications, LinkedIn profiles, and candidate personas, meticulously crafting them to appear highly credible and attractive to recruiters and human resource personnel, aiming to secure employment. Furthermore, during the interview process, they utilize generative AI to formulate responses to questions, enabling them to successfully pass interviews.
The threat actor group Famous Chollima, based in North Korea, employs artificial intelligence to generate fraudulent applications, LinkedIn profiles, and candidate personas, meticulously crafting them to appear highly credible and attractive to recruiters and human resource personnel, aiming to secure employment. Furthermore, during the interview process, they utilize generative AI to formulate responses to questions, enabling them to successfully pass interviews.
“Instances have been reported wherein individuals associated with this group were hired, received company-issued laptops through intermediaries, and performed assigned tasks, effectively gaining insider access.”
Can you tell us more about the companies that can secure cloud and hybrid environments?
AI-native platform, such as the CrowdStrike Falcon platform, is crucial for effective cybersecurity. Integrating AI natively allows for the realization of its full benefits, particularly in enabling responses at machine speed. Given that attacks materialize rapidly, it is imperative to respond with equal speed. This ensures the ability to maintain a comprehensive understanding of the situation and effectively address threats in a timely manner.
AI-native platform, such as the CrowdStrike Falcon platform, is crucial for effective cybersecurity. Integrating AI natively allows for the realization of its full benefits, particularly in enabling responses at machine speed. Given that attacks materialize rapidly, it is imperative to respond with equal speed. This ensures the ability to maintain a comprehensive understanding of the situation and effectively address threats in a timely manner.
What did CrowdStrike exhibit at this year at GISEC?
We showcased our latest innovations, our Falcon platform, discussed Charlotte AI, our generative AI offering, and highlighted products that enhance the ecosystem.
We showcased our latest innovations, our Falcon platform, discussed Charlotte AI, our generative AI offering, and highlighted products that enhance the ecosystem.
What are the new technologies that will be integrated by CrowdStrike in the field of cybersecurity?
Artificial intelligence is progressively being integrated into various solutions, exemplified by the detection triage facilitated by Charlotte AI and the comprehensive agentic API, which significantly enhances efficiency for cybersecurity analysts. This implementation results in substantial time savings, approximately 40 hours per week for the team, by enabling the agentic AI to effectively differentiate between true positives and false positives, thus expediting response times and optimizing the deployment of AI in the defense strategy.
Artificial intelligence is progressively being integrated into various solutions, exemplified by the detection triage facilitated by Charlotte AI and the comprehensive agentic API, which significantly enhances efficiency for cybersecurity analysts. This implementation results in substantial time savings, approximately 40 hours per week for the team, by enabling the agentic AI to effectively differentiate between true positives and false positives, thus expediting response times and optimizing the deployment of AI in the defense strategy.
How is cybersecurity being integrated with this rapid technological innovation, and what security measures should businesses adopt in response?
Our focus is on ensuring resilience and maintaining a proactive stance against threats. We aim to alleviate routine operational burdens, thereby mitigating risks for our clients. All our efforts are directed towards preventing breaches and safeguarding customer interests by streamlining operational processes traditionally associated with legacy systems. We believe Agentic AI should be deployed to handle these tasks.
Our focus is on ensuring resilience and maintaining a proactive stance against threats. We aim to alleviate routine operational burdens, thereby mitigating risks for our clients. All our efforts are directed towards preventing breaches and safeguarding customer interests by streamlining operational processes traditionally associated with legacy systems. We believe Agentic AI should be deployed to handle these tasks.
Could you provide tips for best security practices?
We have observed attacks such as LLM jacking. When deploying AI, it is imperative to secure it throughout the deployment process, rather than deploying without security considerations. It is necessary to ensure the security of these new application layers. Regarding LLM jacking, if threat actors obtain cloud credentials, they can log in and execute queries within a subscribed LLM. This can result in increased costs and potential data exposure. Data could be compromised, and private knowledge could be extracted through techniques such as prompt injection. Securing AI and this new application layer is of significant importance. Crowdstrike can provide assistance in this regard.
We have observed attacks such as LLM jacking. When deploying AI, it is imperative to secure it throughout the deployment process, rather than deploying without security considerations. It is necessary to ensure the security of these new application layers. Regarding LLM jacking, if threat actors obtain cloud credentials, they can log in and execute queries within a subscribed LLM. This can result in increased costs and potential data exposure. Data could be compromised, and private knowledge could be extracted through techniques such as prompt injection. Securing AI and this new application layer is of significant importance. Crowdstrike can provide assistance in this regard.
