“Zero day” is the alarm raised by the European Central Bank on the criminal use of artificial intelligence, which penetrates cyber defenses without the possibility of erecting a shield. The focus is on powerful models created by Anthropic such as Mythos, which would be able to identify flaws in banking IT systems, decode updates to correct vulnerabilities, quickly transforming them into Trojan horses. It is no coincidence that the latest products of the leading AI company, founded by the Italian-American brothers Dario and Daniela Amodei, Fable 5 and Mythos 5, were banned from access “for any foreign citizen” by the US government in mid-July.
Artificial intelligence is sending passwords into the attic and quantum computers will do the rest. An IT expert, who prefers to remain anonymous, confirms to Panorama: “If with a normal PC it would take you 100 years to crack an AES encryption, the global standard for data encryption, a quantum one will do it in 2-3 seconds.”
For the average citizen, digital security above all means passwords for e-mail, online or mobile banking, health services, online purchases and social networks. «Passwords have accompanied us for decades, but today they show all their limits. They are fragile, often misused and increasingly exposed to theft and scams. In the medium term, quantum computing will make the transition to more advanced authentication systems even more urgent” Anna Vaccarelli, president of Clusit, the Italian Association for IT security, underlines to Panorama. Within 5 years they could become obsolete. “There is a fantastic site with the most used passwords,” he recalls. «The first is 1234567, but the date of birth, the name of the dog, the city where you live or other trivial ones like “admin” are also popular, in second place. If you can remember it, it’s not good.”
AI takes advantage of the very fast ability to associate words, letters and so on. The current defenses, within everyone’s reach, “are applications that generate complex passwords every time, such as Authenticator (downloadable to your mobile phone, ed.), but initial access can also occur only with facial recognition or fingerprint”.
David Gubiani of Check Point Software Technologies, which provides cybersecurity to companies and governments, claims that «passwords were once the keys to the castle. Today they are a resource at risk, the subject of intense traffic on the Dark Web.” Where there is a real price list: a hacked Facebook account is sold for around 45 dollars, decreasing due to the excess supply of stolen data. Gmail’s goes up to $60-65. The “secret” CCV number on credit cards sells for even less, from 10 to 40 dollars. Access to online banks varies from 200 to 1,700 dollars, depending on the size of the balance. The most profitable market is that of corporate networks: average prices are around 2,700 dollars, but administrative access with high privileges has also been sold for 113 thousand dollars. Ironically, the most massive flaw concerns a multitude of employees, who accidentally enter sensitive company information directly into AI tools. In March of this year, according to Check Point Research, «1 in 28» instructions or textual requests to artificial intelligence models such as ChatGPT, Gemini, Claude or others “sent from corporate environments presented a high risk of sensitive data leakage, impacting 91% of organizations that regularly use generative artificial intelligence tools”. Not only that: subscriptions to malware, high-level computer programs for information theft, such as LummaC2 or RedLine, are trivially for sale (they cost from 100 to $1,024 per month). Even a novice cybercriminal is capable of “stealing” millions of passwords.
The evolution of Artificial Intelligence is opening a new era of cyber theft and even more dangerous use in hybrid warfare. «A colleague who is an expert in cybersecurity made a video falsely animating my image while I was speaking at a conference. He made me sing and today he would also be able to make me dance” says the president of Clusit, founded in 2000 at the Department of Computer Science of the University of Milan. It represents over 700 organizations belonging to all sectors of the country system.
The case involving the Minister of Defense, Guido Crosetto, “cloned” to obtain money from people is known, in cyber literature, as the “secretary attack”. A supposed assistant to the CEO, who calls the company’s information technology manager to ask for account access passwords.
«Until two years ago, Deepfakes were unable to perfectly replicate the human voice and figure» observes Vaccarelli. «One of the weak points were the hands created with four or six fingers. Now they are overcoming errors, thanks to AI and we are witnessing science fiction scenarios.” In the “decapitation” offensive of the Iranian leaders, the Israelis would have cloned ayatollahs and commanders of the Pasdaran to confuse the enemy or make the real objectives converge in a specific bunker.
At a lower level, an American site has just been blocked, visible in Italy, with an “Images Jobs politician” section which contained photos of the first lady Melania Trump, the prime minister Giorgia Meloni, the secretary of the Democratic Party Elly Schlein, the president of the European Commission Ursula von der Leyen, perfectly generated by AI in explicit sexual poses. There has been a 3,000% increase in Deepfakes since 2024, thanks to basic subscriptions for voice and visual cloning, which cost just a few dollars. A single video call with the company’s CFO and other cloned senior executives cost an engineering firm $25.6 million. For voice cloning, 3 seconds of original audio is enough and in 2025 it surpassed the “indistinguishability threshold” according to Fortune magazine.
Gubiani warns: «Looking to the future, corporate security will depend on verifying behaviors, not just a string of characters». Scam attempts are within everyone’s reach and we are now at Phishing 2.0: personalized AI-based kits, sold for less than 100 dollars a month on Telegram, which multiply the possibilities of convincing the unsuspecting user to share passwords via the Internet by impersonating the bank, the post office, the Revenue Agency and so on. The defenses, even on cloning thanks to artificial intelligence, are dictated by common sense and specific training on cybersecurity. «A Ferrari manager received a call with the voice of a dear friend who was looking for help» says Vaccarelli. The evolution of the fake agent or rescuer who calls the grandmother saying that her grandson has been arrested or has had a serious accident and a bank transfer needs to be made to save him or get him out of trouble. «At the beginning the manager had no doubts» explains President Clusit «but then he decided to ask “which book did you recommend to me two days ago” and the AI was not able to answer».
Some states are intercepting and storing data, which is protected by cryptography today with the aim of deciphering it in the future, when quantum computers are powerful enough.
The Israel Defense Forces announced the creation of a new special unit, Alumot (beam of light), dedicated to developing artificial intelligence and information processing capabilities. Not for missile defense, drone attacks or deception of Iranian leaders, but directly for the troops engaged on the battlefield.
«The Deepfakes with AI that generate Melons in sexy poses or the former president Obama who releases shocking statements, never actually uttered, use increasingly advanced systems» the president of Clusit raises the alarm. «Professionals, who are not always cyber criminals interested in money, but also activists with specific motivations and political objectives».
