News
Icelandic Firm Syndis Investigates Cyberattack Allegedly Aided by AI

Icelandic security firm Syndis is investigating one of the most complex attacks it has ever examined, saying artificial intelligence was used to plan and accelerate the actions of a single attacker.
Contents
Icelandic cybersecurity firm Syndis is investigating an unusual and highly sophisticated network attack on a system in Europe, in which all the evidence points to artificial intelligence being used as a tool to assist the attacker.
Syndis, one of the leading security service providers for organizations across the Nordic countries, normally handles penetration testing and incident response. This time, however, the firm encountered a case that it says falls outside the typical pattern of cybercriminal behavior.
How the attack unfolded
According to the Syndis analysis, the attacker exploited a vulnerability rated 7.5 on the CVSS scale, classifying it as a high-level threat. Exploiting the flaw required very specific and complicated technical conditions, which is itself unusual for attacks carried out without the support of advanced analytical tools.
Investigators noted the way the attacker secured persistent access to the compromised system. Rather than relying on a single point of entry, the attacker created multiple parallel paths, so that if one were detected and blocked, control could be regained through another. This level of planning and redundancy is more often associated with advanced, long-term threat teams than with a lone attacker.
The role of artificial intelligence
According to Syndis experts, artificial intelligence was used at the stage of planning, developing and accelerating the attack itself. Analysis of the attacker's actions suggests a single person was behind them rather than an organized group, which makes the case especially concerning: AI tools appear to have allowed one individual to achieve a level of attack complexity comparable to the work of an entire team of specialists.
If these findings are confirmed, it could change the cybersecurity landscape in the coming years - Syndis experts quoted by RUV
Context of other AI-assisted attacks
The case investigated by Syndis is the latest in a series of signals in recent weeks that artificial intelligence tools are lowering the barrier to entry for sophisticated cyberattacks. Previously reported vulnerabilities in coding assistants, such as GhostApproval and the HalluSquatting attack exploiting language model hallucinations, showed how AI can be both a tool of attack and its target. The case examined by Syndis, however, directly involves the attacker's own use of AI to plan and carry out the intrusion, rather than a flaw in a specific product.
The company has not yet disclosed the victim's identity or the full scale of the damage, noting that the investigation is still ongoing. The absence of clear, publicly available evidence of the use of a specific AI model means some of the findings rest on circumstantial indicators, the speed and precision of the attacker's actions, rather than hard digital traces pointing to a specific tool.
For security teams in Poland and across Europe, the case is a warning sign. If a single attacker armed with AI tools can build attacks of a complexity once reserved for state-sponsored groups, standard risk-assessment models based on the number of people and resources involved may no longer be reliable. Security firms will need to update their detection methods for such patterns more quickly.
Sources: RUV (ruv.is), Visir (visir.is)


