Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Local founders say the country’s payments reboot and AI breakthroughs could put B.C. at the centre of financial innovation. One day before the Bank of Canada announced it had approved the country’s first payment service providers under the new Retail Payment Activities Act, leaders from Vancouver’s growing sector gathered for a conversation that felt prescient. At.

In today’s fast-moving digital world, the adversary has evolved — threats aren’t just more frequent, they’re smarter. Artificial Intelligence (AI) is no longer only a force for good. Threat actors now leverage AI-driven methods to automate attacks, craft human-like deception, and exploit blind spots in organizations relying on outdated defenses.

The first time it happened, nobody noticed. An automation reconciled a ledger, logged its success, and shut itself down. The token that made it possible looked harmless. Tidy, legacy, supposedly scoped “just enough.” But a week later, refunds ghosted, dashboards blinked, and audit logs told three different versions of the truth. And that token? Not a token at all. More like a Fabergé raptor egg sitting in a server room. Not decoration. Incubation. Of chaos.

A study from Malwarebytes has found that one in three mobile users has been targeted by an extortion scam, and one in five of these users has fallen victim. Additionally, one in six users has been targeted by sextortion, with a higher number of these attacks (38%) affecting Gen Z users.

Human error remains the primary exploitation vector in mobile security incidents, according to Verizon’s latest Mobile Security Index (MSI). “At 44%, user behavior is the top cited breach contributor, just ahead of app threats, network threats, and internet threats, which were each cited by 43% of survey respondents,” the report says.

AI maturation is leading to more malicious hacking attacks. Like thousands of cybersecurity thought leaders, I’ve been speaking about AI being used maliciously since OpenAI released ChatGPT in November 2022. I’m far from alone. The entire cybersecurity industry has been warning about it nonstop. We’ve known that as AI progresses, attackers would use those same productivity features, thereby harming us.

Application Security Testing (AST) services use automated tools and manual techniques to find and fix security vulnerabilities in software, integrating security into the entire development lifecycle (SDLC) to prevent threats and protect applications from attacks. Key services include Static Application Security Testing (SAST) for code-level analysis, Dynamic Application Security Testing (DAST) for runtime testing, and Interactive Application Security Testing (IAST) which combines both.

AI has transformed both how attackers operate and how defenders must respond. Today’s adversaries use AI to shift tactics in real time, forcing defenders to react at unprecedented speed. Many SOCs struggle to keep pace due to the limits of legacy automation. Even the most mature playbooks can’t anticipate every scenario or data variation, because playbooks are predictable — but adversaries aren’t.