Just 1 in 5 companies say they're very well prepared to defend against high-volume AI-powered bot attacks, according to an Arkose Labs survey released today.

Why it matters: Companies have only seen the beginning of how AI-enabled tools will change the threat landscape — both for attackers and defenders.

• If companies fall behind, it will be harder for them to defend against the promised influx of sophisticated AI-enabled threats.

By the numbers: 56% of respondents said generative AI has increased the frequency of cyber threats against their company — and the same percentage said generative AI has made these threats more sophisticated.

• 88% of respondents said their company has faced more AI-powered bot attacks in the last two years — outpacing the growth of "basic bot attacks," per the survey.
• The fintech, technology, aviation and hotel industries were the most concerned on average about generative AI-based cyber threats targeting their businesses.
• Arkose Labs surveyed 188 U.S.-based cybersecurity professionals from Sept. 3-23. Each respondent held at least a manager-level position.

The big picture: Two years into the generative AI revolution, companies are still trying to figure out how the technology will affect their cybersecurity strategies.

• About half of the respondents said they didn't have enough personnel with both AI and cybersecurity expertise.
• "Everybody recognizes that they're in catch-up mode," Frank Teruel, chief financial officer at Arkose and a co-author of the survey, told Axios.

Zoom in: Arkose is seeing several types of AI-powered bot attacks, Teruel said.

• One includes attackers using identities leaked on the dark web to create accounts for certain online retailers to take advantage of monetary sign-up bonuses.
• In another, scammers will use those same credentials to get a bot to log in to legitimate loyalty accounts and cash out all of the points in gift cards.

The intrigue: Executives and lower-level employees have opposite views on AI preparedness.

• 12% of C-suite officers and vice presidents are confident in their company's preparations, while 12% of senior directors and managers say they're stressed about the preparedness.

Between the lines: Companies that are already deploying AI security tools are the most likely to feel confident in their ability to fend off attacks, according to the survey.

• Arkose considers 26% of respondents AI enthusiasts, and those respondents were three times more likely to say their organization is "very well prepared" for AI attacks.
• Those respondents are already integrating AI into their workflows to predict security threats, automate certain tasks, and continuously monitor their infrastructure.

Yes, but: AI enthusiasts are also more likely to say they are concerned about associated security threats.

• 81% of enthusiasts said their organization has seen more sophisticated threats thanks to AI tools, compared with 48% of non-enthusiasts who said the same.

The bottom line: Companies can use AI to get a better sense of the threat landscape, identify any AI-enabled attacks, and stay ahead of evolving attack tactics, Teruel said.

• "It's both a scary technology in the hands of the adversary and an incredibly powerful, enabling technology if you're in the fight," he said.

CrowdStrike has identified a brand-new China-linked cyber-espionage operation that's infiltrating telecommunications networks, according to a report first shared with Axios.

Why it matters: China has shown a new willingness to spy on its adversaries using whatever means possible — putting any remaining diplomatic relations between Beijing and the rest of the world in jeopardy.

Zoom in: CrowdStrike has discovered a new China-linked hacking group that's been targeting telecommunications networks since at least 2020 to spy on customers' text messages and phone call metadata.

• The group, which CrowdStrike is calling Liminal Panda, has also built custom hacking tools to exploit the industry's interoperable capabilities, allowing calls to other networks to breach additional telecommunications entities.
• So far, CrowdStrike has mostly seen evidence of Liminal Panda spying on networks in Southeast Asia and Africa.
• Liminal Panda has likely targeted unidentified networks to spy on officials living in these regions, CrowdStrike said. But the group may also be targeting individuals traveling through the region.

Threat level: The hackers may have also used their access to these networks to breach networks around the world, Adam Meyers, senior vice president of counter adversary operations at CrowdStrike, told Axios.

• Liminal Panda's tools were also specifically built for bulk collection, Meyers said, meaning it could search network data for certain keywords.
• "They have lots of ways that they can use that access to target anything that is along the lines of their collection mandate," he noted.

Driving the news: Meyers is testifying today about China's hacking threats before the Senate Judiciary Committee's privacy subcommittee.

• He plans to go into more detail about Liminal Panda throughout his testimony.

Catch up quick: Liminal Panda is separate from the recently uncovered Salt Typhoon campaign targeting U.S. telecommunications providers.

• Salt Typhoon is believed to have targeted President-elect Trump, VP-elect JD Vance and other U.S. government officials. The hackers likely also stole audio from phone calls during those intrusions.
• T-Mobile is the latest U.S. mobile carrier to say it was a victim of Salt Typhoon.

The big picture: China has been eager to sow digital chaos in the U.S. and beyond in recent years — especially as it prepares for a possible invasion of Taiwan.

• Stealing state secrets may help China figure out how the U.S. would come to Taiwan's aid, and causing mayhem could undermine politicians' ability to provide aid in such an event.

What we're watching: Trump's cyber policy is still in flux as the transition gets underway — but he's already tapped a handful of well-known China hawks for notable positions.

Microsoft is sharing details today about new cybersecurity features that will both help bricked Windows devices recover faster and alter how companies access the root of the Windows system.

Why it matters: The changes will likely help prevent another global outage similar to the CrowdStrike incident in July.

Driving the news: Microsoft is hosting its annual Ignite event today in Chicago, where it is unveiling a suite of features and tools for its products.

• That includes changes to how tech and cyber vendors can operate their tools on Windows without having to access the kernel, the deepest level of Windows access.

Zoom in: Under the new Windows Resiliency Initiative, Microsoft is working to create a new recovery environment for Windows that will help devices come back online faster if they're knocked offline.

• Security partner companies will have to conduct additional security and compatibility testing before pushing out updates to make sure they find any bugs early.
• Microsoft is also working to develop new tools to let security product developers build products, including antivirus products, that can operate within user mode, outside the kernel.

Yes, but: Some of these product updates were in the works before the CrowdStrike outage, Pavan Davuluri, corporate vice president of Windows and devices, told Axios.

• "For sure, there are learnings for us from the incident in July," he said, but he noted that much of this work also started when the company began building Windows 11.

Catch up quick: Microsoft hosted several partners at its Redmond, Washington, headquarters in September to discuss ways to update the security of the kernel.

The big picture: Microsoft's cybersecurity practices have come under intense scrutiny in the last year.

• Last November, the company unveiled its Secure Future Initiative, which overhauls the company's internal culture and implements a range of cybersecurity protections.

Additional Microsoft security announcements include:

• Rolling out Microsoft Security Exposure Management, a tool that helps companies measure and monitor potential cyber threats, to all security customers.
• Adding new controls to Copilot to prevent leaking sensitive information to users.
• Adding new capabilities for remote, secure password deployment in Microsoft's Edge browser.
• Extending its bug bounty program with an in-person event, called Zero Day Quest, where $4 million in awards will be doled out to those who find flaws in the company's cloud and AI products.

@ D.C.

🏛️ Trump has tapped Brendan Carr to lead the Federal Communications Commission. (Axios Pro)

🇷🇺 A look at how former U.S. Rep. Tulsi Gabbard, Trump's pick to run the intelligence community, became a darling of Russian propaganda outlets. (New York Times)

🤖 The U.S. Patent and Trademark Office has banned internal use of generative AI tools unless they're used in a controlled testing environment, citing security concerns. (Wired)

@ Industry

👨🏻‍⚖️ X, formerly Twitter, is suing the state of California to block a new law that requires social media companies to remove or label deceptive election deepfakes. (L.A. Times)

@ Hackers and hacks

⚠️ Palo Alto Networks has issued patches for two critical security flaws in its next-generation firewalls that hackers are actively targeting. (BleepingComputer)

🚔 Russian national Evgenii Ptitsyn is being extradited to the U.S. from South Korea to face charges alleging he administered the Phobos ransomware. (CyberScoop)

🪙 Heather "Razzlekhan" Morgan — half of the husband-and-wife duo that pled guilty to stealing $10.8 billion worth of bitcoin in the 2016 Bitfinex hack — was sentenced to 18 months in federal prison. (Axios)

John Oliver broke down the national security and data security concerns surrounding TikTok in the latest episode of "Last Week Tonight."

• The episode also introduced me to this new single from Mark Zuckerberg (yep, there's only one) and T-Pain that I was blissfully ignorant of until Sunday.