New research from Panaseer shows that increasing use of artificial intelligence (AI) and IT complexity may lead to greater toxic combination challenges. According to the report, 82% of security leaders believe AI will increase challenges associated with toxic combinations. Furthermore, 92% believe the growing IT complexities are also contributing to toxic combination challenges.

Marc Möesse, Chief Product Officer from Panaseer, elaborates on the term ‘toxic combinations,’ saying, “The term ‘toxic combinations’ originates from pharmacology, where mixing certain drugs can have deadly effects. In cybersecurity, it describes the compounded risks when multiple security weaknesses overlap, creating layer upon layer of risk. Almost all breaches result from some form of toxic combination. For example, a user who has failed multiple phishing tests might have access to critical systems and an exploitable vulnerability on their device. Individually, each risk is relatively minor, but combined, the risk increases considerably. The whole is markedly greater than the sum of its parts. Now with AI, attackers can create more sophisticated attacks with minimal effort, so there is a greater chance that attackers will uncover and exploit toxic combinations.”

Essentially, a device with multiple security flaws present is a device with a toxic combination. Malicious actors often seek to exploit toxic combinations because they can be harder to identify than individual vulnerabilities. 

https://www.securitymagazine.com/articles/101236-82-of-security-leaders-say-ai-may-raise-toxic-combination-challenges