Current "AI" models need to be TRAINED. This can be a
complication, esp when there is a lot of variation in
what it's supposed to be looking for. Even tomorrows
"self-training" AIs - a possible bridge to true
e-sentience - might have problems UNLESS the targets
were pretty standard.
Commercial services like SolarWinds and M$ and friends
DO offer a lot of 'standard' aspects. This makes them
especially vulnerable. Clearly a way, per the news, was
discovered (by mere humans). It'd become a lot faster
and easier once AIs became involved. Current AIs can
become VERY good at emulating humans - which will
greatly facilitate "human factor" approaches. Very
"human seeming" correspondence over e-mail, even
over phone, can be created. Will fool almost anyone.
Note the vast increase in phony "abduction" scams
and "grandmother" scams. A person in my office called
and said she'd been kidnapped and money should be
beamed to a yet-to-be-specified account. Thing
is she was busy, in her office, seemed surprised
she'd been kidnapped. SOUNDED convincing, used
something close to her voice. An AI attack. Passed
it along to the cops - who, no surprise, could not
do anything with it. Might have originated in
Romania for all I know.
That was a couple years ago. It'll get better and better -
soon to include 'live' video no doubt - they just need a
few photos they find online. SAME approaches can be used
to scam people out of access codes and such. People ARE
the weakest link. Forget your OWN skills - think "barely
competent button-pushing people". These days THEY are
the real gate-keepers. All for 'convenience" ...
Enemies have MANY routes ... and, being the instigators,
defenses will always be behind the curve. Some kind of
CyberDoom awaits.
Oh, you can't really eat gold coins ... a basement
full of dried beans might be better :-)