Skip to main content

Enlightenment 2.0: LLMs are the New Cybersecurity Plague

By June 20, 2025Blog, Community

Contributed by: Kate Scarcella, Cybersecurity Architect

LLMs new Cybersecurity Plague

When I think of cybersecurity, I think of Michelangelo.

“I must let Moses out”!

We don’t know if he said this when looking at a giant block of stone, or after a set of tools were put into his hand. But either way, Moses was let out, with only a chisel and a hammer.

As it turns out, you don’t need much to make a masterpiece, but sometimes you need to take a step back. Right now, is one of those moments. 

We are in such desperate need to look at this period in our lives, much like the Renaissance that came after the Dark Ages. We are at a precipice. We will either be thrown back into the dark ages or have a period of enlightenment. We need our own renaissance—our own awakening—a digital Renaissance to give a safe birth to Enlightenment 2.0.

Renaissance 1.0

The Renaissance is considered a cultural rebirth, influencing areas of art, literature, and science. It is a period where we see all these foundational elements becoming one. 

One such representation that embodies these principles is seen in Leonardo da Vinci’s, The Vitruvian Man. The images of the circles and squares within the human body artistically and articulately represent science, mathematics, and art, all coming together.

Renaissance 1.0 pulls us out of the Middle Ages and provides us with some of the most remarkable human achievements in history, that would cross what would be referenced today as vertical industries. This period would give us not only Michelangelo but Cervantes, Machiavelli, da Vinci, Rafael, Copernicus, Galileo, just to name a few influential people of this time. People who were able to see a blank piece of paper and pour their thoughts that would transform these ideas into existence. 

The application of these ideas would usher in The Enlightenment, where there was a shift from classical learning to the application of intellectual capital that would promote the tenants of freedom, liberty, and hope for a future not filled with death (not only physical death but the death of our spirit). It would be the latter part of The Enlightenment that would launch us into the Industrial Revolution 1.0.

Why do we need to pause now?

I took a sabbatical from my job as a Cybersecurity Architect. And now that I’m back, every day feels like the movie Ground Hog’s Day. Nothing’s changed. 

Well not exactly…data breaches continue at an alarming rate and there are more tools and dashboards, providing cybersecurity teams with more visibility, but to what end?

Now cybersecurity teams are challenged by Artificial Intelligence (AI), which is supposed to help quickly identify threats, automate routine security tasks, and provide greater threat intelligence, all while reducing risk. And yet, we are still facing monumental breaches. Do we not need to ask ourselves why?

And we haven’t even begun to discuss Large Language Models (LLMs), while providing many benefits, they also come with greater security risks. 

LLM and the same threat. Rinse and repeat. There really isn’t anything new, nothing creative. As an example, the Apache Log4j vulnerability that compromised numerous systems, perfectly illustrates how a single component can impact the supply chain. We have already seen this very same threat with LLMs and supply chains and the impact could be greater and reach further than what we can imagine because of model poisoning. Model poisoning could use an LLM as an attack vector. An attack vector allows a system to be exploited, meaning the data or the system itself can be used to launch an attack. Imagine that! An LLM that is an attack vector. Good luck getting ahead of that threat.

We need a proper strategy, not one that continues to chase threats. If a heavy hitter in baseball comes to the plate, the opposing team will align themselves in the field to get ready. They will not know where the ball will be hit and they might not be able to catch it right away, but they know enough to ready themselves.  

Windmills to Wind Turbines

Let’s look at an example that crosses generations, such as windmills. Windmills have been in existence for a long time. During the first Renaissance, windmills were used for pumping water and grinding grain. Don Quijote, a character in Miguel de Cervantes novel, fights a windmill, thinking that it is a giant. Ironically today, windmills have become giants, giants that provide global energy. But these giants also come with multiple risks, such as Internet of Things (IoT) sensors that are vulnerable to attacks or cyberattacks on turbine operations.  

However, I believe the greatest risk posed to windmills lies with LLMs that are used to forecast wind patterns, which relies heavily on data. Data is used to train LLMs, which then can be applied to help in predictive maintenance, improved efficiency of operations of a wind farm, and forecasting weather patterns that then provide details to help in energy production.

But before we continue, we need to understand that this is another instance that we are looking at a similar threat now being used in LLMs. Threat actors are using “backdoors” to introduce malicious data points which will degrade performance and impact downstream operations. The keyword is backdoors…we have been dealing with backdoors as a vulnerability within applications for decades. 

What now? 

Enlightenment 2.0 brings so many benefits with an equal amount of challenges. While stated above that Enlightenment 1.0 would birth the Industrial Revolution 1.0, Enlightenment 2.0 has birthed the Industrial Revolution 5.0. Industry 5.0 is focused on human/machine teaming that will increase productivity, efficiency, and sustainability.  

Ground-breaking potential is here, but we can’t build a strategy while sprinting to make a better AI than our competitors. We need to work together to equip everyone with a few key tools first.

That’s what I want to do. Meet me at cdCon next week, June 23–25 to talk about cybersecurity, and let’s make a difference so we can stop reliving the same day and change our path from X to Y. 

Can’t make it to cdCon? Join the Cybersecurity SIG.