A group of researchers from New York University has developed what is believed to be the first AI-powered ransomware, named Ransomware 3.0. This proof-of-concept malware, designed to perform a full-scale ransomware attack, utilizes advanced large language models to create personalized and targeted attacks on specific files, making it harder to detect and defend against. The AI system generates customized scripts that map IT environments and identify valuable data to extort. During testing, the malware was mistakenly flagged as a real threat when it was uploaded to VirusTotal, leading to an influx of media coverage. According to researcher Md Raz, while the binary is not functional outside a lab setting for now, the incident highlights a growing trend where cybercriminals are increasingly leveraging AI tools in their operations. The researchers caution that the ease of creating such attacks indicates that real attackers may already be working on similar technologies.
Microsoft has begun enforcing multifactor authentication for Azure Portal sign-ins across all tenants, a move that has been in effect since March 2025. This initiative is part of a broader strategy to enhance cybersecurity, following a 2023 announcement that emphasized the necessity of mandatory MFA for all users accessing Microsoft admin portals, including those for Azure, Microsoft 365, and Exchange. According to a Microsoft study, accounts protected by multifactor authentication are 99.99% effective at thwarting hacking attempts, reducing the risk of account compromise by 98.56%. As Microsoft aims for 100% adoption of multifactor authentication.
Why do we care?
So here’s the contrast—researchers demo AI-powered ransomware, basically showing us what the bad guys could already be cooking up. It’s not active in the wild yet, but the point is clear: AI makes it easier and faster for criminals to customize attacks. Meanwhile, Microsoft’s going the other way—MFA is now mandatory for Azure. And let’s be honest, this shouldn’t have been optional for a while, and need to be everywhere. Microsoft’s forcing the baseline up, whether users like it or not.
The middle is where IT services providers live. You’ll be asked to calm users who complain about MFA, and you’ll need to explain why the AI threat means better defenses aren’t negotiable. The providers who win here aren’t hyping the scary headlines—they’re making this transition painless for their clients.