AWS Transform brings assessment, migration, and modernization into a single AI-powered experience that guides enterprises through their full transformation journey. Today, AWS announces support for customer-owned Amazon S3 buckets, giving customers full control over where their transformation artifacts are stored and how they are secured.

With this launch, you can configure your own S3 bucket, optionally encrypt artifacts with your own AWS KMS key, and manage access policies through your own AWS account. Migration practitioners can upload files directly to their bucket for immediate use by transformation agents and centralize artifact storage across multiple AWS accounts. This is designed to help enterprises in regulated industries meet data sovereignty and compliance requirements without changing how they use AWS Transform.

This capability is available in all AWS Regions where AWS Transform is offered. To learn more, see the AWS Transform User Guide.

​AWS Transform brings assessment, migration, and modernization into a single AI-powered experience that guides enterprises through their full transformation journey. Today, AWS announces support for customer-owned Amazon S3 buckets, giving customers full control over where their transformation artifacts are stored and how they are secured.
With this launch, you can configure your own S3 bucket, optionally encrypt artifacts with your own AWS KMS key, and manage access policies through your own AWS account. Migration practitioners can upload files directly to their bucket for immediate use by transformation agents and centralize artifact storage across multiple AWS accounts. This is designed to help enterprises in regulated industries meet data sovereignty and compliance requirements without changing how they use AWS Transform.
This capability is available in all AWS Regions where AWS Transform is offered. To learn more, see the AWS Transform User Guide.  

Today, AWS announced the availability of GLM-5.1-FP8 and Phi-4-mini-instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These models from Z.ai and Microsoft bring advanced agentic capabilities and efficient inference to enterprise AI workloads on AWS infrastructure.

These models address different enterprise AI challenges with specialized capabilities:

GLM-5.1-FP8 excels at agentic software engineering with sustained multi-round optimization, handling repository-level code generation, terminal tasks, and complex debugging workflows that improve with extended reasoning. It is ideal for automated code review pipelines, AI-powered development environments, and long-horizon problem-solving where the model iterates over hundreds of rounds to refine solutions.

Phi-4-mini-instruct excels at strong reasoning, math, and logic in memory-constrained and latency-bound environments, supporting 24 languages and function calling in a compact form factor. It is ideal for edge deployment, latency-sensitive applications, multilingual chatbots, and scenarios where customers need capable reasoning with minimal resource overhead.

With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.

To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

​Today, AWS announced the availability of GLM-5.1-FP8 and Phi-4-mini-instruct in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These models from Z.ai and Microsoft bring advanced agentic capabilities and efficient inference to enterprise AI workloads on AWS infrastructure.
These models address different enterprise AI challenges with specialized capabilities:
GLM-5.1-FP8 excels at agentic software engineering with sustained multi-round optimization, handling repository-level code generation, terminal tasks, and complex debugging workflows that improve with extended reasoning. It is ideal for automated code review pipelines, AI-powered development environments, and long-horizon problem-solving where the model iterates over hundreds of rounds to refine solutions.
Phi-4-mini-instruct excels at strong reasoning, math, and logic in memory-constrained and latency-bound environments, supporting 24 languages and function calling in a compact form factor. It is ideal for edge deployment, latency-sensitive applications, multilingual chatbots, and scenarios where customers need capable reasoning with minimal resource overhead.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.
To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.  

Today, AWS announced the availability of Qwen3-TTS-12Hz-1.7B-CustomVoice, Qwen3-TTS-12Hz-1.7B-Base, and Qwen3-ASR-1.7B in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models from Qwen bring advanced speech synthesis and recognition capabilities across 10+ languages, enabling customers to build intelligent voice-powered applications on AWS infrastructure.

These models address different enterprise speech and audio challenges with specialized capabilities:

Qwen3-TTS-12Hz-1.7B-CustomVoice excels at multilingual text-to-speech with customizable voice styles, supporting 10 languages with instruction-driven control over timbre, emotion, and prosody. It is ideal for building real-time interactive voice applications, customer-facing virtual assistants, and content creation workflows that require natural, expressive speech output.

Qwen3-TTS-12Hz-1.7B-Base excels at multilingual text-to-speech with 3-second rapid voice cloning from audio input. It is ideal for building custom voice applications, fine-tuning domain-specific speech synthesis, and scenarios where developers need a flexible foundation model for voice generation.

Qwen3-ASR-1.7B excels at automatic speech recognition supporting 52 languages and dialects with state-of-the-art accuracy in complex acoustic environments. It is ideal for transcription services, multilingual customer support, real-time captioning, and applications that require robust streaming and offline speech-to-text.

With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.

To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.

​Today, AWS announced the availability of Qwen3-TTS-12Hz-1.7B-CustomVoice, Qwen3-TTS-12Hz-1.7B-Base, and Qwen3-ASR-1.7B in Amazon SageMaker JumpStart, expanding the portfolio of foundation models available to AWS customers. These three models from Qwen bring advanced speech synthesis and recognition capabilities across 10+ languages, enabling customers to build intelligent voice-powered applications on AWS infrastructure.
These models address different enterprise speech and audio challenges with specialized capabilities:
Qwen3-TTS-12Hz-1.7B-CustomVoice excels at multilingual text-to-speech with customizable voice styles, supporting 10 languages with instruction-driven control over timbre, emotion, and prosody. It is ideal for building real-time interactive voice applications, customer-facing virtual assistants, and content creation workflows that require natural, expressive speech output.
Qwen3-TTS-12Hz-1.7B-Base excels at multilingual text-to-speech with 3-second rapid voice cloning from audio input. It is ideal for building custom voice applications, fine-tuning domain-specific speech synthesis, and scenarios where developers need a flexible foundation model for voice generation.
Qwen3-ASR-1.7B excels at automatic speech recognition supporting 52 languages and dialects with state-of-the-art accuracy in complex acoustic environments. It is ideal for transcription services, multilingual customer support, real-time captioning, and applications that require robust streaming and offline speech-to-text.
With SageMaker JumpStart, customers can deploy any of these models with just a few clicks to address their specific AI use cases.
To get started with these models, navigate to the Models section of SageMaker Studio or use the SageMaker Python SDK to deploy the models to your AWS account. For more information about deploying and using foundation models in SageMaker JumpStart, see the Amazon SageMaker JumpStart documentation.  

Amazon SageMaker AI now supports serverless model customization for Qwen3.6 27B parameter model using supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT). Qwen3.6 is a popular open-weight model family from Alibaba Cloud. This launch is an addition to our support for fine-tuning Qwen3.5 and other popular models. Before this launch, you could deploy Qwen3.6 base model on SageMaker AI and now, you can also adapt it to your specific domains and workflows.

Model customization enables you to tailor foundation models with your proprietary data so they more accurately reflect your domain knowledge, terminology, and quality standards. Rather than building models from scratch, fine-tuning lets you start from a capable base model and specialize it for your use cases, whether that’s improving accuracy on domain-specific tasks, aligning outputs with your organization’s tone, or improving performance on new tasks using your labeled data. With serverless customization, SageMaker AI handles all infrastructure provisioning and training orchestration, so you can focus on your data and evaluation rather than cluster management, and only pay for what you use.

Serverless model customization for Qwen3.6 on SageMaker AI is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and EU (Ireland). To get started, navigate to the Models page in Amazon SageMaker Studio to launch a customization job, or use the SageMaker Python SDK for programmatic access. To learn more, see the Amazon SageMaker AI model customization documentation.

​Amazon SageMaker AI now supports serverless model customization for Qwen3.6 27B parameter model using supervised fine-tuning (SFT) and reinforcement fine-tuning (RFT). Qwen3.6 is a popular open-weight model family from Alibaba Cloud. This launch is an addition to our support for fine-tuning Qwen3.5 and other popular models. Before this launch, you could deploy Qwen3.6 base model on SageMaker AI and now, you can also adapt it to your specific domains and workflows. Model customization enables you to tailor foundation models with your proprietary data so they more accurately reflect your domain knowledge, terminology, and quality standards. Rather than building models from scratch, fine-tuning lets you start from a capable base model and specialize it for your use cases, whether that’s improving accuracy on domain-specific tasks, aligning outputs with your organization’s tone, or improving performance on new tasks using your labeled data. With serverless customization, SageMaker AI handles all infrastructure provisioning and training orchestration, so you can focus on your data and evaluation rather than cluster management, and only pay for what you use. Serverless model customization for Qwen3.6 on SageMaker AI is available in US East (N. Virginia), US West (Oregon), Asia Pacific (Tokyo), and EU (Ireland). To get started, navigate to the Models page in Amazon SageMaker Studio to launch a customization job, or use the SageMaker Python SDK for programmatic access. To learn more, see the Amazon SageMaker AI model customization documentation.  

Today, as part of the AWS Transform composability initiative, AWS announces the general availability of the agent builder toolkit Kiro power for AWS Transform. With the agent builder toolkit, AWS Partners and customers can build agents tailored to their specific modernization needs and ensure it works seamlessly within AWS Transform.

This capability enables Migration and Modernization Competency Partners, ISVs, or customers to create differentiated transformation solutions by integrating their specialized agents, tools, knowledge bases, and workflows with AWS Transform’s agentic AI capabilities. The agent builder toolkit provides the end-to-end lifecycle for transformation agents: build agents using the Kiro power; share them with teams or across partner networks, and register them with AWS Transform for discovery.

The agent builder toolkit for AWS Transform is available in the Kiro power marketplace. To learn more, see AWS Transform (https://aws.amazon.com/transform).

​Today, as part of the AWS Transform composability initiative, AWS announces the general availability of the agent builder toolkit Kiro power for AWS Transform. With the agent builder toolkit, AWS Partners and customers can build agents tailored to their specific modernization needs and ensure it works seamlessly within AWS Transform.
This capability enables Migration and Modernization Competency Partners, ISVs, or customers to create differentiated transformation solutions by integrating their specialized agents, tools, knowledge bases, and workflows with AWS Transform’s agentic AI capabilities. The agent builder toolkit provides the end-to-end lifecycle for transformation agents: build agents using the Kiro power; share them with teams or across partner networks, and register them with AWS Transform for discovery. The agent builder toolkit for AWS Transform is available in the Kiro power marketplace. To learn more, see AWS Transform (https://aws.amazon.com/transform).  

Today, AWS announces that the AWS Transform agents — built on decades of AWS migration and modernization experience — are now accessible through a Kiro power, agent plugins, and via the AWS Transform MCP server. Developers can now consume all of AWS Transform’s capabilities directly from their preferred development environment, whether working interactively in an agentic IDE, managing jobs through the web console, or integrating programmatically via MCP.

This launch gives builders flexibility to choose the surface that fits their workflow while gaining the depth of transformation expertise behind the AWS Transform agents for Windows, VMware, mainframe and more. A developer can start a transformation in their agentic IDE, monitor progress and collaborate in the web console, then see results back in their IDE — all against the same underlying job with consistent state. Additionally, AWS Transform now supports IAM role authentication. Customers who start using AWS Transform in their IDE or the web app can use their existing AWS credentials to create a Transform environment, workspace, and transformation job.

The agent plugin and MCP are available on GitHub, and the Kiro Power within the Kiro marketplace. To learn more, see https://aws.amazon.com/transform.

​Today, AWS announces that the AWS Transform agents — built on decades of AWS migration and modernization experience — are now accessible through a Kiro power, agent plugins, and via the AWS Transform MCP server. Developers can now consume all of AWS Transform’s capabilities directly from their preferred development environment, whether working interactively in an agentic IDE, managing jobs through the web console, or integrating programmatically via MCP.
This launch gives builders flexibility to choose the surface that fits their workflow while gaining the depth of transformation expertise behind the AWS Transform agents for Windows, VMware, mainframe and more. A developer can start a transformation in their agentic IDE, monitor progress and collaborate in the web console, then see results back in their IDE — all against the same underlying job with consistent state. Additionally, AWS Transform now supports IAM role authentication. Customers who start using AWS Transform in their IDE or the web app can use their existing AWS credentials to create a Transform environment, workspace, and transformation job.
The agent plugin and MCP are available on GitHub, and the Kiro Power within the Kiro marketplace. To learn more, see https://aws.amazon.com/transform.  

Amazon Aurora DSQL introduces support for change data capture (CDC) in preview, enabling you to stream real-time database changes directly to Amazon Kinesis Data Streams. This fully managed capability removes the need to build or maintain custom streaming pipelines, making it easier to build event-driven applications, power real-time analytics pipelines, and synchronize data across systems.

Aurora DSQL automatically captures the result of insert, update, and delete operations as change events. You can use these events to synchronize data across microservices, trigger downstream processing with AWS Lambda, or deliver to Amazon S3, Amazon Redshift, and Amazon OpenSearch Service through Amazon Data Firehose for analytics. CDC streaming requires no infrastructure setup and is designed to have zero impact on your database workload, so you can stream changes without affecting database throughput or latency.

CDC streaming in preview is available in all AWS Regions where Aurora DSQL is available. Streams are billed using Distributed Processing Units (DPUs) based on the volume of data captured, with standard Amazon Kinesis Data Streams pricing applying separately. To learn more, read the blog and see getting started.

​Amazon Aurora DSQL introduces support for change data capture (CDC) in preview, enabling you to stream real-time database changes directly to Amazon Kinesis Data Streams. This fully managed capability removes the need to build or maintain custom streaming pipelines, making it easier to build event-driven applications, power real-time analytics pipelines, and synchronize data across systems. Aurora DSQL automatically captures the result of insert, update, and delete operations as change events. You can use these events to synchronize data across microservices, trigger downstream processing with AWS Lambda, or deliver to Amazon S3, Amazon Redshift, and Amazon OpenSearch Service through Amazon Data Firehose for analytics. CDC streaming requires no infrastructure setup and is designed to have zero impact on your database workload, so you can stream changes without affecting database throughput or latency. CDC streaming in preview is available in all AWS Regions where Aurora DSQL is available. Streams are billed using Distributed Processing Units (DPUs) based on the volume of data captured, with standard Amazon Kinesis Data Streams pricing applying separately. To learn more, read the blog and see getting started.  

Amazon Application Recovery Controller (ARC) Region Switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. Today, we are announcing the Lambda event source mapping execution block, which automates the coordinated failover of event streams for multi-Region workloads.

Customers running event-driven architectures use Lambda functions with event source mappings to process event streams from Kinesis, DynamoDB Streams, MSK, or SQS. For active-passive workloads, customers may maintain Lambda functions in each Region but process events in only one Region at a time. These event source mappings must be toggled during failover to avoid duplicate processing—a manual, error-prone step. The Lambda event source mapping execution block automates this by enabling or disabling event source mappings in either the activating or deactivating Region. To control duplicate processing, customers can configure two Lambda event source mapping execution blocks in sequence: a disable block to stop event processing in the deactivating Region, and an enable block to start it in the activating Region. The disable block can be overridden by running the plan in «ungraceful» mode for unplanned failovers where the deactivating Region may be impaired. Native cross-account support enables a single plan to handle event stream failover across multiple accounts.

To get started, see the Lambda event source mapping execution block documentation. ARC Region switch is available in all commercial Regions. See ARC Region switch availability

​Amazon Application Recovery Controller (ARC) Region Switch helps customers orchestrate the failover of their multi-Region applications to achieve a bounded recovery time in the event of a Regional impairment. Today, we are announcing the Lambda event source mapping execution block, which automates the coordinated failover of event streams for multi-Region workloads. Customers running event-driven architectures use Lambda functions with event source mappings to process event streams from Kinesis, DynamoDB Streams, MSK, or SQS. For active-passive workloads, customers may maintain Lambda functions in each Region but process events in only one Region at a time. These event source mappings must be toggled during failover to avoid duplicate processing—a manual, error-prone step. The Lambda event source mapping execution block automates this by enabling or disabling event source mappings in either the activating or deactivating Region. To control duplicate processing, customers can configure two Lambda event source mapping execution blocks in sequence: a disable block to stop event processing in the deactivating Region, and an enable block to start it in the activating Region. The disable block can be overridden by running the plan in «ungraceful» mode for unplanned failovers where the deactivating Region may be impaired. Native cross-account support enables a single plan to handle event stream failover across multiple accounts. To get started, see the Lambda event source mapping execution block documentation. ARC Region switch is available in all commercial Regions. See ARC Region switch availability  

• Categoría: Noticias de Microsoft

mayo 14, 2026

El abuso de IA por parte de actores amenazantes se acelera desde la herramienta hasta la superficie de ciberataque

Por: Sherrod DeGrippo, subdirector de seguridad de la información, gerente general de Customer Security, Microsoft.

Durante el último año, una palabra ha representado la conversación que vive en la intersección entre la IA y la ciberseguridad: la velocidad. La velocidad importa, pero no es el cambio más importante que observamos hoy en el panorama de amenazas. Ahora, actores amenazantes desde Estados Nación, hasta grupos de ciberdelincuencia, integran la IA en su forma de planificar, refinar y mantener los ciberataques. Los objetivos no han cambiado, pero el ritmo, la iteración y la escala de los ataques habilitados por IA generativa sin duda los mejoran.

Exploren soluciones de seguridad integradas con Microsoft Defender

Sin embargo, como en los defensores, por lo general hay un humano en el bucle que impulsa estos ataques, y no una IA autónoma por completo o agéntica que dirige campañas. La IA reduce la fricción a lo largo del ciclo de vida del ataque; ayudar a los actores amenazantes a investigar más rápido, escribir mejores señuelos, codificar malware y hacer triaje de datos robados. Los líderes de seguridad con los que hablé en  la Conferencia RSAC 2026 priorizan los recursos y los cambios de estrategia para adelantarse a este avance crítico en el panorama de amenazas.

La realidad operativa: Incrustada, no emergente

La escala de lo que seguimos hace imposible descartar el alcance. La actividad de amenazas abarca todas las regiones. Solo Estados Unidos representa casi el 25% de la actividad observada, seguido por el Reino Unido, Israel y Alemania. Ese volumen refleja realidades económicas y geopolíticas.¹

Pero el cambio mayor no es geográfico, es operativo. Los actores de amenazas integran la IA en su manera de trabajar durante el reconocimiento, el desarrollo de malware y las operaciones posteriores al compromiso. Objetivos como el robo de credenciales, la ganancia económica y el espionaje pueden resultar familiares, pero la precisión, persistencia y escala detrás de ellos han cambiado.

El correo electrónico sigue como el camino más rápido

El correo electrónico se mantiene como la vía más rápida y económica para el acceso inicial. Lo que ha cambiado es el nivel de refinamiento que la IA permite para crear el mensaje que hace que alguien dé clic.

Cuando la IA se integra en operaciones de phishing, vemos que las tasas de clics alcanzan el 54%, frente a cerca del 12% de las campañas más tradicionales. Eso supone un aumento del 450% en la efectividad. Eso no es resultado de un aumento de volumen, sino de una mayor precisión. La IA ayuda a los actores amenazantes a localizar contenido y adaptar la mensajería a roles específicos, lo que reduce la fricción a la hora de crear un señuelo que se convierte en acceso. Cuando se combina esa mayor efectividad con una infraestructura diseñada para eludir la autenticación multifactor (MFA, por sus siglas en inglés), el resultado son operaciones de phishing más resilientes, más dirigidas y mucho más difíciles de defender a gran escala.

Un aumento del 450% en la tasa de clics cambia el cálculo de riesgos para cada organización. También indica que la IA no solo se usa para hacer más de lo mismo, sino para hacerlo mejor.

Tycoon2FA: Cómo es el cibercrimen a escala industrial

Tycoon2FA es un ejemplo de cómo el actor que seguimos como Storm-1747 se orientó hacia el refinamiento y la resiliencia. Entender cómo funcionaba nos enseña hacia dónde podrían dirigirse las amenazas y alimentó las conversaciones en las salas de prensa del RSAC 2026, que se centraron en el ecosistema en lugar de en los actores individuales.

Tycoon2FA no era un kit de phishing, era una plataforma de suscripción que generaba decenas de millones de correos electrónicos de phishing al mes. Desde 2023, estuvo vinculado a casi 100.000 organizaciones comprometidas. En su apogeo, representaba cerca del 62% de todos los intentos de phishing que Microsoft bloqueaba cada mes. Esta operación se especializaba en ataques de “adversario en el medio”, diseñados para derrotar la MFA. Interceptaba credenciales y tokens de sesión en tiempo real y permitía a los atacantes autenticarse como usuarios legítimos sin activar alertas, incluso después de restablecer las contraseñas.

Pero la capacidad técnica es solo una parte de la historia. El cambio más grande es estructural. El Storm-1747 no operaba solo. Esto era ciberdelincuencia modular: un servicio gestionaba plantillas de phishing, otro proporcionaba infraestructura, otro gestionaba la distribución de correo electrónico, otro el acceso monetizado. Era, en la práctica, una cadena de montaje para el robo de identidad. Los servicios eran componibles, escalables y disponibles por suscripción.

Este es el modelo que ha cambiado las conversaciones esta semana: no se trata de un solo actor sofisticado; se trata de un ecosistema que ha industrializado el acceso y reduce la barrera de entrada para cada actor que se conecta a él. Eso es justo lo que la IA hace en el panorama más amplio de amenazas: poner las capacidades de actores sofisticados a disposición de todos.

Disrupción: Cerrar el ciclo de inteligencia de amenazas

Nuestra Unidad de Delitos Digitales interrumpió Tycoon2FA a principios de este mes, al confiscar 330 dominios en coordinación con Europol y socios industriales. Pero el objetivo no era tan solo eliminar páginas web. El objetivo era presionar una cadena de suministro. El cibercrimen hoy en día trata de modelos de servicio escalables que bajan la barrera de entrada. La identidad es el objetivo principal y el bypass MFA ahora se presenta como una función. Interrumpir un servicio obliga al mercado a adaptarse. La presión sostenida fragmenta el ecosistema. Al atacar el motor económico detrás de los ataques, podemos remodelar el entorno de riesgo.

Cada vez que interrumpimos un ataque, se genera señal. La señal alimenta inteligencia. La inteligencia refuerza la detección. La detección es lo que impulsa la respuesta. Así es como convertimos las acciones de los actores amenazantes en defensas duraderas, y cómo el trabajo de la interrupción se acumula con el tiempo. La capacidad de Microsoft para observar a gran escala, actuar a gran escala y compartir inteligencia a gran escala es la diferenciación que en verdad importa. Marca la diferencia por cómo lo ponemos en práctica.

La IA a lo largo de todo el ciclo de vida del ataque

Cuando nos alejamos de cualquier campaña y buscamos un patrón más amplio, la IA no aparece solo en una fase de un ataque; aparece a lo largo de todo el ciclo de vida. En RSAC 2026, ofrecí un marco para ayudar a los defensores a priorizar su respuesta:

• En reconocimiento: la IA acelera el descubrimiento de infraestructuras y el desarrollo de personas, para comprimir el tiempo entre la selección del objetivo y el primer contacto.
• En el desarrollo de recursos: la IA genera documentos falsificados, narrativas pulidas de ingeniería social y apoya infraestructuras a gran escala.
• Para el acceso inicial: la IA refina las superposiciones de voz, deepfakes y la personalización de mensajes a través de datos extraídos, para generar señuelos que son cada vez más difíciles de distinguir de las comunicaciones legítimas.
• En persistencia y evasión: la IA escala identidades falsas y automatiza la comunicación que mantiene la presencia del atacante mientras se integra con la actividad normal.
• En la convertir en armas: la IA permite el desarrollo de malware, la regeneración de cargas útiles y la depuración en tiempo real, para producir herramientas que se adaptan al entorno víctima en lugar de depender de firmas estáticas.
• En operaciones posteriores al compromiso: la IA adapta las herramientas al entorno específico de la víctima y, en algunos casos, automatiza la negociación del rescate.

El objetivo no ha cambiado: robo de credenciales, ganancia financiera y espionaje. Lo que ha cambiado es el tempo, la velocidad de iteración y la capacidad de probar y refinar a gran escala. La IA no solo acelera los ciberataques, los mejora.

¿Qué viene después

En mis sesiones en RSAC 2026, compartí un conjunto de temas que ayudan a definir el cambio impulsado por IA en el panorama de amenazas.

El primero es el modelo de amenaza agéntica. Los escenarios para los que nos preparamos han cambiado. La barrera para lanzar ataques sofisticados se ha derrumbado. Lo que antes requería los recursos de un estado-nación o de una empresa criminal bien organizada ahora está al alcance de un individuo motivado con las herramientas adecuadas y la paciencia para utilizarlas. Las técnicas no han cambiado de manera fundamental; la precisión, velocidad y volumen lo han hecho.

La segunda es la cadena de suministro de software. Saber qué software y agentes se han desplegado y poder tener en cuenta su comportamiento no es un ejercicio de cumplimiento. El ecosistema de agentes se convertirá en la superficie más atacada de la empresa. Las organizaciones que no pueden responder preguntas básicas sobre inventario sobre su entorno de agentes no podrán defenderlo.

La tercera es comprender el valor del talento humano en una operación de seguridad a través de sistemas agénticos para escalar. El analista de seguridad como profesional cede el paso al analista de seguridad como orquestador. Los modelos de talento contra los que las organizaciones contratan hoy en día ya están desfasados. Pero la tecnología puede ayudar a proteger a los humanos que pueden cometer errores. Aunque significa que la auditabilidad de las decisiones de los agentes es un requisito de gobernanza hoy en día, no es el momento final. El SOC del futuro exige un tipo de defensor diferente de manera fundamental.

El momento de liderar con claridad estratégica, prioridades clasificadas y una postura firme para la responsabilidad agente es ahora.

Si la IA está integrada a lo largo del ciclo de vida del ataque, la inteligencia y la defensa también deben estar integradas a lo largo del ciclo de vida. Microsoft Threat Intelligence seguirá con el rastreo, publicación y la actuación en tiempo real sobre lo que observamos. Los patrones son visibles. La inteligencia está ahí.

Para saber más sobre las soluciones de seguridad de Microsoft, visiten nuestra página web. Guarden el blog de Security en sus Favoritos para estar al día con nuestra cobertura experta sobre temas de seguridad. Además, síganos en LinkedIn (Microsoft Security) y X (@MSFTSecurity) para las últimas noticias y actualizaciones sobre ciberseguridad.

¹Informe de Defensa Digital de Microsoft 2025.

Etiquetas:

• IA
• Seguridad

The post El abuso de IA por parte de actores amenazantes se acelera desde la herramienta hasta la superficie de ciberataque appeared first on Source LATAM.

​The post El abuso de IA por parte de actores amenazantes se acelera desde la herramienta hasta la superficie de ciberataque appeared first on Source LATAM.  

Amazon SageMaker Data Agent is now available in SageMaker Unified Studio domains configured with IAM Identity Center. Data Agent extends its AI-powered capabilities to help data analysts and engineers streamline their analytics workflows across both SageMaker notebooks and Query Editor environments, eliminating the need to manually write complex SQL joins, aggregations, and Python code.

With Data Agent, you can describe your analysis goals in plain English and receive working Python or SQL code tailored to your connected data sources, including Amazon Athena, Amazon Redshift, Amazon S3, and AWS Glue Data Catalog. The agent maintains conversational context across notebook cells, selected tables, and query history, proposing step-by-step plans before generating code. Use it to calculate quarterly revenue growth rates, generate visualizations, transform DataFrames, or optimize query performance—all through natural language interaction. The «Fix with AI» feature provides intelligent debugging by analyzing execution errors and suggesting corrections, accelerating your development cycle.

This capability is available in all commercial AWS Regions where Amazon SageMaker Unified Studio is supported. To get started, navigate to a project in SageMaker Unified Studio, open a notebook or Query Editor, and select the Data Agent panel. To learn more, visit the Amazon SageMaker Unified Studio page and refer to «Use the SageMaker Data Agent» in the Amazon SageMaker Unified Studio User Guide.

​Amazon SageMaker Data Agent is now available in SageMaker Unified Studio domains configured with IAM Identity Center. Data Agent extends its AI-powered capabilities to help data analysts and engineers streamline their analytics workflows across both SageMaker notebooks and Query Editor environments, eliminating the need to manually write complex SQL joins, aggregations, and Python code. With Data Agent, you can describe your analysis goals in plain English and receive working Python or SQL code tailored to your connected data sources, including Amazon Athena, Amazon Redshift, Amazon S3, and AWS Glue Data Catalog. The agent maintains conversational context across notebook cells, selected tables, and query history, proposing step-by-step plans before generating code. Use it to calculate quarterly revenue growth rates, generate visualizations, transform DataFrames, or optimize query performance—all through natural language interaction. The «Fix with AI» feature provides intelligent debugging by analyzing execution errors and suggesting corrections, accelerating your development cycle. This capability is available in all commercial AWS Regions where Amazon SageMaker Unified Studio is supported. To get started, navigate to a project in SageMaker Unified Studio, open a notebook or Query Editor, and select the Data Agent panel. To learn more, visit the Amazon SageMaker Unified Studio page and refer to «Use the SageMaker Data Agent» in the Amazon SageMaker Unified Studio User Guide.