Artificial intelligence is rapidly becoming the most transformative—and destabilising—force in cybersecurity, with crypto and cloud platforms now at the sharpest edge of the threat landscape. In an exclusive joint interview during Sysdig Accelerate '25 in Sydney, Sergej Epp, CISO at Sysdig, and Florian Bielak, CISO at BitMEX, warned that AI is not just accelerating attacks but fundamentally reshaping how digital defences must be built, scaled, and trusted. Privacy is the paramount risk. Bielak explained how the proliferation of multimodal AI tools—which can process and generate audio, images, and diverse data streams—is effectively dissolving traditional control boundaries.

"These tools can be weaponised through various sophisticated technologies, from steganography to advanced audio processing, with capabilities that far exceed traditional checks and balances."

Security teams now face escalating pressure to meticulously curate permitted tools within their environments and rigorously vet the security posture of third-party vendors and AI partners. This challenge is particularly acute for cryptocurrency platforms such as BitMEX, which operate continuously in highly adversarial threat landscapes. Epp described the security landscape facing crypto firms as a continuous, high-stakes game:

"Cryptocurrency companies face more threats in the morning than a bank would face in an entire year being attacked by nation-states."

The evolution of cloud infrastructure—and now AI—has dramatically expanded the attack surface.

"Cloud is the new hot wallet for some of the cloud companies out there," he added. "And now AI is coming on top of that."

This new complexity makes decisions harder, faster, and riskier. Unlike traditional systems, AI agents make probabilistic decisions, which means their actions can be less predictable and less auditable.

"That's a very interesting challenge from a security point of view," Epp said.

AI is also fundamentally transforming defensive strategies. Bielak highlighted significant advancements within Security Operations Centres (SOCs), where AI agents increasingly supervise other automated agents, establishing sophisticated automated feedback loops.

"The implementation of an AI agent that can control another agent and provide continuous feedback progressively mitigates the potential for human error," Bielak explained. However, he cautioned, "While promising, the current level of AI curation may not yet fully match the nuanced judgment and adaptability of human expertise."

Both CISOs acknowledged that attackers are adapting rapidly. Epp warned that cloud and AI weaknesses are now being exploited at "blistering" speed.

"It's a race of threat actors—how quickly are they adapting? It's a race of engineers trying to understand how quickly they want to move. And really, it's all about enabling them, rather than restricting them."

According to Epp, the shift from tool sprawl to unified, platform-driven approaches is accelerating.

"The key is to have this unified view—from platform engineers, from security, for multi-cloud environments—and be able really to understand: is that now the right strength to chase or not?" He noted that whereas legacy security stacks used dozens of tools, customers now demand real-time orchestration from single-vendor solutions.

Given its nature as an "always-on" 24/7 operational exchange, as Bielak highlighted, BitMEX operates under constant threat, necessitating a highly agile and adaptive protective approach. It achieves this by significantly leveraging red teaming exercises and simulated insider attacks to uncover vulnerabilities that traditional security assessments might miss. Bielak explained the attacker’s mindset:

"Adversaries do not think in terms of defensive layers; their ultimate focus is on specific high-value targets. For a cryptocurrency exchange, the primary objective is to exfiltrate protected customers' assets, which can amount to billions."

This existential pressure fosters a culture of continuous operational rehearsal and learning within BitMEX.

"A successful breach would lead to an immediate and catastrophic loss of customer trust," Bielak emphasised. Beyond rigorous internal protocols, BitMEX actively collaborates with trusted third-party partners and engages in threat intelligence sharing with other leading cryptocurrency platforms.

Bielak highlighted an increasing concern: the growing sophistication of opportunistic attackers, now empowered by readily accessible AI tools.

"Security strategies must now account for the entire spectrum of adversaries, from AI-augmented opportunistic actors to well-resourced nation-state actors," he stated. He underscored that sharing intelligence regarding attack patterns among industry peers is vital for developing proactive strategies against these evolving threats.

"We participate in various threat intelligence sharing groups," Bielak noted. "This enables us to disseminate and learn from attack patterns observed against similar exchanges or suppliers, allowing us to proactively implement defensive measures between our people, process, and technologies."

For Epp, visibility and process discipline have emerged as the most crucial indicators of effective cloud security.

"Cloud security always starts with asset management," he said. But beyond counting vulnerabilities, teams should measure how quickly secure environments can be rebuilt and how thoroughly telemetry captures attack activity. In modern environments, where "more than 60% of containers are living less than one minute," timing is everything.

"That was the biggest 'aha' moment," he said. "Imagine now you have to take a decision under one minute."

The pair agreed that the sector must evolve beyond static, compliance-driven models in favour of live, operationalised defences.

"A lot of companies still believe it's enough to get a daily scan of inventory," Epp said. "You'll always be behind." Instead, organisations should work from the assumption that their workloads are already breached and emphasise detection and response readiness.

Crypto-specific threats such as "crypto-jacking"—the unauthorised use of GPU cloud resources for mining—are rising sharply.

"You can mine very effectively if you're mining on a GPU," Epp said. "Because of the explosion of GPU clouds right now, we call it crypto-jacking."

Both CISOs were clear: the ground rules for cloud and crypto security are being rewritten in real time. Every day, attackers and defenders alike are deploying increasingly advanced AI tools—and neither side is slowing down.

"Progressively, a lot of what is mundane today is going to be fully automated with AI," Bielak said. "A hard problem of today is going to become the easy problem of tomorrow."

Originally published at SecurityBrief Australia on Thu, 24 Jul 2025. FAQ Section What is crypto-jacking, and why is it a concern? Crypto-jacking is the unauthorized use of someone's computer hardware, specifically their GPU, to mine cryptocurrency. This process can significantly drain resources and slow down systems without the owner's knowledge, representing a rising concern as the number of GPU-based cloud resources grows. Related Services Our platform, AI Crypto Market, provides extensive resources for understanding and managing AI-driven threats in the cryptocurrency landscape. Our Cryptocurrency Hub offers comprehensive tools for secure trading and asset management, while our AI Tools Hub provides AI-powered trading solutions to help preempt and mitigate the risks associated with advanced cybersecurity threats. Related News and Articles

Exclusive: Sysdig and BitMEX sound alarm on AI-powered crypto threats