We utilize artificial intelligence for site translations, and while we strive for accuracy, they may not always be 100% precise. Your understanding is appreciated.
Home/
Blog
/
Adversarial AI: How Security-First MFT Defends…
Adversarial AI: How Security-First MFT Defends Government Systems from AI File-Based Attacks
by
OPSWAT
Share this Post
AI-powered Threats Against Government Systems
Artificial intelligence (AI) has entered the cybersecurity domain not as a side tool but as a central actor, redefining how attackers operate and how defenders must respond. From voice-cloned phishing scams to deepfake-powered fraud, AI has given adversaries the means to impersonate, infiltrate, and disrupt with unprecedented realism and reach.
The stakes are highest in government and critical infrastructure. As mentioned in the IBM X-Force Threat Intelligence Index, Salt Typhoon—a nation-state-aligned threat actor—breached telecom systems across multiple countries, using stolen credentials and stealth tactics to target energy, healthcare, and sensitive government operations in 2024.
More recently, the CrowdStrike software incident disrupted major IT systems across sectors, including government agencies and airports, when a faulty update affected widely deployed endpoint security infrastructure. While not a deliberate attack, it exposed the fragility of public-sector digital environments and the potential for cascading failure across interconnected networks.
Governments face a unique blend of vulnerabilities: interconnected supply chains, legacy systems, and geopolitical pressure points make the public sector an ideal target for both sophisticated and opportunistic attackers. Meanwhile, compliance burdens and talent shortages widen the risk gap between well-resourced and under-resourced agencies.
AI doesn’t just amplify phishing and impersonation. It also automates and personalizes file-based attacks at scale. Common tactics now include:
Generating synthetic payloads that adapt to evade antivirus tools
Using GenAI to obfuscate malicious code within otherwise legitimate file types
As adversaries shift from breaching systems to exploiting file exchanges between them, it’s no longer enough to control access. Unlike network intrusions, file exchanges often bypass inspection tools and are assumed to be benign, making them ideal delivery mechanisms for AI-generated payloads. Governments need to verify, sanitize, and track files across agencies, vendors, and critical networks, especially where visibility is low due to limited auditing and tracking.
The Cyber Complexity Governments Face
Artificial intelligence has accelerated both the scale and sophistication of cyberattacks, overwhelming the fragmented, legacy defenses many government systems still rely on. Unlike prior threats that required technical precision to exploit a vulnerability, today’s attacks are increasingly automated, context-aware, and globally distributed. AI now acts as a force multiplier compressing attack timelines and accelerating decision-making on both sides of the cyber battlefield.
According to the World Economic Forum, 66% of cybersecurity leaders believe AI will have the most significant impact on security operations in the next year. Yet only 37% of organizations have measures in place to assess the security of AI tools before deploying them. The result is a fast-moving risk landscape where many governments are underprepared for adversaries who can now act at a near light speed.
Over time, digital transformation has led to complex networks made up of legacy systems, third-party platforms, public portals, and file exchanges between government agencies. Many of these systems lack real-time visibility into how data is flowing or how it’s being used. Attackers exploit this by targeting workflows, credentials, and file transfers that bridge air-gapped systems and various departments.
GenAI is now being used to:
Write and mutate malware
Generate zero-day exploit code
Steal credentials through adaptive phishing and impersonation
Craft phishing and social engineering content at scale
These risks are amplified by geopolitical pressures and transnational dependencies. Public-sector preparedness is low: only 14% of government organizations feel confident in their cyber resilience, according to the WEF. That figure lags far behind private-sector benchmarks.
4 Key Risk Factors
1. AI adoption: outpaces secure deployment practices
2. Aging infrastructure: can’t support modern detection or control mechanisms
3. Increased exposure: through cross-border data flows and global supply chains
Credential theft has become a primary access method, overtaking brute-force tactics as attackers use AI-enhanced phishing and infostealers to compromise accounts across public-sector networks.
According to IBM, identity-based attacks make up 30% of incidents. These often begin with AI-generated emails or deepfakes designed to trick staff into handing over credentials. Once inside, attackers use valid accounts to access data undetected, particularly in systems with limited segmentation or weak audit trails.
Proactive email-layer defenses are critical to stopping these attacks before they reach inboxes, especially when productivity constraints limit file sanitization. MetaDefender Email Security™ supports this by analyzing attachments through repetitive Multiscanning and protecting files that contain active components, even when Deep CDR™ is disabled. This ensures that macros or embedded code in attachments can still be used safely without exposing the organization to risk.
Public agencies are exposed to cyberthreats due to legacy identity systems, hybrid workforces, and frequent external file exchanges. Insider threats are also evolving. The Ponemon Institute’s 2025 Cost of Insider Risks Report shows that “outsmarted” insiders—those compromised by social engineering—now account for 20% of all insider incidents, with the highest per-incident costs at $779,797. Administrative, HR, and support roles are especially targeted due to their routine access to sensitive content.
Notable AI-generated risk patterns include:
Deepfake impersonations of officials to authorize fraudulent actions
Compromised personal devices exposing government credentials
Undetected data exfiltration via unmanaged file movement
AI Driven Tools
What it Does
DeepfaceLab & FaceSwap
Creates realistic videos to bypass verification procedures or impersonate executives
FraudGPT & WormGPT
Builds compelling phishing emails, legal documents, and communications at scale
Blackmailer V3
Scrapes corporate and personal data to credibly drive extortion and blackmail
EvilProxy & Robin Banks
Auto-generates phishing websites and login portals for banking, cloud services, and enterprise platforms
ElevenLabs & Voicemy.ai
Clones voices for phishing, scam calls, and bypassing authentications
Social Engineering Bots
Impersonates customer support and trick users into sharing sensitive information and MFA codes
A Blind Spot in Cyber Defense
Public-sector cybersecurity programs often prioritize network access, identity management, and endpoint defense. But one critical layer remains persistently underprotected: how files move between people, departments, systems, and zones.
This blind spot in cyber defense is increasingly exploited by attackers using legitimate credentials or AI-crafted payloads. Once an adversary gains a foothold, they rarely act alone. Their actions are often part of broader campaigns, involving malware toolkits, access brokers, or extortion partners. They move laterally by embedding malicious content inside routine documents to exploit the absence of inspection, sanitization, and control in legacy file flows.
Many file flows lack format validation, embedded threat removal, and context-aware access rules — all of which are now critical in defending against AI-shaped threats. AI only amplifies this risk. Polymorphic malware in PDFs or Office documents can mutate on delivery, evading antivirus engines.
Generative AI-created scripts and deepfakes are used to disguise intent or impersonate trusted officials. Files containing these threats often travel unverified and unlogged between departments, cross-domain workflows, or partner networks. In June 2025, Paraguay suffered a breach of 7.4 million citizen records, exfiltrated from multiple government agencies and disseminated via ZIP and torrent files on the dark web. The attackers demanded $7.4 million in ransom, exploiting unprotected file systems across the public sector to extort the entire nation.
More than half of credential compromise cases now involve AI-generated content, according to Ponemon. These payloads bypass traditional user protections and exploit the fact that many agencies do not treat file exchange as a governed, security-enforced process. Without visibility and control at the file layer, even segmented networks and air-gapped systems can be breached by what appears to be a routine document or archive.
Unverified file exchanges have already been linked to major incidents, including ransomware propagation across agencies, sensitive data exfiltration via document archives, and malware injected into software supply chains. These are not theoretical risks. They are active attack vectors that exploit fragmented workflows and the absence of unified transfer governance.
Insecure Legacy File Handling Methods
Many government agencies still rely on outdated file handling practices such as email attachments, shared drives, USBs, and ad hoc FTP servers. These methods lack the file-level visibility, threat inspection, and policy enforcement needed to counter today’s AI-driven risks.
Manually routed files are prone to human error and inconsistent enforcement. Without centralized oversight, it’s difficult to know what was transferred, who accessed it, or whether it was scanned beyond a basic antivirus scan. These blind spots are easily exploited by AI-generated malware that can mutate on delivery, conceal itself in spoofed formats, or bypass scanners using obfuscation.
Common limitations include:
Single-layer, signature-based AV engine scans that miss polymorphic or AI-crafted malware due to lack of heuristic, machine-learning or sandbox-based analysis
Segmented security zones with no shared visibility into file behavior or origin
Decentralized audit trails that slow down investigations and undermine compliance
These vulnerabilities are amplified in hybrid environments with IT-OT integration, contractor access, and cross-agency workflows. File movement between departments or across security domains is often unverified, introducing persistent risks to high-value systems.
Supply chain interactions further compound the problem. Routine file exchanges with third-party vendors and integrators are often handled via unsanctioned tools or simple upload portals, such as publicly accessible SFTP portals or unprotected document dropboxes, with minimal inspection.
Invoices, configuration updates, and documentation can all carry embedded threats without either party realizing it. In many recent incidents, regular file updates from trusted suppliers have introduced backdoors, ransomware, or credential-stealing malware into government networks.
Even well-meaning partners may lack the multilayer security controls needed to detect threats before files reach federal systems. And when visibility into external file flows is low, these compromises can remain dormant for weeks before detection.
Without multilayer threat prevention and policy-based control over file flows, legacy workflows act as entry points for adversaries, especially in systems managing citizen identity, healthcare data, or operational technology. These methods cannot meet the demands of today's threat model, which includes AI-generated polymorphic malware and socially engineered payloads designed to evade traditional detection.
Security-First MFT Reduces Risk in File Transfers
Governments need more than secure storage or access controls. They need secure file transit solutions. Managed File Transfer (MFT) addresses this by enforcing policy-based file transfers across systems, users, and domains. It also applies proactive file sanitization and inspection to block threats before execution.
Thirty years ago, the focus was simply on moving files. Over time, that evolved into a need for secure transfers, encrypting files in transit and at rest. Today, we’re taking an even broader view, considering the entire lifecycle of the file and the broader context of trust, policy, and risk.
Jeremy Fong
Vice President of MetaDefender Managed File Transfer, SANS ICS Security Summit, 2025
Unlike traditional methods, such as email attachments scanned only once, or SFTP servers lacking policy enforcement, MFT applies multilayer threat prevention that inspects and sanitizes content before it reaches its destination.
Multiple AV engines detect evasive malware, CDR (content disarm and reconstruction) technology strips embedded threats from files, and AI-aided, emulation-based sandbox analysis flags zero-day exploits. These layers work together to verify, neutralize, and govern every file before it enters a trusted environment.
File type verification ensures files are what they claim to be, reducing the risk of spoofed or disguised formats
Archive extraction inspects nested content within compressed files such as ZIP or RAR archives, which are common containers for hidden malware
Country-of-origin detection helps enforce geopolitical controls or block high-risk uploads from flagged regions
2. Safeguarding File Trust and Integrity
Checksum validation verifies that files have not been tampered with in transit, detecting unauthorized changes and preserving chain-of-custody integrity
3. Encrypting from End to End
HTTPS encryption protects data in motion during transfer sessions
AES-256 encryption safeguards data at rest, including queued or archived files awaiting approval or delivery
Operational integrity is enhanced by these MFT capabilities:
Policy-based transfers ensure files follow strict routing and approval workflows
Role-based access control prevents unauthorized exposure of sensitive content
Detailed logs and audit trails support compliance and investigation
Preventing attacks is essential, but the real value lies in having detailed reporting—being able to prove what happened to a file, when, and why. That level of visibility is the crown jewel of secure file movement.
Jeremy Fong
Vice President of MetaDefender Managed File Transfer, SANS ICS Security Summit, 2025
These capabilities are especially valuable in public-sector environments where files cross boundaries between departments, contractors, or high-security domains. With MFT, security is applied to both the file and the transfer process, reducing the risk of hidden threats slipping through trusted channels—whether they arrive from internal users or external partners.
MetaDefender MFT Meets Government’s Security
MetaDefender Managed File Transfer™ is built for environments where security cannot be an afterthought. It enables governments to move files between users, networks, and systems with confidence. This enforces security at the content, process, and policy level.
Unlike basic file gateways or legacy transfer tools, MetaDefender MFT is a policy-enforced file transfer solution with built-in multilayered threat prevention and auditability. It includes native integration with MetaScan™ Multiscanning, Deep CDR™, Proactive DLP™, and MetaDefender Sandbox™, all powered by MetaDefender Core™.
As Jeremy Fong explained, “Most MFT solutions still lack integrated malware protection. Ours includes multiscanning with multiple AV engines, along with content disarm and reconstruction, data loss prevention, and several additional layers to ensure every file is both safe and compliant.” These technologies work together to neutralize threats before delivery, including those embedded in documents, archives, and executable content.
4 Key advantages of MetaDefender MFT:
Policy-based workflows that automate approvals, routing, and enforcement
Supports both legacy systems and modernized infrastructure with full policy enforcement
Designed for air-gapped and cross-domain environments
Role-based access control with full audit trails for every transfer event
Whether used for inter-agency data exchange, supplier collaboration, or secure citizen services, MetaDefender MFT brings file-level visibility and multi-layered protection into daily operations. It’s designed to fit the complexity of government IT while raising the bar on security and compliance.
Secure File Movement for Cyber Resilience
AI-powered threats are accelerating, and governments can no longer afford to treat file handling as an administrative task. Files are not just data. They are AI-exploitable payloads that traverse boundaries, impersonate trust, and bypass detection when left ungoverned. Without visibility and control at the transfer layer, even well-defended systems can be compromised by what looks like routine activity.
MetaDefender Managed File Transfer provides a security-first foundation for modern government operations. By enforcing policy, inspecting content, and controlling the file transfer process integrity, it closes a critical blind spot in today’s public-sector cybersecurity.
As AI continues to reshape the threat landscape, file movement must become a deliberate, governed function instead of a vulnerability. MetaDefender MFT helps government agencies secure file movement with confidence and control. See how MetaDefender MFT can help secure your organization, talk to an expert today.
