Скачать или смотреть Vulnerabilities of E-Government Platforms in Brazil 2025

This report analyzes the weaknesses of e-government platforms in Brazil, highlighting how obsolete IT components and modern artificial intelligence techniques dramatically increase security risks. We've observed that aging infrastructure—including old hardware, unsupported operating systems, and legacy applications—exposes public institutions to known vulnerabilities, making it difficult to fix critical flaws. National data confirm that the public sector leads the targets of cyberattacks: TrendMicro surveys indicate that 40% of occurrences in 2019 and 35.3% in 2020 were against government entities, a trend that persists in the face of the constant growth of threats (161 billion attacks blocked in 2023, 10% more than in 2022).
Additionally, the incorporation of large language models (LLMs) and generative AI in security and offensive testing creates exponential risks. Recent studies show that ChatGPT-4, for example, can correctly exploit up to 87% of known vulnerabilities in automated test environments, and can generate exploits and sophisticated malware in a matter of minutes. This means that attackers without advanced knowledge can automate complex attacks using AI, greatly expanding the "attack surface" on outdated government systems.

Key findings: Legacy systems in the Brazilian public sector are largely outdated, often without proper maintenance or licensing. This situation is compounded by AI-based attack techniques, which make exploits and phishing campaigns faster and more effective: there was an 856% increase in malicious emails in 2024 (driven by the use of AI). Automated pentesting tools and autonomous agent AI are emerging in the global cybersecurity market, whose predicted value jumps from $1.82 billion in 2023 to $3.9 billion in 2029.

Key recommendations: It is proposed to urgently modernize public IT infrastructure, replacing end-of-life servers and workstations and migrating legacy systems to upgraded platforms. It is suggested to implement regular AI-backed audits, ensuring continuous penetration testing and vulnerability analysis. It is also crucial to adopt ethical AI policies: guiding developers and pentesters to use algorithms responsibly, avoiding biases and respecting citizens' privacy. In summary, the report reinforces that the combination of robust IT governance with the secure use of AI is vital to protect e-public services while maintaining society's trust.