AI’s Double-Edged Sword: Revolutionising Cybersecurity While Posing New Threats

Artificial intelligence is rapidly reshaping the cybersecurity landscape, offering unprecedented tools to combat cybercrime while simultaneously empowering malicious actors. Experts are calling for urgent regulation and strategic adaptation as AI-driven threats escalate, demanding a fundamental shift in how organisations defend their digital assets.

• AI significantly enhances the speed and autonomy of both cyberattacks and defenses.
• New AI models can identify zero-day vulnerabilities at an unprecedented scale.
• Sophisticated AI is making phishing attacks more convincing and harder to detect.
• There’s a growing consensus on the need for government and business collaboration on AI regulation.
• The concentration of powerful AI capabilities in a few hands raises concerns about global equity and security.

Artificial intelligence is proving to be a powerful ally in the fight against cybercrime, capable of sifting through vast amounts of data with remarkable speed and autonomy. However, these same capabilities can be weaponised by malicious actors to exploit systems, jeopardise personal data, and threaten national security. Recent data indicates a significant rise in AI-utilised cyberattacks, with a 44 percent year-over-year increase in attacks targeting public-facing software and systems applications.

Cybercriminals are leveraging AI to refine their tactics, particularly in phishing attacks. Previously identifiable by grammatical errors or awkward phrasing, AI-generated messages are now virtually indistinguishable from legitimate communications, making vigilance alone insufficient. Furthermore, advanced AI models are demonstrating an alarming proficiency in discovering zero-day vulnerabilities – flaws unknown to software developers that can be exploited to bypass security controls and steal sensitive data. The release of models like Anthropic’s Mythos highlights this capability, identifying thousands of such vulnerabilities.

Experts convened at forums like the Berkman Klein Center for Internet and Society agree that it is imperative for business and government leaders to establish regulatory frameworks for AI in cybersecurity before the technology outpaces our ability to control it. The challenge lies in defining liability and ensuring compliance in a rapidly evolving threat landscape. Some propose a safe harbour approach, where companies are not held liable for breaches if they adhere to basic security practices, such as using up-to-date software packages.

The development and release of powerful AI cybersecurity tools, such as Anthropic’s Mythos, have raised concerns about the concentration of power within a few select companies, primarily in the US. This limited access leaves many businesses and governments excluded from crucial security advancements, prompting calls for broader international cooperation and the establishment of global oversight bodies. "It doesn’t make sense that private individuals are deciding the fate of infrastructure for everyone else," noted Yoshua Bengio, a pioneer in AI research. The potential for AI to disrupt critical global infrastructure necessitates a coordinated international response, including engagement with countries like China, and a careful consideration of open-source models which can be stripped of safety guardrails.

Organisations must adapt their security strategies to counter AI-driven threats. This includes accelerating and automating patching programs, implementing zero-trust architectures, and enhancing real-time detection and response capabilities. Companies like IBM are introducing autonomous security services powered by multi-agent AI to match the speed and sophistication of AI-generated attacks. Microsoft emphasizes a security-first approach, integrating trust directly into AI systems and ensuring continuous control rather than periodic checks. The focus is shifting from individual security tools to coordinated, AI-powered defenses that operate at machine speed.

• Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette, Harvard Gazette.
• IBM Announces New Cybersecurity Measures to Help Enterprises Confront Agentic Attacks, IBM Newsroom.
• Microsoft Warns CX Leaders Agentic AI Threatens CX Security, CX Today.
• Defender’s Guide to the Frontier AI Impact on Cybersecurity, Palo Alto Networks.
• AI cybersecurity capabilities require urgent international cooperation, ‘AI Godfather’ Bengio says, Fortune.