As Artificial Intelligence evolves, so too do the tactics of cybercriminals exploiting it to launch faster, more complex cyberattacks. In this feature, three industry experts examine how threat actors are leveraging AI maliciously – and how businesses can harness the same technology to build stronger, smarter cyberdefences in an ever-shifting landscape.
Ivan Milenkovic, Vice President – Cyber Risk Technology, EMEA at Qualys
The real-world cybercriminals are (mostly) very different from the stereotypes we normally associate with them. They run a serious business. The world’s third largest economy to be precise. And, as good entrepreneurs, they’ve realised AI isn’t just buzz; it’s very effective.
AI-driven tools help them launch smarter, faster and more convincing attacks. Automated AI systems can craft phishing emails personalised precisely to your employees, mimicking colleagues’ writing styles, and making malicious links or attachments worryingly believable. Spear phishing is no longer clumsy; it’s bespoke, targeted and efficient. Your people are much more likely to click because the emails seem genuine. This significantly increases the risk.
Cybercriminals also leverage AI to rapidly identify vulnerabilities within your digital infrastructure. Using automated scanning and AI-assisted analysis, attackers pinpoint weak spots faster than most organisations can remediate them. They’re using AI to create and drive malware that evolves on the fly, evading traditional signature-based detection, making your antivirus look like yesterday’s newspaper. Ransomware powered by Machine Learning learns your defensive habits and bypasses them intelligently. Essentially, cybercriminals use AI not just to speed up attacks, but to anticipate your responses and manoeuvre around them.
But enough doom – here’s what you must do about it:
Firstly, wake up to reality. Traditional defences alone won’t cut it. You need your defensive strategy to embrace AI. Start with smarter threat detection and response. AI-aided or powered endpoint protection, detection and response (EDR and XDR) tools are very powerful. These learn the baseline of normal network behaviour, spotting threats based on subtle anomalies, not outdated signatures.
Integrate AI into your vulnerability management programmes – adopt platforms like Qualys’ VMDR combined with their TruRisk system. They prioritise vulnerabilities using real-world threat data, meaning you fix genuinely critical issues first, not just random CVSS scores. And don’t just scan – use AI-driven continuous compliance monitoring and remediation to stay ahead of threats.
Critically, get strategic with AI by integrating predictive analytics into your risk management processes. AI can anticipate attack paths, simulate breach scenarios and predictively quantify risks in business terms. Businesses using cyber-risk quantification (CRQ), and powered by AI-driven analysis, have a clear strategic edge. It helps executives see cyber-risk in financial terms, cutting through the usual technobabble.
Finally, stop pretending AI threats are tomorrow’s problem. They’re here, right now, attacking your systems. Counteract proactively by embedding AI deeply in your cyberstrategy. Fail to adapt, and frankly, you’re handing cybercriminals an advantage they’ll happily exploit.
Santiago Pontiroli, Lead TRU Researcher, Acronis
AI offers defensive capabilities but, at the same time, also provides cybercriminals with tools to amplify their attacks’ scale, precision and sophistication.
From a malicious perspective, AI is increasingly used to craft highly convincing phishing scams using Natural Language Processing (NLP) that mimic human communication. Additionally, AI-driven malware can adapt its behaviour to evade detection systems, making traditional, signature-based defences obsolete.
Unlike mainstream AI models that undergo rigorous ethical training and content filtering, other alternatives, such as WormGPT and FraudGPT, are designed to facilitate cybercrime through automation and advanced language capabilities.
WormGPT allows users to generate phishing emails, ransomware, malware code and other harmful content without restriction. Similarly, FraudGPT provides tools to craft convincingly deceptive content, automate social engineering attacks, and design sophisticated scams tailored to exploit human vulnerabilities.
However, AI can help businesses detect, predict and mitigate threats in real-time. AI-driven anomaly detection systems excel at identifying unusual patterns and potentially malicious activity before it escalates. Similarly, AI’s predictive capabilities can help organisations stay ahead of attackers by forecasting potential threat vectors based on historical data and evolving attack patterns.
Additionally, AI can play a pivotal role in automating responses to known threats, allowing cybersecurity teams to focus their efforts on addressing novel and sophisticated attacks. Automating routine tasks such as log analysis, threat hunting, and patch management helps optimise security operations and close potential vulnerabilities faster.
Rami Nehme, Regional Sales Director, OPSWAT
Cybercriminals are weaponising AI to automate and scale their attacks, making them more difficult to detect and mitigate. For example, Generative AI enables attackers to create highly convincing phishing emails, craft undetectable malware, and launch automated vulnerability exploits at an alarming speed. Unlike traditional cyberthreats, AI-driven attacks can evolve in real-time, dynamically adapting to evade detection.
This creates a new frontier of cybersecurity challenges, where adversarial AI can manipulate detection models, bypass traditional security measures, and exploit vulnerabilities before they are even publicly known.
AI as a Cybersecurity Force Multiplier
To counteract these emerging threats, businesses must adopt AI-driven cybersecurity strategies that enhance threat detection, response and prevention. AI-powered threat detection systems can analyse vast datasets in real-time, identifying patterns and anomalies that may indicate an attack. By leveraging Machine Learning, organisations can proactively detect cyberthreats before they materialise, reducing reliance on reactive defence mechanisms.
Moreover, AI-driven security automation significantly reduces response times by isolating compromised systems, blocking malicious traffic and autonomously patching vulnerabilities. This not only minimises the impact of cyberincidents but also alleviates the burden on security teams, allowing them to focus on higher-level threat analysis and strategic defence planning.
The challenges of AI integration in cybersecurity
While AI offers a powerful defence, its integration into cybersecurity operations is not without challenges. AI models require continuous training and refinement to remain effective against ever-changing attack techniques. Furthermore, AI decisions must be explainable and transparent to ensure trust and accountability. Organisations must also address ethical concerns, ensuring AI-driven security solutions are deployed responsibly and do not inadvertently introduce bias or privacy risks.
Additionally, the rise of AI-powered threats underscores the need for skilled cybersecurity professionals who can effectively deploy, monitor and refine AI security tools. As organisations embrace AI-driven defenses, human oversight remains critical to validate AI-generated insights, mitigate biases and respond to complex security scenarios.
The future of AI-driven cybersecurity
AI is poised to transition cybersecurity from a reactive to a proactive discipline. By leveraging AI-driven predictive analytics, businesses can anticipate and neutralise threats before they escalate. The future of cybersecurity lies in a hybrid model where AI enhances human expertise, enabling faster, smarter and more adaptive security measures. Organisations that invest in AI-driven cybersecurity today will be better positioned to defend against the next generation of AI-powered cyberthreats.
