AI + Security: Shield or Sword?
AI’s Role in Cybersecurity is Changing
I’ve been thinking a lot lately about AI’s place in cybersecurity. It’s everywhere in marketing and I’ve written a few pieces about how to think smarter, not harder, about this brave (dangerous?) new world. It’s an incredible tool—one that’s helped defenders automate the mundane and sift through endless data for real threats.
Yet as I dig deeper into the evolving landscape of AI-driven threats, I can’t help but feel like I’m watching an arms race unfold in real time. On one side, defenders are building more advanced AI to safeguard systems. On the other, attackers are weaponizing AI to make their campaigns faster, stealthier, and harder to detect.
The dual role of AI in cybersecurity is unavoidable and unmistakable. It’s both a shield and a sword, depending on who wields it. Today, I want to explore this dynamic, examine how attackers and defenders are using AI, and share actionable ways we can stay ahead.
Evolving Threat Landscape: How AI is Upleveling Attackers
Let’s start with the bad news. Cybercriminals are embracing AI, and they’re using it in ways that make traditional defenses look outdated. Here are some examples:
Polymorphic Malware: Attackers are now using AI to generate malware that changes its code in real time. This evasion tactic makes static detection methods—like signature-based antivirus—almost obsolete.
AI-Generated Phishing Campaigns: Gone are the days of poorly worded phishing emails with urgent requests to scam or threaten you. AI tools now craft hyper-personalized emails that mimic legitimate correspondence. They can scrape your LinkedIn, analyze your company’s communication style, and deliver a tailored attack designed to exploit your trust.
Sophisticated Droppers: Recent campaigns have leveraged AI-enhanced droppers to deliver payloads more effectively. These droppers can adapt their behavior mid-attack, ensuring they evade detection while deploying malicious software.
Deepfake-Assisted Impersonation: Deepfake technology is being used to mimic voices or faces in real time. Picture an attacker impersonating your CEO’s voice on a phone call, asking for sensitive credentials or a wire transfer. It’s already happening, and the implications are chilling.
Attackers aren’t just targeting individuals—they’re creating scalable, automated attacks that can hit enterprises where it hurts most: their data, their trust, and their bottom line.
The Defender’s Advantage: Leveraging AI for Security
Now for the good news: AI isn’t just for the bad guys. Cybersecurity teams are increasingly using AI to level the playing field. When applied correctly (I cannot stress this enough), AI can act as a force multiplier, helping defenders work smarter, not harder. How?
Behavioral-based anomaly detection, such as unusual access patterns or unexpected file movements, offers a proactive edge. If an employee account suddenly starts accessing hundreds of sensitive files at 3 a.m., by focusing on behavior, not relying on IOC-based signatures, AI can flag it as suspicious—even if the attack is entirely novel.
Beyond detection, AI excels at predictive analytics. By analyzing historical attack data, it can identify patterns and anticipate future threat vectors. This allows organizations to bolster defenses proactively, rather than waiting for an incident to occur. Vendors are also expanding coverage of analytics across threat surfaces and platforms. As an endpoint ghoul, it’s encouraging to see macOS and Linux start to get attention in public evaluations. This expands of course beyond the endpoint, as broader efforts to improve AI-based detection across the stack are growing.
Threat intelligence is another area where AI shines. It can process vast amounts of data—ranging from logs and threat feeds to dark web activity—to provide actionable insights. By reducing noise and prioritizing genuine threats, AI enables security teams to focus on what matters most.
Although I state this with a heavy grain of salt, there are cases where AI-driven tools can be used to automate incident response. Tools can isolate compromised endpoints, block malicious traffic, and initiate remediation processes at machine speed. Caveat: AI doesn’t solve the incident response problem, and it’s best to apply it to rote, toil intensive processes.
The AI Arms Race: Why This Dynamic Matters
The interplay between attackers and defenders is accelerating innovation on both sides. Attackers adapt faster than we do. They don’t have the red tape that slows down enterprise adoption. They experiment, iterate, and deploy AI tools rapidly, forcing defenders to react just as quickly. Attackers can now scale and optimize threats that hit multiple platforms and threat surfaces simultaneously.
The cost of falling behind is potentially high. Organizations that rely on static, outdated defenses risk becoming easy targets. The cost of a breach—both financial and reputational—can far exceed the investment in modern, AI-driven security tools. The catch-22 of this is adopting solutions for the sake of their capabilities is just as dangerous.
To stay ahead, organizations should embrace a proactive, deliberate mindset. It’s not enough to react to threats as they come—true resilience requires anticipating them before they happen. The challenge is that organizational inertia and healthy skepticism are rife within security, especially when it comes to AI. Understandably so…people are already sick of “AI-powered” pitches. The reality is AI is a powerful capability, and applying it to areas where it can deliver immediate and long-standing impact is the first step to the golden path.
Actionable Steps: How to Harden Your Defenses Today
If you’re wondering where to start, here are a few practical steps to incorporate AI-driven security into your strategy:
Adopt Behavior-Based Tools: Move beyond signature-based detection. Tools that analyze user and network behavior provide a deeper understanding of what’s normal—and what’s not.
Invest in Cross-Platform Coverage: Apply behavioral based visibility across your environment. For example, ensure your EDR solutions cover Windows, macOS, and Linux environments comprehensively. The goal is to leave no gaps in your attack surface.
Educate Your Team: AI-driven attacks often target human vulnerabilities. Regularly train employees to recognize phishing attempts, deepfakes, and other AI-enabled scams.
Collaborate and Share Intelligence: Cybersecurity is a team sport. Participate in threat-sharing communities to stay informed about the latest attack techniques and trends. If you’re not as open to sharing, Feedly is a great, freemium, place to start to bring yourself up to speed.
This list is not exhaustive, if you have found a great (ideally low cost or free) resource that the ABCbyD community would benefit from, please drop it in the comments section!
The Road Ahead for AI in Cybersecurity
The AI arms race isn’t slowing down. Attackers will continue to innovate, finding new ways to exploit technology for financial gain. But defenders have the tools—and the talent—to stay ahead.
As enterprise adoption of AI grows, and as the broader use cases for AI in the security stack receive more attention from security vendors, the gap will narrow. The key is to remain proactive, stay informed, and invest in tools that not only solve today’s problems but mitigate tomorrow’s.
So, what’s next? I’m pragmatically optimistic.We’re coming into AI with eyes wide(ish) open, and it’s starting to yield results. As I type this, I’m reminded of how far we’ve come in the last decade.
We’ve moved from signature-based antivirus to solutions that stream telemetry across threat surfaces and provide robust analytical capabilities. We’ve crowdsourced intelligence, held vendors accountable, and (by-in-large) stopped ambulance chasing.
We’ve come a long way. Yet the question remains will we, as defenders, evolve fast enough to keep pace with the challenges ahead?
Stay secure, stay curious my friends.
Damien
Note: opinions are my own.
Damien, agreed on many points. I'd love to hear what you're working on in your stealth startup.
Great post!