Dispatches From the AI Cyber Arms Race

Artificial intelligence is emerging as a factor at each step of the cyber defense cycle, say experts at Syracuse University’s School of Information Studies:

DETECTION: Identifies anomalies that indicate a potential threat without relying on known threat signatures > ANALYSIS: Determines what systems are most vulnerable and a threat’s nature and potential severity > RESPONSE: Isolates the threat and triggers alerts > RECOVERY: Helps return systems to normal functioning and adds the threat to its knowledge base.  

→ Key Use Cases for AI-Driven Cyber Defenses:

Here are some of the most promising use cases for AI in cybersecurity, according to experts:

• Detecting external threats: Unlike traditional detection tools, AI-driven solutions get better over time at identifying threats and preventing false alerts.
• Detecting internal threats: AI is expected to significantly improve behavioral analytics, which develops an understanding of individual users’ normal network behavior (e.g., when people typically log in and from where, what they access, etc.) and then flags anything anomalous.
• Phishing prevention: AI can catch phishing attempts by detecting indicators in network and email traffic and then analyzing the content of the email.
• Protecting endpoint devices: AI should accelerate solutions’ ability to detect and quarantine threats on user devices, keeping the rest of the network safe.
• Optimizing access management: What access rights do users actually need? AI can study user behavior to learn which resources users typically access — and which they don’t — and recommend tweaks to their permissions.

→ GenAI Gets the Call

Although generative AI is unlikely to play a major role in the core cyber defense life cycle, it can still help. A paper that the Institute of Electrical and Electronics Engineers published recently highlights some promising possibilities:

• Generating passwords that are more difficult to crack
• Identifying phishing email messages and flagging dangerous links embedded in email text
• Creating realistic phishing emails for use in employee training
• Simulating adversarial attacks on GenAI systems to identify potential vulnerabilities
• Simulating malware attacks, based on real malware data, to test detection systems
• Creating fake websites and applications (i.e., honeypots) to attract attackers so that cyber defenders can study their techniques

→ AI-Driven Cyber Threats

While GenAI may not be especially helpful to cybersecurity, it can play an outsize role in helping malicious actors because using it requires much less technical expertise or advanced tooling than, say, machine learning-based methods. Here are some ways GenAI could amplify cyber threats, according to ISACA, an IT professional association.

• Social engineering: Making phishing emails and fake websites more personal and more convincing
• Malware: Developing techniques that are more effective and adaptable to new defenses
• Password cracking: Developing algorithms that help attackers decipher passwords more effectively and quickly
• Automated attacks: Deploying numerous bots to detect and exploit network or system vulnerabilities
• Data extraction: Finding and stealing data on compromised networks
• Ransomware attacks: Automating the process of encrypting a target organization’s files and folders
• IoT attacks: Detecting and exploiting vulnerabilities in Internet of Thing networks and network-attached devices (e.g., sensors, monitors and cameras), as well as compromising IoT data

→ An Agentic Future

In time, agentic AI, which is designed to carry out complex processes with minimal human intervention, is expected to bolster cyber defenses, according to a recent paper by researchers at Oak Ridge National Laboratory.

This article appeared in our guide, “The AI Cyber Arms Race Is On.” For more on how artificial intelligence will shape cybersecurity strategies in 2026 and beyond, download the guide here:

Photo by Ron Lach on pexels.com