How AI Is Reshaping The Cybersecurity Landscape 

Two years ago, ChatGPT launched, marking a transformative moment for artificial intelligence. In that time, generative AI has revolutionised countless industries, including cybersecurity.  

Generative AI tools have lowered the barrier of entry for cybercriminals, helping them to scale their operations. These capabilities are gravely concerning to security teams – with 48% believing AI poses the most significant security risk to their organisation.  

However, while cybercriminals are exploiting large language models (LLMs) for sophisticated attacks, organisations are also leveraging AI to counter evolving threats. As ChatGPT turns two, the question is: who’s winning the AI arms race? 

We spoke to experts to explore how AI is changing the game and what businesses can do to secure their defences. 

1.    A new era of cyber threats 
AI has changed the way cybercriminals operate; they are now leveraging AI bots that can mimic human behaviour with unsettling accuracy, and the threat is on the rise. 

“Across cybersecurity, criminals often make the first move, and artificial intelligence is no exception,” explains Alex Rice, CTO and Co-Founder of HackerOne. “As AI becomes increasingly commoditised and sophisticated, malicious actors have begun developing custom AI bots designed to impersonate trusted individuals with alarming accuracy. 

“These AI deepfakes can mimic writing styles, speech patterns, and even emotional cues, essentially creating a skeleton key that bypasses traditional security measures built on interpersonal trust.” He continues, “this level of sophistication makes it incredibly challenging for even the most vigilant individuals to distinguish between genuine communication and AI-driven social engineering attempts.” 

Rice’s warning highlights how AI has shifted the balance of power in favour of cybercriminals. Traditional trust-based security measures are no longer enough in the face of AI-powered manipulation, businesses must implement multi-factor authentication and develop a mindset of constant verification. 

2.    Turning AI into a defensive tool 
While AI poses undeniable risks, it is also proving to be an invaluable ally in the fight against cybercrime. Security teams are leveraging GenAI to detect threats, analyse vulnerabilities, and neutralise attacks with greater speed and accuracy than ever before. 

“The rise of AI through publicly available tools such as ChatGPT is reshaping the cybersecurity landscape, with an increase in both the risks posed by cyberattacks and the potential for defence,” says Darren Thomson, Field CTO EMEAI at Commvault.  

“AI-driven cyber threats are increasing at an alarming rate, with 93% of security leaders expecting daily AI-driven attacks. AI’s capabilities enable attackers to automate and fine tune their malicious activities, from designing adaptable, personalised phishing campaigns to delivering malware that exploits specific vulnerabilities in a business. Predictive modelling allows cybercriminals to identify high-value targets and attack vectors efficiently, often before the victims can detect their presence.”  

However, he adds: “Advanced AI-driven threat intelligence systems are now capable of identifying silent and advanced attacks as they happen, offering the ability to neutralise threats before they result in damage. While the battle between AI and AI-driven cyberattacks is ongoing, leveraging AI’s strengths in defence can provide organisations with a vital edge in the ever-evolving cyber arms race.” 

Thomson’s perspective underlines that AI itself is neutral - it is how it’s used that makes the difference. By adopting AI-driven solutions, organisations can strengthen their security and stay ahead in this evolving landscape. 

3.    Securing innovation 
Generative AI is also transforming how businesses operate, with many embracing LLM-powered tools to drive efficiency and innovation. However, as these technologies are adopted, they bring new risks that must be addressed. According to research from HackerOne, 51% of security experts say basic security practices are being overlooked as companies hurry to include generative AI. 

“Two years after ChatGPT appeared on the scene and many businesses are preparing to build large language model (LLM) powered applications,” shares Gilad Elyashar, Chief Product Officer at Aqua Security. “A developer survey by Stack Overflow 70% of developers are using or are planning to use AI tools in their development process. 

“However, while businesses are strongly driven to embrace LLM adoption, they must be cautious about the evolving attack vectors that come with the new technology. Innovation must be backed up by strong security measures or it will only bring increased risk. These new avenues of attack include prompt injection, in which bad actors trick an LMM into following malicious instructions, compromising system security and integrity, and the potential for LLMs to generate insecure code.” 

To mitigate these risks, businesses need robust security strategies tailored to GenAI. Elyashar explains that businesses should, “employ specific GenAI policies which will serve as guardrails for developers, preventing unsafe usage of LLMs.”  

As ChatGPT marks its second anniversary, its impact on cybersecurity is unmistakable. The same technologies driving innovation for businesses are also being exploited by attackers. With the AI arms race only just beginning and the stakes rising, organisations must adapt or leave themselves vulnerable to more and more sophisticated forms of cyber-attacks. 

Alex Rice is CTO and Co-Founder of HackerOne and Darren Thomson is Field CTO EMEAI at Commvault

Image: Growtika

You Might Also Read:

Judge Uses ChatGPT As A Source For Court Verdict:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity Essentials For Laptop Gamers
2025: A New Year Of Cybersecurity Challenges »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Optimal IdM

Optimal IdM

Optimal IdM is a leading global provider of identity management solutions and services.

Combitech

Combitech

Combitech is the Nordic region’s leading cyber security consultancy firm, with about 260 certified security consultants helping companies and authorities prevent and manage cyber threats.

NordForsk

NordForsk

NordForsk facilitates and provides funding for Nordic research cooperation and research infrastructure. Project areas include digitalisation and digital security.

Assured Enterprises

Assured Enterprises

Assured Enterprises provides comprehensive cyber risk identification, management and mitigation across all platforms.

Statice

Statice

Statice develops state-of-the-art data privacy technology that helps companies double-down on data-driven innovation while safeguarding the privacy of individuals.

Techleap.nl

Techleap.nl

Techleap.nl is a non-profit publicly funded organisation helping to quantify and accelerate the tech ecosystem of the Netherlands.

NSA Career Development Programs

NSA Career Development Programs

NSA offers entry-level programs to help employees enhance their skills, improve their understanding of a specific discipline and even cross-train into a new career field.

Estio Training

Estio Training

Estio Training is a specialist digital and IT apprenticeships provider, dedicated to introducing new skills and developing existing talent in businesses across the UK.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Constella Intelligence

Constella Intelligence

Constella Intelligence provides digital risk protection services to quickly and efficiently disrupt cyber attacks and data breaches before they occur.

Cyber Resilience Centre for Wales (WCRC)

Cyber Resilience Centre for Wales (WCRC)

The Cyber Resilience Centre for Wales (WCRC) is part of the national roll out of Cyber Resilience Centres in the UK which began in 2019.

Cyber Management Alliance

Cyber Management Alliance

Cyber Management Alliance is closing the divide in cyberspace by bringing together the best qualities of thought leadership and operational mastery of cyber security management.

Digital Silence

Digital Silence

Digital Silence is a world-class provider of information security research and consulting services.

Prancer

Prancer

Prancer is the industry's first cloud-native, self-service SAAS platform for automated security validation and penetration testing in the cloud.

Ibento Global

Ibento Global

Ibento organises the CyberX series of cybersecurity conferences.

ZainTech

ZainTech

Zaintech is a regional digital & ICT solutions provider offering comprehensive digital solutions and services to enterprise and government customers in the MENA region.