How AI Is Reshaping The Cybersecurity Landscape 

Two years ago, ChatGPT launched, marking a transformative moment for artificial intelligence. In that time, generative AI has revolutionised countless industries, including cybersecurity.  

Generative AI tools have lowered the barrier of entry for cybercriminals, helping them to scale their operations. These capabilities are gravely concerning to security teams – with 48% believing AI poses the most significant security risk to their organisation.  

However, while cybercriminals are exploiting large language models (LLMs) for sophisticated attacks, organisations are also leveraging AI to counter evolving threats. As ChatGPT turns two, the question is: who’s winning the AI arms race? 

We spoke to experts to explore how AI is changing the game and what businesses can do to secure their defences. 

1.    A new era of cyber threats 
AI has changed the way cybercriminals operate; they are now leveraging AI bots that can mimic human behaviour with unsettling accuracy, and the threat is on the rise. 

“Across cybersecurity, criminals often make the first move, and artificial intelligence is no exception,” explains Alex Rice, CTO and Co-Founder of HackerOne. “As AI becomes increasingly commoditised and sophisticated, malicious actors have begun developing custom AI bots designed to impersonate trusted individuals with alarming accuracy. 

“These AI deepfakes can mimic writing styles, speech patterns, and even emotional cues, essentially creating a skeleton key that bypasses traditional security measures built on interpersonal trust.” He continues, “this level of sophistication makes it incredibly challenging for even the most vigilant individuals to distinguish between genuine communication and AI-driven social engineering attempts.” 

Rice’s warning highlights how AI has shifted the balance of power in favour of cybercriminals. Traditional trust-based security measures are no longer enough in the face of AI-powered manipulation, businesses must implement multi-factor authentication and develop a mindset of constant verification. 

2.    Turning AI into a defensive tool 
While AI poses undeniable risks, it is also proving to be an invaluable ally in the fight against cybercrime. Security teams are leveraging GenAI to detect threats, analyse vulnerabilities, and neutralise attacks with greater speed and accuracy than ever before. 

“The rise of AI through publicly available tools such as ChatGPT is reshaping the cybersecurity landscape, with an increase in both the risks posed by cyberattacks and the potential for defence,” says Darren Thomson, Field CTO EMEAI at Commvault.  

“AI-driven cyber threats are increasing at an alarming rate, with 93% of security leaders expecting daily AI-driven attacks. AI’s capabilities enable attackers to automate and fine tune their malicious activities, from designing adaptable, personalised phishing campaigns to delivering malware that exploits specific vulnerabilities in a business. Predictive modelling allows cybercriminals to identify high-value targets and attack vectors efficiently, often before the victims can detect their presence.”  

However, he adds: “Advanced AI-driven threat intelligence systems are now capable of identifying silent and advanced attacks as they happen, offering the ability to neutralise threats before they result in damage. While the battle between AI and AI-driven cyberattacks is ongoing, leveraging AI’s strengths in defence can provide organisations with a vital edge in the ever-evolving cyber arms race.” 

Thomson’s perspective underlines that AI itself is neutral - it is how it’s used that makes the difference. By adopting AI-driven solutions, organisations can strengthen their security and stay ahead in this evolving landscape. 

3.    Securing innovation 
Generative AI is also transforming how businesses operate, with many embracing LLM-powered tools to drive efficiency and innovation. However, as these technologies are adopted, they bring new risks that must be addressed. According to research from HackerOne, 51% of security experts say basic security practices are being overlooked as companies hurry to include generative AI. 

“Two years after ChatGPT appeared on the scene and many businesses are preparing to build large language model (LLM) powered applications,” shares Gilad Elyashar, Chief Product Officer at Aqua Security. “A developer survey by Stack Overflow 70% of developers are using or are planning to use AI tools in their development process. 

“However, while businesses are strongly driven to embrace LLM adoption, they must be cautious about the evolving attack vectors that come with the new technology. Innovation must be backed up by strong security measures or it will only bring increased risk. These new avenues of attack include prompt injection, in which bad actors trick an LMM into following malicious instructions, compromising system security and integrity, and the potential for LLMs to generate insecure code.” 

To mitigate these risks, businesses need robust security strategies tailored to GenAI. Elyashar explains that businesses should, “employ specific GenAI policies which will serve as guardrails for developers, preventing unsafe usage of LLMs.”  

As ChatGPT marks its second anniversary, its impact on cybersecurity is unmistakable. The same technologies driving innovation for businesses are also being exploited by attackers. With the AI arms race only just beginning and the stakes rising, organisations must adapt or leave themselves vulnerable to more and more sophisticated forms of cyber-attacks. 

Alex Rice is CTO and Co-Founder of HackerOne and Darren Thomson is Field CTO EMEAI at Commvault

Image: Growtika

You Might Also Read:

Judge Uses ChatGPT As A Source For Court Verdict:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity Essentials For Laptop Gamers
2025: A New Year Of Cybersecurity Challenges »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Zybert Computing

Zybert Computing

Zybert Computing provide server solutions with built-in security and information protection features for the SME market.

Disklabs

Disklabs

Disklabs are industry leaders in data recovery, digital forensics and data erasure.

Verint Systems

Verint Systems

Verint is a leader in CX automation. The world’s most iconic brands rely on our open platform and team of AI-powered bots to create tangible AI business outcomes, now.

Wolfpack Information Risk

Wolfpack Information Risk

Wolfpack specialise in information and cyber threat management covering the full spectrum of prevention, detection, incident response and business resilience capabilities.

Global Cyber Alliance (GCA)

Global Cyber Alliance (GCA)

Global Cyber Alliance is an international, cross-sector effort dedicated to eradicating cyber risk and improving our connected world.

VXRL

VXRL

VXRL is a Hong Kong-based cybersecurity company. We provide consulting services, penetration testing, and corporate training.

Bright Machines

Bright Machines

Bright Machines delivers intelligent, software-defined manufacturing by bringing together our flexible factory robots with intelligent software, production data and machine learning.

SOCOTEC Certification International

SOCOTEC Certification International

SOCOTEC Certification International has been providing management systems assessment and accredited ISO certification services to organisations around the world since 1995.

Cyber Tec Security

Cyber Tec Security

Cyber Tec Security is an IASME Certification Body for Cyber Essentials basic/Plus. We also provide ongoing Managed Security Services.

Aergo

Aergo

Aergo offers an easier and more proven way to adopt blockchain and transform your business while building on your existing IT and cloud assets.

Vantea SMART

Vantea SMART

Vantea SMART have decades of experience in cybersecurity resulting in an approach of proactive prevention - Security by Design and by Default.

Zerify

Zerify

Zerify offers the industry’s only video conferencing platform built with a zero-trust architecture to keep your meetings secure, private and business compliant.

Dimension Data

Dimension Data

Dimension Data is a leading African born technology provider operating in the Middle East and Africa, offering a portfolio of services including intelligent security solutions.

Metrics that Matter (MTM)

Metrics that Matter (MTM)

Metrics that Matter redefines how organizations approach cybersecurity by offering unprecedented insight into the value of their assets to criminals and tailored action plans to protect.

OpenZiti

OpenZiti

OpenZiti is the world’s most used and widely integrated open source secure networking platform. OpenZiti provides both zero trust security and overlay networking as pure open source software.

Two Candlesticks

Two Candlesticks

Two Candlesticks is a global cybersecurity service provider delivering high level consultancy, strategy, and frameworks to governments, regulators and midsized companies.