How AI Is Reshaping The Cybersecurity Landscape 

Two years ago, ChatGPT launched, marking a transformative moment for artificial intelligence. In that time, generative AI has revolutionised countless industries, including cybersecurity.  

Generative AI tools have lowered the barrier of entry for cybercriminals, helping them to scale their operations. These capabilities are gravely concerning to security teams – with 48% believing AI poses the most significant security risk to their organisation.  

However, while cybercriminals are exploiting large language models (LLMs) for sophisticated attacks, organisations are also leveraging AI to counter evolving threats. As ChatGPT turns two, the question is: who’s winning the AI arms race? 

We spoke to experts to explore how AI is changing the game and what businesses can do to secure their defences. 

1.    A new era of cyber threats 
AI has changed the way cybercriminals operate; they are now leveraging AI bots that can mimic human behaviour with unsettling accuracy, and the threat is on the rise. 

“Across cybersecurity, criminals often make the first move, and artificial intelligence is no exception,” explains Alex Rice, CTO and Co-Founder of HackerOne. “As AI becomes increasingly commoditised and sophisticated, malicious actors have begun developing custom AI bots designed to impersonate trusted individuals with alarming accuracy. 

“These AI deepfakes can mimic writing styles, speech patterns, and even emotional cues, essentially creating a skeleton key that bypasses traditional security measures built on interpersonal trust.” He continues, “this level of sophistication makes it incredibly challenging for even the most vigilant individuals to distinguish between genuine communication and AI-driven social engineering attempts.” 

Rice’s warning highlights how AI has shifted the balance of power in favour of cybercriminals. Traditional trust-based security measures are no longer enough in the face of AI-powered manipulation, businesses must implement multi-factor authentication and develop a mindset of constant verification. 

2.    Turning AI into a defensive tool 
While AI poses undeniable risks, it is also proving to be an invaluable ally in the fight against cybercrime. Security teams are leveraging GenAI to detect threats, analyse vulnerabilities, and neutralise attacks with greater speed and accuracy than ever before. 

“The rise of AI through publicly available tools such as ChatGPT is reshaping the cybersecurity landscape, with an increase in both the risks posed by cyberattacks and the potential for defence,” says Darren Thomson, Field CTO EMEAI at Commvault.  

“AI-driven cyber threats are increasing at an alarming rate, with 93% of security leaders expecting daily AI-driven attacks. AI’s capabilities enable attackers to automate and fine tune their malicious activities, from designing adaptable, personalised phishing campaigns to delivering malware that exploits specific vulnerabilities in a business. Predictive modelling allows cybercriminals to identify high-value targets and attack vectors efficiently, often before the victims can detect their presence.”  

However, he adds: “Advanced AI-driven threat intelligence systems are now capable of identifying silent and advanced attacks as they happen, offering the ability to neutralise threats before they result in damage. While the battle between AI and AI-driven cyberattacks is ongoing, leveraging AI’s strengths in defence can provide organisations with a vital edge in the ever-evolving cyber arms race.” 

Thomson’s perspective underlines that AI itself is neutral - it is how it’s used that makes the difference. By adopting AI-driven solutions, organisations can strengthen their security and stay ahead in this evolving landscape. 

3.    Securing innovation 
Generative AI is also transforming how businesses operate, with many embracing LLM-powered tools to drive efficiency and innovation. However, as these technologies are adopted, they bring new risks that must be addressed. According to research from HackerOne, 51% of security experts say basic security practices are being overlooked as companies hurry to include generative AI. 

“Two years after ChatGPT appeared on the scene and many businesses are preparing to build large language model (LLM) powered applications,” shares Gilad Elyashar, Chief Product Officer at Aqua Security. “A developer survey by Stack Overflow 70% of developers are using or are planning to use AI tools in their development process. 

“However, while businesses are strongly driven to embrace LLM adoption, they must be cautious about the evolving attack vectors that come with the new technology. Innovation must be backed up by strong security measures or it will only bring increased risk. These new avenues of attack include prompt injection, in which bad actors trick an LMM into following malicious instructions, compromising system security and integrity, and the potential for LLMs to generate insecure code.” 

To mitigate these risks, businesses need robust security strategies tailored to GenAI. Elyashar explains that businesses should, “employ specific GenAI policies which will serve as guardrails for developers, preventing unsafe usage of LLMs.”  

As ChatGPT marks its second anniversary, its impact on cybersecurity is unmistakable. The same technologies driving innovation for businesses are also being exploited by attackers. With the AI arms race only just beginning and the stakes rising, organisations must adapt or leave themselves vulnerable to more and more sophisticated forms of cyber-attacks. 

Alex Rice is CTO and Co-Founder of HackerOne and Darren Thomson is Field CTO EMEAI at Commvault

Image: Growtika

You Might Also Read:

Judge Uses ChatGPT As A Source For Court Verdict:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity Essentials For Laptop Gamers
2025: A New Year Of Cybersecurity Challenges »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Shavlik Protect

Shavlik Protect

Shavlik Protect is an easy-to-use security software solution that discovers missing patches and deploys them to the entire organization.

Synology

Synology

Synology provides high-performance, reliable, and secure Network Attached Storage (NAS) products.

Alert Logic

Alert Logic

Alert Logic delivers unrivaled security for any environment, delivering industry-leading managed detection and response (MDR) and web application firewall (WAF) solutions.

CERT.at

CERT.at

CERT.at is the Austrian national Computer Emergency Response Team.

Watchcom Security Group

Watchcom Security Group

Watchcom is one of Norway's foremost suppliers of information security consultancy services.

Basis Technology

Basis Technology

Basis Technology provides software solutions for text analytics, information retrieval, digital forensics, and identity resolution.

Deep Instinct

Deep Instinct

Deep Instinct provides comprehensive defense that is designed to protect against the most evasive unknown malware in real-time, across an organization’s endpoints, servers, and mobile devices.

Hivint

Hivint

Hivint is a new kind of Information Security professional services company enabling collaboration between our clients to reduce unnecessary security spend.

Indeed

Indeed

Indeed is a worldwide employment-related search engine for job listings covering job types in all industries, including cybersecurity.

Immuta

Immuta

Immuta empowers data engineering and operations teams to automate data governance, security, access control & privacy protection.

Bright Security

Bright Security

Bright Security is a developer-centric Dynamic Application Security Testing (DAST) solution that helps organizations ship secure applications and APIs quickly and cost-effectively.

Sotero

Sotero

Sotero is the first cloud-native, zero trust data security platform that consolidates your entire security stack into one easy-to-manage environment.

CyberQP

CyberQP

CyberQP (formerly Quickpass Cybersecurity) provide Privileged Access Management built for MSPs. Our system is designed to reduce ransomware and social engineering attack risks.

Heron Technology

Heron Technology

Heron Technology are a technology solutions consultancy with core competencies in the areas of Cyber Security and Digital Aviation.

Exaforce

Exaforce

At Exaforce, we are on a mission to 10× improve the productivity and efficacy of security and operations teams using our transformative multi-model AI engine.

Cygence

Cygence

Cygence is a cyber security consultancy providing independent expertise and tailored security solutions.