How AI Is Reshaping The Cybersecurity Landscape 

Two years ago, ChatGPT launched, marking a transformative moment for artificial intelligence. In that time, generative AI has revolutionised countless industries, including cybersecurity.  

Generative AI tools have lowered the barrier of entry for cybercriminals, helping them to scale their operations. These capabilities are gravely concerning to security teams – with 48% believing AI poses the most significant security risk to their organisation.  

However, while cybercriminals are exploiting large language models (LLMs) for sophisticated attacks, organisations are also leveraging AI to counter evolving threats. As ChatGPT turns two, the question is: who’s winning the AI arms race? 

We spoke to experts to explore how AI is changing the game and what businesses can do to secure their defences. 

1.    A new era of cyber threats 
AI has changed the way cybercriminals operate; they are now leveraging AI bots that can mimic human behaviour with unsettling accuracy, and the threat is on the rise. 

“Across cybersecurity, criminals often make the first move, and artificial intelligence is no exception,” explains Alex Rice, CTO and Co-Founder of HackerOne. “As AI becomes increasingly commoditised and sophisticated, malicious actors have begun developing custom AI bots designed to impersonate trusted individuals with alarming accuracy. 

“These AI deepfakes can mimic writing styles, speech patterns, and even emotional cues, essentially creating a skeleton key that bypasses traditional security measures built on interpersonal trust.” He continues, “this level of sophistication makes it incredibly challenging for even the most vigilant individuals to distinguish between genuine communication and AI-driven social engineering attempts.” 

Rice’s warning highlights how AI has shifted the balance of power in favour of cybercriminals. Traditional trust-based security measures are no longer enough in the face of AI-powered manipulation, businesses must implement multi-factor authentication and develop a mindset of constant verification. 

2.    Turning AI into a defensive tool 
While AI poses undeniable risks, it is also proving to be an invaluable ally in the fight against cybercrime. Security teams are leveraging GenAI to detect threats, analyse vulnerabilities, and neutralise attacks with greater speed and accuracy than ever before. 

“The rise of AI through publicly available tools such as ChatGPT is reshaping the cybersecurity landscape, with an increase in both the risks posed by cyberattacks and the potential for defence,” says Darren Thomson, Field CTO EMEAI at Commvault.  

“AI-driven cyber threats are increasing at an alarming rate, with 93% of security leaders expecting daily AI-driven attacks. AI’s capabilities enable attackers to automate and fine tune their malicious activities, from designing adaptable, personalised phishing campaigns to delivering malware that exploits specific vulnerabilities in a business. Predictive modelling allows cybercriminals to identify high-value targets and attack vectors efficiently, often before the victims can detect their presence.”  

However, he adds: “Advanced AI-driven threat intelligence systems are now capable of identifying silent and advanced attacks as they happen, offering the ability to neutralise threats before they result in damage. While the battle between AI and AI-driven cyberattacks is ongoing, leveraging AI’s strengths in defence can provide organisations with a vital edge in the ever-evolving cyber arms race.” 

Thomson’s perspective underlines that AI itself is neutral - it is how it’s used that makes the difference. By adopting AI-driven solutions, organisations can strengthen their security and stay ahead in this evolving landscape. 

3.    Securing innovation 
Generative AI is also transforming how businesses operate, with many embracing LLM-powered tools to drive efficiency and innovation. However, as these technologies are adopted, they bring new risks that must be addressed. According to research from HackerOne, 51% of security experts say basic security practices are being overlooked as companies hurry to include generative AI. 

“Two years after ChatGPT appeared on the scene and many businesses are preparing to build large language model (LLM) powered applications,” shares Gilad Elyashar, Chief Product Officer at Aqua Security. “A developer survey by Stack Overflow 70% of developers are using or are planning to use AI tools in their development process. 

“However, while businesses are strongly driven to embrace LLM adoption, they must be cautious about the evolving attack vectors that come with the new technology. Innovation must be backed up by strong security measures or it will only bring increased risk. These new avenues of attack include prompt injection, in which bad actors trick an LMM into following malicious instructions, compromising system security and integrity, and the potential for LLMs to generate insecure code.” 

To mitigate these risks, businesses need robust security strategies tailored to GenAI. Elyashar explains that businesses should, “employ specific GenAI policies which will serve as guardrails for developers, preventing unsafe usage of LLMs.”  

As ChatGPT marks its second anniversary, its impact on cybersecurity is unmistakable. The same technologies driving innovation for businesses are also being exploited by attackers. With the AI arms race only just beginning and the stakes rising, organisations must adapt or leave themselves vulnerable to more and more sophisticated forms of cyber-attacks. 

Alex Rice is CTO and Co-Founder of HackerOne and Darren Thomson is Field CTO EMEAI at Commvault

Image: Growtika

You Might Also Read:

Judge Uses ChatGPT As A Source For Court Verdict:


If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cybersecurity Essentials For Laptop Gamers
2025: A New Year Of Cybersecurity Challenges »

CyberSecurity Jobsite
Check Point

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Duane Morris LLP

Duane Morris LLP

Duane Morris is a global law firm with offices in the USA, UK and Asia. Practice areas include Cybersecurity.

National Cyber Security Directorate (DNSC) - Romania

National Cyber Security Directorate (DNSC) - Romania

DNSC (formerly CERT-RO) is the Romanian national cyber security and incident response team.

REVI-IT

REVI-IT

REVI-IT is a Danish state-owned audit firm focusing on enterprise IT business processes and compliance,

limes datentechnik

limes datentechnik

limes datentechnik is an authority in the fields of cryptography and data compression. The FLAM product family is an internationally accepted standard for efficient and safe handling of data.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

LEADS

LEADS

LEADS is considered as a leading ICT Solution Provider and an IT partner of choice in Bangladesh.

Cylus

Cylus

Cylus, a global leader in rail cybersecurity, helps rail and metro companies avoid safety incidents and service disruptions caused by cyber-attacks.

TalaTek

TalaTek

TalaTek is a full-service risk management firm providing expert services in risk management, cybersecurity, and compliance.

Matrixforce

Matrixforce

Matrixforce is a vetted IT support provider that uses the patented Delta Method of streamlining technology for financial and professional service firms to reduce complexity and avoid risk.

Sentra

Sentra

Sentra is focused on improving data security practices within the cloud, mitigating the risks of damaging data leaks by providing comprehensive visibility into critical data assets.

Sitehop

Sitehop

Sitehop is a cybersecurity technology company developing and supplying FPGA hardware-enforced cyber security solutions for networks.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Trustaira

Trustaira

Trustaira is the first deep tech solution and service company in Bangladesh.

CyberEPQ

CyberEPQ

CyberEPQ (Cyber Extended Project Qualification) is the UK’s first and only Extended Project Qualification in Cyber Security.

AppSentinels

AppSentinels

Appsentinels are a group of security and technology experts with a mission to fix gaps in application security.

CMD+CTRL Security

CMD+CTRL Security

CMD+CTRL Security is a pioneer in software security training. Industry-leading organizations rely on our training solutions to make software secure wherever it runs.