In recent years, artificial intelligence has evolved from being simply a tool that supports cybersecurity into a powerful enabler of threats. This is not just a technological shift. It fundamentally changes how attacks are conceived and carried out, making them faster, more widespread, and far easier to execute.
AI-driven cyberattacks, more accessible and widespread
One of the most visible impacts of AI on the cyber landscape is the sharp reduction in the level of expertise required to launch an attack. Activities that once demanded strong technical skills can now be automated or generated in just a few steps. Malware, phishing emails, and techniques to bypass security controls are no longer the exclusive domain of highly specialized groups. They are increasingly within reach of individuals with limited knowledge. The direct consequence is an exponential expansion of the attack surface. Cybercriminals are leveraging generative models to create threats that are more convincing and highly personalized, making them difficult to distinguish from legitimate activity. AI also enables real-time adaptation of content, significantly increasing the effectiveness of attacks.
At the same time, the rise of AI is fueling the spread of deepfakes, which are being used in increasingly sophisticated fraud schemes. Synthetic audio and video can impersonate corporate executives or trusted partners, prompting victims to take critical actions such as authorizing wire transfers or sharing sensitive data.
Speed is another key factor. AI makes it possible to automate the entire attack lifecycle, from reconnaissance to the exploitation of vulnerabilities. This drastically shortens the time between the discovery of a flaw and its exploitation, leaving organizations with much narrower windows to defend themselves. It is therefore unsurprising that more than half of security professionals identify AI-driven threats as their primary concern for the future, despite still having limited preparedness to address them.
New risk areas: models, data, and autonomous systems
While AI enhances existing attack techniques, it also introduces entirely new vulnerabilities. The models themselves are becoming targets. Techniques such as prompt injection can manipulate system behavior, causing it to ignore its original instructions, produce harmful outputs, or disclose sensitive information. Data-related risks are also growing. Generative systems rely on vast amounts of information, and this dependency makes them vulnerable to issues such as data leakage and data poisoning, where compromised datasets alter the model’s behavior.
Perhaps the most significant evolution lies in autonomous systems. These are no longer just tools, but machines capable of independently carrying out complex operations. In an offensive context, this means attacks that can adapt on their own, make decisions autonomously, and interact with other systems without human intervention. Early signs of this shift are already visible. Malware campaigns partially generated by AI show greater variability and an improved ability to evade traditional controls. At the same time, generative models enable the rapid, large-scale distribution of malicious code. In parallel, even more complex signals are emerging. Recent studies highlight unexpected behaviors in AI agents, capable of bypassing constraints or acting in ways that deviate from their instructions. This opens risk scenarios that are difficult to model using traditional approaches.
In this evolving landscape, cybersecurity is entering a new phase. It is no longer sufficient to simply detect and block known attacks. A proactive approach is required, one that focuses on identifying suspicious behavior and responding before it becomes harmful. Emerging solutions are increasingly centered on smart defense systems that combine behavioral analysis, machine learning, and automation to detect anomalies before they cause damage. Continuous monitoring of both systems and AI models is becoming essential to mitigate the risks associated with manipulation or misuse.