The relationship between AI and cybersecurity has been in the spotlight for many years. As the digital world has taken over, every organization has had to deal with cyber risks—whether from external attacks or simple mistakes or oversights—that could compromise their data or make critical business applications inaccessible.
Cybercrime has evolved into a highly profitable business in recent years, with a steady increase in attacks and incidents (+65% in Italy in 2023, according to Clusit). At the same time, the market for solutions aimed at preventing and responding to cyber threats grew by 15.6% (2023, IDC), surpassing $100 billion in global spending. The advent of artificial intelligence and its integration into cyber defense strategies can further fuel this growth.
For some time now, cybersecurity has been a daily battle between attackers and defenders, making it one of the most innovative sectors within the digital transformation ecosystem.
Artificial intelligence is a powerful driver of innovation, so it's no surprise that all players in cybersecurity see it as an extraordinary opportunity: organizations can use AI to enhance their defense capabilities and response mechanisms, while attackers can leverage it to make their actions more efficient and automated.
From the perspective of threat actors, AI techniques can be employed to enhance the effectiveness of attacks. For example, AI can be used to create adaptive malware that evolves in response to countermeasures. Additionally, AI can automate vulnerability detection and support the development of increasingly personalized and sophisticated phishing campaigns and social engineering attacks.
In this context, generative AI has had (and will continue to have) a central impact. Its ability to create new multimedia content provides cybercriminals with tools that cleverly outmaneuver traditional defenses. Today, it’s possible to clone a person’s voice and carry out highly realistic text-based phishing campaigns, as well as disseminate manipulated videos—known as deepfakes—that accurately replicate real people's faces and movements. Additionally, Large Language Models (LLMs) can assist in generating source code for malicious agents such as viruses and ransomware. This is precisely why this capability has been disabled in widely used AI models, including OpenAI’s GPT and Google’s Gemini.
Organizations and government entities are aware of the threats posed by the increasingly close relationship between AI and cybersecurity. This is evidenced by the investments mentioned above, as well as explicit warnings such as that of the FBI, which in May 2024 cautioned individuals and businesses about the "growing threat posed by cybercriminals using AI tools to conduct sophisticated phishing/social engineering attacks and voice/video cloning scams." On this side of the Atlantic, the UK's National Cyber Security Center has stated that “Artificial Intelligence (AI) will almost certainly increase the volume and impact of cyberattacks” as it evolves existing tactics, techniques, and procedures (TTPs). There is no doubt that effective defensive strategies must be developed.
The FBI’s statement also provides some guidance on how to address the cyber threats amplified by artificial intelligence, given that AI techniques can be used in various ways to support different tactics, from phishing to large-scale automated DDoS attacks.
The U.S. agency, addressing end users of digital services and solutions, emphasizes the importance of awareness—the understanding of existing threats and attack dynamics—as the only effective starting point for developing sound behaviors and reducing cyber risks. Another key recommendation is to implement MFA (Multi-Factor Authentication) wherever possible. Additionally, we suggest leveraging AI itself, but this time to prevent and respond effectively to these threats.
Many techniques within the AI ecosystem, including Machine Learning, Deep Learning, artificial neural networks, and NLP (Natural Language Processing), can enhance both the preventive and reactive capabilities of any company. This explains the success of related solutions, which, according to a Comp-TIA survey, are already being used by 56% of businesses.
But how exactly does AI strengthen initiatives, strategies, and tools that companies use to protect business continuity and their data?
One of the main challenges for security teams is the timely detection of unknown threats. AI plays a crucial role by analyzing vast amounts of data in real-time and identifying abnormal behaviors that may indicate an ongoing attack.
AI, in particular, can detect complex patterns that traditional tools often miss, such as distributed attack attempts across multiple vectors or threats that blend in with legitimate traffic. To recognize these attack patterns, existing solutions rely on various techniques such as Machine Learning, Deep Learning, or NLP. In the case of NLP, it can analyze communications in real-time to identify phishing and/or social engineering attempts.
In addition to its ability to analyze patterns and behaviors, AI continually learns from new information, enhancing its ability to recognize and block previously unknown (or Zero-Day) attacks before they harm a company’s information infrastructure. This capability has multiple business applications, ranging from modern AI-powered antispam systems to real-time network monitoring solutions that detect anomalous behaviors from internal users or external actors.
Artificial intelligence can also enhance the delicate process of vulnerability assessment and management. AI-powered solutions can continuously scan networks and systems for new vulnerabilities, assess the associated risk for each one, and provide prioritization (scoring) and actionable recommendations for mitigation.
Beyond threat detection, AI enables timely and automated (or semi-automated) responses to security incidents. When faced with a significant threat, AI-powered solutions can, for example, isolate compromised systems, adjust network configurations (e.g., firewall settings), block suspicious connections, and initiate forensic analysis to trace the source of the attack.
In certain cases, these solutions can alert security teams by providing automatic scoring and recommendations for necessary actions, while leaving the final decision to the experts. Many Security Operations Centers (SOCs), which are crucial for protecting enterprise-level IT ecosystems, operate by leveraging the synergy between AI-powered automation and skilled human intervention.
Artificial intelligence enhances and secures the management of identities and access to networks, devices, and applications. AI provides businesses with advanced biometric authentication solutions, such as facial recognition and fingerprint analysis, ensuring strong protection against unauthorized access.
Furthermore, sophisticated AI techniques can create, analyze, and interpret access patterns to systems, accurately distinguishing between legitimate users and potential threats. Predictive algorithms process and correlate multiple data points, such as user location, device type, time, actions taken, and historical behavior. This approach allows dynamic adaptation of access policies and significantly improves the ability to respond to threats like account compromise and insider threats.