The double-edged sword of AI in cybersecurity

Imagine you’re the IT manager of a bustling organization. One morning, as you sip your coffee, an alert pops up on your screen: a sophisticated cyberattack is underway, targeting your organization’s sensitive data. Panic sets in — but then you remember the AI-driven cybersecurity system you recently implemented.

Within seconds, the system identifies the threat, isolates the affected systems and neutralizes the attack before it can do any damage. You breathe a sigh of relief, grateful for the advanced technology that just averted a potential disaster.

However, the story doesn’t end there. As you investigate the incident, you realize that the attack was itself powered by AI, designed to bypass traditional security measures. This underscores a critical truth: AI is both a powerful ally and a powerful adversary in the fight against cyberthreats. The same technology that protects your business can be weaponized against it.

• ALSO READ → The AI privacy dilemma: How to balance progress and protection

AI is here to stay

Considering AI from every angle has never been more important. We’ve all heard the story. A BCC Research report published in 2024 says the market for enterprise AI is expected to grow from $8.3 billion in 2022 to $68.9 billion in 2028 at a compound annual growth rate of 43.9%. Indeed, more and more organizations are adopting GenAI and agentic AI solutions.

As investment in AI grows, it becomes a fundamental part of organizational technology and helps to identify exposures and manage vulnerabilities throughout business functions and processes. 

At the same time, nearly 47% of organizations in the World Economic Forum’s Global Cybersecurity Outlook 2025 say adversarial advances powered by GenAI is their primary concern, as it enables more sophisticated and scalable attacks.

To unlock the full potential of AI for protection, we have to understand the multifaceted risks and benefits of AI-driven security.

The good: The benefits of AI in cybersecurity

Threat hunting and improved threat detection

By analyzing vast amounts of data, AI can identify patterns and anomalies that may indicate a cyberthreat —faster and more accurately than humans. AI systems can proactively search for signs of malicious activity that traditional security tools might miss, and detect malware based on its behavior rather than just its signature.

Automated responses

Because AI can automatically respond to certain types of threats, you can mitigate potential damage quickly. If known malware is detected on a device, AI can automatically isolate the device from the network to keep the infection from spreading.

Predictive abilities and improved incident analysis

AI can predict potential security breaches by analyzing trends and historical data, allowing you to proactively strengthen your organization’s defenses. And it can quickly analyze security incidents, identify the root cause and suggest remediation steps.

Continuous monitoring, vulnerability scanning and patch management

A significant benefit of AI is round-the-clock monitoring of networks and systems to promptly detect and mitigate threats. The technology can automatically scan for vulnerabilities, manage patches and prioritize vulnerabilities based on their potential impact and likelihood of being exploited.

Phishing detection

Human analysts can easily miss subtle signs of phishing, but AI is effective in analyzing the content of emails and web pages to detect phishing attempts.

Malware analysis

AI can analyze and reverse-engineer malware. This helps you to understand how malware operates and how to mitigate its impact.

Identity and access management

The technology can improve identity and access management by continuously monitoring the behavior of your users and detecting anomalies that might indicate compromised credentials.

Data-loss prevention

AI can help prevent data loss by monitoring data transfers and identifying suspicious activities that could indicate an attempt to steal sensitive information. AI also plays a crucial role in real-time data classification.

The bad: The risks of AI in cybersecurity

While AI can be an effective security tool, you need specialized skills to implement and manage AI-based security systems.

You also need quality data — AI relies heavily on the quality and quantity of the data it is trained on, and poor data can lead to ineffective threat detection. The extensive data collection and analysis involved in AI can also raise significant privacy issues.

Another risk in using AI security systems is the possibility of false positives: the technology can sometimes flag benign activities as threats, leading to unnecessary disruptions, wasted resources and the erosion of trust in AI systems.

• ALSO READ → Zero trust, SASE and AI: The power trio that keeps your network safe

The ugly: How cybercriminals abuse AI

Criminals are using AI to develop more complex and harder-to-detect cyberattacks, including:

• Data poisoning: Manipulating the data used to train AI models to produce incorrect results
• Deepfakes: Creating realistic but fake videos or audio recordings to deceive individuals and organizations
• Password hacking: Using AI to crack passwords more efficiently
• Social engineering: Composing convincing phishing emails and launching other social-engineering attacks, including pretexting (fabricating a scenario to gain the victim’s trust, such as posing as someone from the IT team and asking for their login credentials) and scareware (bombarding the victim with false alarms and fake threats).

AI also introduces new attack surfaces to protect, leading to changes in application and data security practices.

Balancing the good, the bad and the ugly

The good news is that the potential benefits of AI still outweigh the risks. AI-driven threat detection and response allows for shorter detection times and automated responses to threats.

To protect your organization from AI-driven attacks, follow these 7 steps:

1. Review your existing cybersecurity: Follow best practices and make sure your security measures are always up to date.
2. Implement internal training: Educate your employees about the risks and benefits of AI in cybersecurity.
3. Adopt zero trust architecture: Continuously verify and authenticate every user and device accessing your systems.
4. Develop AI-specific threat intelligence: Maintain a dedicated threat-intelligence feed for AI-related threats.
5. Conduct regular risk assessments: Regularly audit your AI systems to track and improve their security.
6. Implement AI-driven security platforms: Advanced threats can only be detected by using AI-enabled security platforms to analyze behavior.
7. Introduce response platforms: Response platforms like SOAR (Security Orchestration, Automation and Response) integrate security tools and can use AI-supported automation to respond to cybersecurity incidents.

Partner up for full protection

AI is undeniably a double-edged sword in the realm of cybersecurity. It protects your business but also introduces new risks that must be carefully managed.

Working with an expert partner is a fast and reliable way of adopting a proactive and comprehensive approach to AI-driven security, including full-time monitoring. An experienced service provider will also understand the nuances of your industry and fine-tune your security accordingly.

NTT DATA has partnered with Palo Alto Networks to provide AI-driven threat detection and rapid response through Cortex XSIAM from Palo Alto Networks and our own Managed Extended Detection and Response service. Together, we provide 24x7 threat monitoring and response, advanced AI analytics and threat intelligence, as well as automated incident response powered by security orchestration, automation and response.

• ALSO READ → MXDR: Make cyber resilience a priority with advanced detection and response