How Artificial Intelligence is transforming both cyber defense and cybercrime
by Venkatesh Apsingekar, Senior Engineering Manager – Illumio
I recently watched Terminator 2 with my 9-year-old son. Since It was his first time watching Terminator, he was entirely into the film; I couldn’t help but picture a different version of it in my own world. As a cybersecurity professional, working on integrating AI to advance threat detection, investigation, and response capabilities, the work feels more like a Sci-Fi movie to me.
With the power of AI, the cybersecurity landscape is slowly becoming a battlefield of AI vs AI. On one side, the security product portfolio is evolving to spot anomalies, investigate, and respond in milliseconds. On the other, attackers are building malware and hyper-personalized phishing attacks with AI that learns and adapts at runtime. This arms race is shaping the future of cybersecurity.
Like a great power, AI has become a double-edged sword. It has fundamentally reshaped the scale and speed of cybersecurity.
- Speed & Scale – AI can process millions of events and make decisions real time, several times faster than human capacity. The same speed also enables attackers to launch campaigns on a massive scale.
- Accessibility – Open source AI models are widely available, equally empowering both defenders and attackers.
The outcome? Both sides are racing to out-innovate the other. According to the latest industry reports, 75% of enterprises are utilizing some form of AI in their security operations, while the latest cybercrimes openly leverage AI to launch more sophisticated attacks.
Threat Detection and investigation at lightning speed –
Modern enterprises generate millions of security events daily – far more than a human analyst could ever review. With the help of AI, security products can process far more events than human analyst to make intelligent decisions.
AI can analyze network flows, user behavior, system logs, and process threat intelligence all at once, simultaneously. Something that would take human analyst days or weeks.
AI can analyze & establish patterns applicable to a specific enterprise and flag deviations instantly. When an employee suddenly accesses sensitive files at 3 AM from an unusual location, AI can notice the change in pattern instantly.
Predictive defense—stopping attacks before they happen
Beyond just reacting to known vulnerabilities, AI models can forecast where attacks are likely to occur based on historical patterns, threat intelligence, and emerging vulnerabilities.
Trained security AI models analyze global threat data from thousands of organizations, and even new variants of ransomware emerge in the market.
Automated Response: Fighting back in Real Time
According to the IBM Cost of a Data Breach Report 2024, organizations took an average of 204 days to identify a data breach. An additional 73 days were needed to contain the breach, resulting in an average total breach lifecycle of 277 days.
An AI-driven security orchestration platform can automatically isolate infected systems, block malicious IP addresses, revoke compromised credentials, and contain threats—all within seconds of detection, making intelligent decisions based on context and its business impact.
How Attackers are Weaponizing AI
Intelligent Malware that Learns & adapts on the fly
Trained AI models are the brains behind the advanced “polymorphic” malware, which can modify its code structure to escape signature-based detection. Advanced malware learns from every failed intrusion attempt and adopts alternative methods.
Hyper-personalized phishing and social engineering
Traditional phishing and social engineering techniques, which often use emails with bad grammar or text messages containing generic phishing links, are no longer effective.
AI has taken phishing personalization to an extreme level. AI can scrape social media profiles, analyze writing styles and research interests, identify relationships, and track online behavior. With all the information at its disposal, AI can create hyper-personalized emails and texts that are hard to distinguish from genuine emails and deceptive phishing attacks.
Deepfake videos and voice cloning, powered by AI, can easily impersonate executives, taking the traditional “CEO fraud” schemes to entirely new and unimaginable levels.
Automated Vulnerability Hunting
Using techniques such as fuzzing to test software with unexpected inputs or pattern recognition to detect zero-day vulnerabilities, AI can launch attacks on a massive scale, exploiting software vulnerabilities or infrastructure weaknesses.
Is the human factor still relevant?
AI has equally powered both sides, and the scale has just gotten bigger; however, crucial human factors like context, creativity, and ethical judgment remain very important and will always be relevant.
The most effective cybersecurity strategy is to combine these two. Let the AI handle the scale & the human provide strategic direction.
AI does not replace the value security professionals bring; it’s augmenting their work. Analysts can dedicate more time to training AI systems, researching new threats, and developing strategies rather than sifting through millions of events and noisy alerts.
Conclusion: Winning the AI vs. AI Race
The AI versus AI dynamic is accelerating; we must acknowledge that both attackers and defenders have access to powerful AI tools, and the winner will be the one who trains their AI systems most effectively. As security professionals, our goal is to keep our defenders’ AI one step ahead of the attacker’s.
About the Author
My Name is Venkatesh Apsingekar, Senior Engineering Manager at Illumio. I have nearly 20 years of leadership experience in cybersecurity, cloud infrastructure, data protection, with work spanning Zero Trust architectures, ransomware containment, and large-scale threat detection and response. I also hold more than a dozen U.S. patents and publications in data security.
Venkatesh can be reached online at [email protected] or at our company website https://www.illumio.com/
