Effects of AI on Cybersecurity

I spent more time digging into the new NIST Cybersecurity Profile for AI... The document frames AI cybersecurity around three distinct focus areas. Not just securing AI systems. But understanding how AI changes cybersecurity as a whole. The first focus area is securing AI systems themselves. This includes protecting and understanding training data implications, safeguarding model artifacts, securing inference APIs, and preventing things like model theft, prompt injection, or adversarial manipulation. The second focus area is using AI to strengthen cybersecurity operations. Security teams are already experimenting with AI for threat detection, GRC, anomaly analysis, and automating investigation workflows. The third focus area is defending against attackers who are using AI. That last point is where things start to change the security landscape. AI can accelerate vulnerability discovery, generate convincing phishing campaigns, and automate reconnaissance in ways that were previously very manual. In other words, AI is now influencing both sides of the cybersecurity equation. Organizations have to secure the AI systems they deploy while also preparing for attackers who are increasingly augmented by AI themselves. That dual pressure is why AI security is quickly becoming part of mainstream cybersecurity strategy. It is not a niche governance topic anymore. It is becoming part of how modern security programs operate. #AI #GRCEngineering

The Unseen Threat: Is AI Making Our Cybersecurity Weaknesses Easier to Exploit? AI in cybersecurity is a double-edged sword. On one hand, it strengthens defenses. On the other, it could unintentionally expose vulnerabilities. Let’s break it down. The Good: - Real-time Threat Detection: AI identifies anomalies faster than human analysts. - Automated Response: Reduces time between detection and mitigation. - Behavioral Analytics: AI monitors network traffic and user behavior to spot unusual activities. The Bad: But, AI isn't just a tool for defenders. Cybercriminals are exploiting it, too: - Optimizing Attacks: Automated penetration testing makes it easier for attackers to find weaknesses. - Automated Malware Creation: AI can generate new malware variants that evade traditional defenses. - Impersonation & Phishing: AI mimics human communication, making scams more convincing. Specific Vulnerabilities AI Creates: 👉 Adversarial Attacks: Attackers manipulate data to deceive AI models. 👉 Data Poisoning: Malicious data injected into training sets compromises AI's reliability. 👉 Inference Attacks: Generative AI tools can unintentionally leak sensitive info. The Takeaway: AI is revolutionizing cybersecurity but also creating new entry points for attackers. It's vital to stay ahead with: 👉 Governance: Control over AI training data. 👉 Monitoring: Regular checks for adversarial manipulation. 👉 Security Protocols: Advanced detection for AI-driven threats. In this evolving landscape, vigilance is key. Are we doing enough to safeguard our systems?

Criminals, Spies, and AI: A New Front in Cyber Warfare The use of AI in cybersecurity is rapidly changing the landscape, creating a new "arms race" between hackers and cybersecurity professionals. Here's a look at how different groups are leveraging this technology. AI and Malicious Actors Bad actors are increasingly incorporating AI into their cyberattacks. For example, Russian hackers have been caught using large language models (LLMs) to create malicious code for phishing campaigns, enabling them to automate the search for sensitive files on a victim's computer. Similarly, cybersecurity firm CrowdStrike has noted a growing trend of advanced adversaries, including Chinese, Russian, and Iranian state-sponsored groups, using AI to their advantage. The technology is making skilled hackers more efficient and effective, particularly in areas like social engineering and creating convincing phishing emails. AI in Cyber Defense The cybersecurity industry is also using AI to combat these threats. Google's security team, for instance, has used its Gemini LLM to hunt for software vulnerabilities. This process has already led to the discovery of at least 20 overlooked bugs in commonly used software, allowing companies to fix them before they can be exploited by criminals. While AI isn't yet finding entirely new types of vulnerabilities, it is significantly speeding up the process of discovering and patching known types of flaws. As Google's VP of Security Engineering, Heather Adkins, said, "It’s the beginning of the beginning." The use of AI in both offensive and defensive cybersecurity is still in its early stages, but it is clear that the technology is making a tangible impact, creating a faster, more complex, and more dynamic environment for everyone involved.

AI is increasingly moving into the control plane of our digital platforms, and that shift has profound implications for cybersecurity. Much of today’s AI discussion focuses on productivity and automation. Important topics, but not the most consequential from a security perspective. What matters more is where AI is being embedded. Increasingly, it is becoming part of the control layers we depend on, including identity, access, analytics, decision support, and security tooling itself. Cybersecurity has traditionally focused on protecting data: where it resides, who can access it, and how it is encrypted. These concerns remain essential, but they are no longer sufficient. AI systems do more than process information. They infer, prioritise, adapt, and influence behaviour. As AI becomes embedded in security-relevant platforms, the core question shifts from where data is stored to who controls system behaviour. From a security perspective, control equals trust. As AI capabilities advance, some long-standing assumptions about static trust need to be re-examined. Systems are updated frequently, operate across platforms and jurisdictions, and increasingly act autonomously. In this environment, trust cannot be implicit. It must be continuously established, verified, and monitored. Protecting customer data therefore means protecting the whole system. Data flows through identities, platforms, APIs, and AI-driven components. When AI influences these flows, security requires transparency, accountability for automated decisions, the ability to intervene, and resilience when dependencies change or fail. At SEB, we approach AI with both ambition and discipline. Our focus is on strong control, continuous verification, and resilience by design. AI does not reduce our responsibility for cybersecurity. It increases it. The real question is not whether AI will change cybersecurity. It already has. The question is whether we are prepared for what that change truly means.

Dear AI and Cybersecurity Auditors, AI changes how risk enters your environment and expands your attack surface. Traditional cybersecurity controls no longer cover model behavior, training data, prompts, agents, and AI-driven decisions. This draft extends NIST CSF 2.0 into AI systems. It treats models, data, prompts, agents, and AI decisions as real cyber assets. It also addresses how attackers already use AI to scale speed, deception, and impact. Here is why this framework matters for security, risk, and audit leaders. 📌 AI expands the attack surface beyond infrastructure into training data, models, prompts, agents, and third-party AI services 📌 Governance shifts from IT ownership to enterprise accountability with clear risk ownership, oversight, and decision authority 📌 Traditional controls still apply, but AI requires added focus on model integrity, data provenance, output reliability, and human oversight 📌 The framework maps AI risk directly to CSF functions so teams avoid parallel AI security programs 📌 Defensive teams use AI to reduce alert fatigue, improve detection accuracy, and support faster incident response 📌 Adversaries already use AI for phishing, malware generation, social engineering, and automated attack orchestration 📌 Continuous monitoring extends beyond systems into model drift, hallucinations, and unexpected behavior 📌 Risk tolerance must account for AI failure modes, not only system outages or data loss 📌 Audit and assurance teams gain a structured way to test AI controls across Secure, Defend, and Thwart focus areas 📌 The profile supports assessment, control design, and executive reporting without adding unnecessary complexity AI security fails when teams treat AI as software. NIST IR 8596 reframes AI as a risk domain inside cybersecurity. If your organization builds, buys, or relies on AI, this profile gives you a practical path to govern, secure, and defend it with intent. #NIST #Cybersecurity #AIGovernance #AIRisk #AIControls #ITAudit #CyberRisk #AISecurity #GRC #CSF #CyberVerge ♻️ Share this with your team or repost so more professionals. 👉Follow Nathaniel Alagbe for more.

The release of advanced AI systems like Anthropic Mythos marks a pivotal moment for the cybersecurity community — one that brings both meaningful opportunity and material risk. On the benefit side, capabilities are accelerating in ways we’ve been chasing for years: • Signal over noise – AI-driven correlation can drastically reduce alert fatigue by identifying true positives faster and with greater context • Speed of response – Autonomous or semi-autonomous response has the potential to compress incident containment from hours to minutes • Threat intelligence at scale – Real-time synthesis of global threat data improves detection of emerging attack patterns • Augmented analysts – Security teams can operate at a higher level, focusing on strategy and complex investigations instead of repetitive triage But we should be equally clear-eyed about the risks: • Adversarial use of AI – Threat actors now have access to the same (or similar) capabilities, lowering the barrier to sophisticated attacks • Model exploitation – Prompt injection, data poisoning, and model manipulation introduce a new attack surface • False confidence – Over-reliance on AI outputs without validation could amplify risk rather than reduce it • Data exposure – Sensitive security telemetry and proprietary data flowing into AI systems must be governed with precision The reality is this: AI like Mythos doesn’t replace cybersecurity professionals — it raises the stakes for how we operate. The organizations that win will be the ones that treat AI as both a force multiplier and a risk domain, embedding it into their security strategy with the same rigor applied to any critical system. Curious how others are thinking about integrating AI into their security stack — where are you leaning in vs. holding back? #Cybersecurity #ArtificialIntelligence #AI #Infosec #CISO #RiskManagement #ThreatIntelligence #SecurityOperations #ZeroTrust #AIinSecurity #EmergingTech #DigitalRisk #SecurityLeadership

𝐀𝐈 𝐢𝐧 𝐂𝐲𝐛𝐞𝐫𝐬𝐞𝐜𝐮𝐫𝐢𝐭𝐲: 𝐀 𝐃𝐨𝐮𝐛𝐥𝐞-𝐄𝐝𝐠𝐞𝐝 𝐒𝐰𝐨𝐫𝐝 🛡️ Recent research from Google DeepMind reveals how frontier AI models could disrupt the economics of cyberattacks, lowering barriers for adversaries and amplifying risks across the attack chain. Key insights: • Automation at Scale: AI enables attackers to automate reconnaissance, weaponization, and evasion, making sophisticated attacks accessible to less-skilled actors. • New Threat Vectors: From crafting polymorphic malware to orchestrating long-term cyber campaigns, AI introduces novel risks that traditional defenses struggle to counter. • Underestimated Phases: The study highlights AI’s potential in evasion, obfuscation, and persistence - critical yet often overlooked stages of the attack lifecycle. While current AI models lack the capability for end-to-end cyber operations, their ability to enhance specific phases is undeniable. This means adapting strategies to target emerging vulnerabilities and prioritize defenses where AI-driven disruptions are most likely. 🔒 What’s Next? 1. Conduct threat coverage gap assessments using structured frameworks like MITRE ATT&CK. 2. Invest in red-teaming that emulates AI-enabled adversary behavior. 3. Deploy targeted mitigations filtering misuse, fine-tuning models, and evolving response protocols. 🥷🏼 The path forward requires vigilance and innovation. As AI progresses, its impact on cybersecurity will only grow. Let’s stay ahead of the curve. #CyberSecurity #CISO

In more than two decades in cybersecurity, I’ve never seen a transformation as profound and disruptive as the one AI is driving today. Attacks are becoming autonomous, industrialized, and orchestrated by intelligent agents operating at machine speed, which is fundamentally changing the nature of cyber risk. That’s why the recent work from National Institute of Standards and Technology (NIST) to rethink cybersecurity for the AI era feels like a real turning point, especially with the introduction of the concept of thwarting AI-enabled attacks instead of relying only on detection and response. We just published a new article on why “thwart” changes everything and why true cyber resilience in the AI era is built at the intersections of securing AI systems, defending with AI, and proactively disrupting intelligent threats, all grounded in governance and cyber risk management. Cybersecurity is no longer a linear process, it’s an ecosystem of overlapping capabilities designed to deny impact, not just react after damage begins. #Cybersecurity #AI #NIST #CyberRisk #Resilience #AIsecurity #CISO #RiskManagement #DigitalTransformation #Thwart

AI Shakes Cybersecurity Markets. What’s Really Changing? Recent market reactions wiped tens of billions from cybersecurity valuations after new AI driven security tools were announced. CrowdStrike, Palo Alto Networks, Cloudflare, Zscaler, Okta, Infosys and others saw sharp declines as investors questioned whether AI could reduce the need for traditional security platforms. The narrative is straightforward. If AI can automatically scan code, identify vulnerabilities, and recommend fixes, does that disrupt the existing cybersecurity model? But the deeper question is this. Are markets overreacting, or is this a structural inflection point? From my perspective, the real story is not about replacing cybersecurity. It is about redefining it. AI will not eliminate the need for security platforms. It will raise the bar for what effective security looks like. Security has never been only about finding vulnerabilities. It is about governance, accountability, identity control, detection, response, and resilience under pressure. As AI accelerates development and automation, it also accelerates risk creation. Speed without embedded controls increases exposure. Automation without oversight increases systemic vulnerability. The organizations that adapt fastest will not abandon cybersecurity. They will integrate AI into governance, detection, and response in a way that strengthens resilience rather than weakens it. The future is not fewer security platforms. It is smarter, more integrated, and more accountable ones. The question is not whether AI changes cybersecurity. It is whether we are prepared to evolve with it. #Cybersecurity #AI #AIGovernance #RiskManagement #Leadership