Skip to main content
Industry / Cybersecurity
AI in Cybersecurity
AI is the most powerful tool in both attackers' and defenders' arsenals — and both sides are deploying it aggressively. Here's how the arms race looks in 2026.
The numbers
60s
Time for some AI threat detection systems to identify and quarantine a threat — vs 197 days average breach detection time for organisations without AI [IBM X-Force]
$1.76M
Average savings per breach for organisations with AI security tools vs those without — despite higher tool costs [IBM Cost of Data Breach 2024]
1,000x
Increase in phishing email volume since AI writing tools became widely available — AI can personalise and send at scale that was previously impossible [SlashNext]
Both sides of the coin
Defensive AI
- Threat detection and SIEMAI analyses network traffic, user behaviour, and log files to detect anomalies that indicate breaches — faster than any human analyst could.
- Vulnerability scanningAI-powered scanners identify code vulnerabilities before attackers do, integrating into CI/CD pipelines to catch issues on every commit.
- Phishing detectionAI email security tools (Proofpoint, Mimecast) analyse email content, sender reputation, and behavioural patterns to stop sophisticated phishing at scale.
- Identity and accessAI monitors user behaviour for impossible logins, privilege escalation, and unusual access patterns — stopping insider threats and compromised accounts.
Offensive AI (what attackers use)
- AI-generated phishingLLMs generate personalised, grammatically flawless phishing emails at scale. Volumes increased 1,000x since 2022. Social engineering quality improved dramatically.
- Voice/video deepfakesAI voice cloning is used in "CEO fraud" attacks — calling finance teams posing as executives to authorise wire transfers. $25M lost in one Hong Kong deepfake attack (2024).
- AI-assisted vulnerability discoveryAI tools help attackers identify vulnerabilities faster than defenders can patch them. The attack surface analysis that took days now takes hours.
- AI malwareAI generates novel malware variants that evade signature-based detection, adapts to defensive responses, and identifies optimal attack pathways.
Key tools
| Tool | Category | Key capability |
|---|---|---|
| Microsoft Defender / Sentinel | Detection & Response | AI threat intelligence, SIEM, automated incident response across Microsoft 365 estate |
| CrowdStrike Falcon AI | Endpoint Security | AI-native endpoint detection, threat hunting, real-time threat intelligence |
| Darktrace | Network Security | AI learns "normal" network behaviour and detects deviations — catches novel threats without known signatures |
| Palo Alto Cortex XSIAM | SOC Platform | AI-driven SOC platform, automated triage, correlates signals across the entire environment |
| GitHub Advanced Security | Code Security | AI identifies code vulnerabilities in pull requests before they reach production |
| Proofpoint / Mimecast AI | Email Security | AI email filtering, phishing detection, impersonation protection |
The arms race reality
The organisations winning on security in 2026 are those who've deployed AI defensively before attackers can scale AI offensively against them. The gap between AI-equipped security teams and those relying on rule-based systems is widening. This isn't a future concern — it's the current operational reality. The $1.76M average savings from AI security tools is a compelling ROI argument even before factoring in reputational damage from breaches.
FAQ
How do I protect myself from AI-generated phishing?
AI-generated phishing is now nearly impossible to identify by grammar or spelling alone — it's grammatically perfect and often highly personalised. Protection: verify unusual requests (wire transfers, password resets, executive instructions) through a second channel (call the person directly). Enable MFA on all accounts. Use email security tools (Proofpoint, built-in Google/Microsoft AI filtering). Treat any email creating urgency or requesting financial action as a potential attack regardless of apparent sender.
Is AI making cybersecurity easier or harder overall?
Both simultaneously. AI-powered defences are dramatically more capable — detecting threats in seconds that would take analysts days, reducing false positives, and automating incident response. But AI-powered attacks have lowered the skill barrier for attackers and massively scaled attack volume. The net effect depends heavily on whether your security team has deployed AI tools — organisations without AI security tools are increasingly outmatched by AI-equipped attackers.
Get AI insights every week
The AI Briefing covers what actually matters in AI — no hype, no jargon, just what you need to stay ahead.
Subscribe free