VeltrixVeltrix.
← All articles
49 / 62April 3, 2026

AI in Cybersecurity: How AI Defends — and Attacks — in 2026

AI in cybersecurity — how AI detects threats faster than humans, how attackers use AI to generate more convincing phishing and malware, and what security teams need to know.

Industry / Cybersecurity

AI in Cybersecurity

AI is the most powerful tool in both attackers' and defenders' arsenals — and both sides are deploying it aggressively. Here's how the arms race looks in 2026.

The numbers

60s
Time for some AI threat detection systems to identify and quarantine a threat — vs 197 days average breach detection time for organisations without AI [IBM X-Force]
$1.76M
Average savings per breach for organisations with AI security tools vs those without — despite higher tool costs [IBM Cost of Data Breach 2024]
1,000x
Increase in phishing email volume since AI writing tools became widely available — AI can personalise and send at scale that was previously impossible [SlashNext]

Both sides of the coin

Defensive AI
  • Threat detection and SIEMAI analyses network traffic, user behaviour, and log files to detect anomalies that indicate breaches — faster than any human analyst could.
  • Vulnerability scanningAI-powered scanners identify code vulnerabilities before attackers do, integrating into CI/CD pipelines to catch issues on every commit.
  • Phishing detectionAI email security tools (Proofpoint, Mimecast) analyse email content, sender reputation, and behavioural patterns to stop sophisticated phishing at scale.
  • Identity and accessAI monitors user behaviour for impossible logins, privilege escalation, and unusual access patterns — stopping insider threats and compromised accounts.
Offensive AI (what attackers use)
  • AI-generated phishingLLMs generate personalised, grammatically flawless phishing emails at scale — one of the clearest examples of why AI is dangerous in the wrong hands. Volumes increased 1,000x since 2022. Social engineering quality improved dramatically.
  • Voice/video deepfakesAI voice cloning is used in "CEO fraud" attacks — calling finance teams posing as executives to authorise wire transfers. $25M lost in one Hong Kong deepfake attack (2024). This is exactly the kind of fraud the defensive AI covered in AI in finance and investing is scrambling to catch.
  • AI-assisted vulnerability discoveryAI tools help attackers identify vulnerabilities faster than defenders can patch them. The attack surface analysis that took days now takes hours.
  • AI malwareAI generates novel malware variants that evade signature-based detection, adapts to defensive responses, and identifies optimal attack pathways.

Key tools

ToolCategoryKey capability
Microsoft Defender / SentinelDetection & ResponseAI threat intelligence, SIEM, automated incident response across Microsoft 365 estate
CrowdStrike Falcon AIEndpoint SecurityAI-native endpoint detection, threat hunting, real-time threat intelligence
DarktraceNetwork SecurityAI learns "normal" network behaviour and detects deviations — catches novel threats without known signatures
Palo Alto Cortex XSIAMSOC PlatformAI-driven SOC platform, automated triage, correlates signals across the entire environment
GitHub Advanced SecurityCode SecurityAI identifies code vulnerabilities in pull requests before they reach production
Proofpoint / Mimecast AIEmail SecurityAI email filtering, phishing detection, impersonation protection
The arms race reality
The organisations winning on security in 2026 are those who've deployed AI defensively before attackers can scale AI offensively against them. The gap between AI-equipped security teams and those relying on rule-based systems is widening. This isn't a future concern — it's the current operational reality, and it's one of the sharpest edges of the broader ethical issues with AI. The $1.76M average savings from AI security tools is a compelling ROI argument even before factoring in reputational damage from breaches.

FAQ

How do I protect myself from AI-generated phishing?
AI-generated phishing is now nearly impossible to identify by grammar or spelling alone — it's grammatically perfect and often highly personalised. Protection: verify unusual requests (wire transfers, password resets, executive instructions) through a second channel (call the person directly). Enable MFA on all accounts. Use email security tools (Proofpoint, built-in Google/Microsoft AI filtering). Treat any email creating urgency or requesting financial action as a potential attack regardless of apparent sender.
Is AI making cybersecurity easier or harder overall?
Both simultaneously. AI-powered defences are dramatically more capable — detecting threats in seconds that would take analysts days, reducing false positives, and automating incident response. But AI-powered attacks have lowered the skill barrier for attackers and massively scaled attack volume. The net effect depends heavily on whether your security team has deployed AI tools — organisations without AI security tools are increasingly outmatched by AI-equipped attackers.

04 — Don't watch from the outside

Veltrix Collective
Stay ahead of
the curve

Weekly briefings on AI tools, adoption trends, and what actually matters for practitioners. No hype. Just signal. Join readers navigating the shift.

Weekly, every Tuesday · No spam · Privacy policy · Unsubscribe anytime
Written by Luke Madden, founder of Veltrix Collective. Data synthesis and analysis by Vel.
← PreviousNext →