Artificial intelligence is rapidly reshaping the cybersecurity landscape, not just in how threats are detected or mitigated, but also in how humans operate on both sides of the digital battlefield.
As generative AI (GenAI) and autonomous systems become embedded in both offensive and defensive operations, the pace and nature of cyber conflict are shifting. Attackers are advancing rapidly, but defenders are leveraging AI and redefining their roles in the process.
AI is fundamentally altering how cyberattacks are executed, with three key dynamics driving this shift: speed, scale and accessibility.
Speed: AI drastically reduces the time required to identify vulnerabilities or launch phishing or deepfake attacks. IBM research shows that a convincing phishing email can be generated in less than five minutes using GenAI. Compare that with an average of 16 hours for IBM's social engineers.
Scale: With easier access to automation, attackers can execute more attacks in less time, from mass distribution of phishing emails to quicker development of malware code.
Accessibility: Advanced attack capabilities are no longer limited to highly skilled threat actors. With GenAI tools, less experienced attackers can execute sophisticated campaigns with minimal effort.
Related:Poor UX undermines security policies, says Texas A&M University System CIO
In parallel, enterprise AI deployments are becoming new targets. Techniques like prompt injection and model manipulation are emerging as viable attack vectors. As AI systems become more integrated into business operations, securing them becomes a critical concern.
This shift in attacker behavior is not theoretical — it's already underway and expected to only grow over the next two to four years. During this time, we'll see bad actors use AI to carry out attacks more independently. They might automate tasks such as accessing a system, gaining higher privileges or stealing credentials. The threat landscape is evolving toward autonomous attacks.
The same way cybercriminals are seeking to leverage AI to scale and improve their operations, so are enterprises. Just take the security operations center (SOC). Tasks such as alert triage, signal correlation and playbook execution are being automated with GenAI, freeing analysts to focus on more strategic and investigative work.
But to realize such productivity gains, organizations need to make a structural shift. Security teams have long operated like maintenance crews — reacting to incidents, patching vulnerabilities and keeping systems online. With AI automating manual tasks and freeing up time, teams can adopt a more strategic posture. That would allow them to function like structural engineers who identify systemic weaknesses, reinforce critical infrastructure and design for long-term resilience.
Related:Cisco's Jeetu Patel on overcoming the 'AI trust deficit'
This shift is also giving rise to new cybersecurity roles, including:
AI supervisors, who oversee autonomous workflows and validate machine-generated decisions.
Prompt engineers, who optimize threat detection and response through tailored GenAI queries.
AI policy stewards, who define governance frameworks for responsible AI use in security contexts.
These roles build on technical proficiency but go further. They require a deep understanding of how AI systems behave in real-world environments, the ability to interpret and guide machine-driven decisions, and the judgment to navigate ethical and operational trade-offs. Fluency in AI, cross-functional collaboration and strategic thinking are becoming just as critical as traditional cybersecurity skills.
It begins with upskilling security teams to work effectively alongside AI: developing expertise in automation tools, model behavior and AI-driven decision-making. Workflows must be redesigned to integrate automation without compromising human oversight, thus ensuring analysts remain in control of critical decisions.
Related:Anthropic's Mythos forces a rethink of vulnerability management
Also, talent must be reallocated toward strategic, proactive initiatives, giving teams the capacity to address systemic vulnerabilities and longstanding security gaps for which reactive operations have rarely allowed time.
Success won't come from simply matching attacker capabilities. It will require a fundamental shift in cybersecurity operations, where AI doesn't just accelerate detection and response but becomes embedded across every layer of defense. In this next phase, human expertise will be amplified by AI to drive strategic outcomes, from proactive threat hunting to adaptive risk management and secure-by-design innovation.
Organizations that embrace this transition will move beyond reactive defense. They'll finally gain the ability to strengthen foundational systems, build long-term resilience, and stay ahead of increasingly autonomous threats.
IBM
Dave McGinnis is a vice president and senior partner at IBM, responsible for the global cyber threat management business and delivery operations. With more than 25 years in cybersecurity operations, Dave directs industry-leading consulting and managed services operations, assisting clients in the design, implementation and ongoing execution.
Prior to his current role, he built multiple successful cybersecurity consulting practices. Dave holds several cybersecurity tech patents and is an early pioneer of the managed security services market, having worked in the mid-1990s.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。