Introduction

Artificial Intelligence (AI) is emerging as a transformative force in this digital era, reshaping industries, redefining productivity, and revolutionizing how organizations operate. In the realm of cybersecurity, AI serves as both a powerful tool and a potential disruptor.

On one hand, AI enables organizations to detect, analyze, and respond to cyber threats with unprecedented speed and efficiency. On the other hand, it also provides cybercriminals with advanced tools, allowing them to launch more accurate and destructive attacks. This duality makes AI a double-edged sword in cybersecurity, as it enhances defenses while simultaneously increasing the potential threats.

According to Cybersecurity Ventures, global cybercrime costs are projected to grow by 15 percent each year over the next five years, reaching an estimated $10.5 trillion USD annually by 2025, up from $3 trillion USD in 2015 (Sausalito, 2020).
 

AI as a threat

AI has shown its ability to automate and enhance cyberattacks in ways that previously were technically complex. Cybercriminals are now deploying AI to increase scalability, precision and effectiveness of their malicious operations. 

One of the most common applications of AI in cybercrime is the AI-powered phishing. Unlike traditional phishing methods which relied on generic, error-filled messages to lure unsuspecting victims, AI-powered phishing analyzes vast amounts of data from social media and online to craft personalized convincing messages that seem legitimate from colleagues, clients or institutions. This form of attack has proven to be far more effective as it leverages the target’s preference and communication pattern to build trust before exploitation.

Development of AI-driven malware is another example of current threat. The malware autonomously adapts to evade detection as they learn from their environment. They automatically mutate when detected changing its pattern, disguising itself as genuine software. This reduces the window for security systems and security analysts to detect and contain these threats. Cyber attackers end up being one step ahead.

The use of deepfake technology is the most alarming advancement in cybercrime. Deepfakes are audio clips, pictures or videos that are generated through deep learning to look real. They can replicate a person’s face and voice with lots of accuracy. This technology has been used extensively in social engineering attacks and cybercriminals have been able to impersonate executives to leak sensitive data or to authorize fraudulent transactions. This method exploits human trust and psychology which often is considered the weakest link in cybersecurity. In 2019, a UK-based energy firm reportedly lost over $240,000 after an employee received a call from what he believed was his CEO; it was, in fact, an AI-generated deepfake voice (Damiani, 2019).

Furthermore, AI-powered reconnaissance tools allow attackers to scan networks, identify vulnerabilities, and plan exploits faster than manual or traditional methods. These tools can automatically analyze system configurations, assess patch histories, and identify weak points for exploitation. The combination of automation, precision targeting, and speed means that attacks can be launched at scale with minimal human intervention.

The implications of these developments are significant. AI-powered attacks can strike faster and adapt continuously, making them exceptionally difficult to detect and mitigate. They undermine traditional security measures, forcing organizations to rethink how they defend their digital ecosystems. As AI continues to evolve, the gap between attackers and defenders will widen unless security frameworks evolve in parallel.

AI in defense

Despite these risks, AI continues to be a highly promising tool for strengthening cybersecurity defenses. Its power lies in its ability to process and analyze massive volumes of data. AI enables real-time monitoring and rapid response, transforming how cybersecurity teams operate.

One of the most significant defensive applications of AI is real-time threat detection and response. Machine Learning algorithms continuously analyze network traffic, user behavior, and system logs to identify patterns that deviate from the norm. AI powered systems can flag or even automatically contain potential threats when an anomaly is detected, for instance an unusual user login time. This continuous learning process allows security tools to improve over time. The tools become more accurate and less reliant on predefined rules.

AI models also use predictive analytics in its defense mechanism. It analyzes historical data to anticipate possible future threats by identifying trends in attackers’ behavior. This gives security teams a good window to strengthen vulnerable areas before they are exploited by cybercriminals. 

Another case of AI in cybersecurity is automation of vulnerability assessment and patch management. AI-powered systems can scan hardware infrastructure and software automatically for vulnerabilities. These systems can even deploy patches without human intervention, reducing the window of exposure. These automated tasks reduce the cyber risk.

AI can be used to enhance identity and access management. User behavior patterns such as login patterns can be used to create unique signatures. The AI systems can then use that data to trigger an alert when an unusual behavior is detected. Attackers would have a difficult time compromising a user account even if they manage to steal their system access credentials.

Top cybersecurity platforms such as CrowdStrike have demonstrated how AI can autonomously detect and mitigate threats across global networks. These systems analyze billions of data points daily, using unsupervised learning to identify anomalies without relying on prior knowledge of specific threats. This has resulted in quicker response times and greater protection against new attack methods.
 

Conclusion

AI in cybersecurity is both a weapon and a shield. As cyber threats become more intelligent, persistent, and adaptive, the same technologies driving these attacks are also forming the backbone of next-generation defense systems. 

In the Television series The Last Ship, a student at the US Naval academy titles an academic paper, "The Next Virus Will Be Cyber." I share this view, as the evolving landscape of cyber threats mirrors the unpredictability of biological viruses. The challenge for organizations lies in harnessing AI responsibly and strategically, ensuring that the benefits outweigh the risks. AI can evolve from a double-edged sword into a unifying force if guided by ethics, vigilance, and collaboration.

References

Damiani, J. (2019, September 3). Forbes. Retrieved from Forbes: https://www.forbes.com/sites/jessedamiani/2019/09/03/a-voice-deepfake-was-used-to-scam-a-ceo-out-of-243000/
Sausalito, C. (2020, Nov 13). Cybersecurityventures. Retrieved from Cybercrime Magazine: https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/

 

Caveat

This newsletter has been prepared by RSM (Eastern Africa) Consulting Ltd, and the views are those of the firm, independent of its directors, employees and associates. This newsletter is for general guidance, and does not constitute professional advice. Accordingly, RSM (Eastern Africa) Consulting Ltd, its directors, employees, associates and its agents accept no liability for the consequences of anyone acting, or refraining from acting, in reliance on the information contained herein or for any decision based on it. No part of the newsletter may be reproduced or published without prior written consent. RSM (Eastern Africa) Consulting Ltd is a member firm of RSM, a worldwide network of accounting and consulting firms. RSM does not offer professional services in its own name and each member firm of RSM is a legally separate and independent national firm.