Artificial intelligence (AI) is rapidly altering the landscape of technology, presenting both advantages and risks. While it bolsters cybersecurity defenses, it also equips cybercriminals with powerful new tools. The UK’s National Cyber Security Centre (NCSC) warns that in the coming years, AI will likely enhance the effectiveness and efficiency of cyber-intrusion efforts, leading to an uptick in cyber threats.
Cybercriminals are increasingly harnessing generative AI (GenAI) tools, making phishing emails more convincing and enabling the creation of realistic fake faces and voices to deceive victims. The result is a surge in phishing attempts, as well as low-quality malware that can be generated by less technically skilled individuals.
According to the NCSC, the frequency and intensity of cyber threats are expected to escalate significantly over the next two years. This is largely driven by the evolution of AI technologies, particularly large language models (LLMs), which are transforming various sectors, from customer service to software development. However, the same advancements that facilitate legitimate business operations also empower malicious actors.
AI allows for faster, large-scale cyber-attacks executed with minimal effort. Previously, phishing campaigns relied on generic messages that were often riddled with spelling and grammatical errors, making them easy to identify. Now, however, threat actors can generate highly personalized content that appears convincingly legitimate. With access to extensive public data, they can tailor their attacks to target specific individuals, resulting in a more sophisticated threat landscape.
One of the most alarming developments is the rise of deepfake technology, which can create hyper-realistic impersonations of individuals. These tools can be used to manipulate employees into making substantial financial transfers by mimicking the voice or appearance of senior executives. In one instance, a finance employee was duped into transferring $25.6 million after a conference call with a deepfake of their CFO. Similarly, deepfakes are being used to extort money from victims by simulating kidnappings or medical emergencies involving loved ones.
Another major concern is the evolution of phishing emails. With the capabilities afforded by AI, hackers can craft highly personalized, contextually relevant messages that can bypass traditional security measures. In the early months of 2025, nearly a third of phishing emails were characterized by extensive, well-written text, indicating a reliance on LLMs. This trend poses a significant challenge for both individuals and organizations, who must bolster their cybersecurity awareness and training to combat these increasingly sophisticated threats.
Moreover, AI technology is powering a new wave of SMS phishing, or “smishing,” campaigns. These scams employ flawless English-language messages designed to mislead recipients into clicking malicious links, often masquerading as legitimate communication from delivery companies or service providers.
AI is also revolutionizing the automation of reconnaissance and malware development. Cybercriminals are leveraging AI to identify vulnerabilities in systems, significantly lowering the bar for launching attacks. The NCSC observes that the most significant AI developments in cybersecurity may come from advancements in vulnerability research and exploit development.
As attackers leverage AI to streamline their operations, no sector is immune to these threats. Organizations holding sensitive data, from finance to healthcare, are prime targets. Internet users remain at risk as well, making awareness and vigilance essential in this evolving landscape.
Fortunately, mitigating the risks associated with AI-driven cyber threats is possible. Individuals are advised to verify the authenticity of urgent financial requests through independent channels and to refrain from clicking on links in unsolicited communications. Additionally, updating social media privacy settings and employing strong, unique passwords can enhance personal security. Utilizing multi-layered security applications designed to detect phishing attempts and malware is also recommended.
Organizations should revise their financial approval protocols and enhance staff training to recognize deepfake threats and AI-driven scams. Implementing continuous monitoring for suspicious activities, investing in tools capable of detecting AI-generated content, and adopting a Zero Trust security framework are vital in safeguarding against these advanced threats.
The cybersecurity landscape is rapidly evolving, with AI playing a pivotal role in both attack and defense strategies. As threat actors adapt their techniques, defenders must equally innovate to protect against increasingly sophisticated cyber threats. While the road ahead is fraught with challenges, increased awareness and technological advancements may provide a counterbalance to the risks posed by AI in the realm of cybersecurity.
See also
Safe Pro Group Upgrades AI Algorithms for Enhanced Drone Operations in GPS-Denied Areas
Cybersecurity Leaders Stress AI Governance as Global Cybercrime Damages to Exceed $23 Trillion by 2027
AI Security Gaps Cost Billions as Firms Face 3.5M Talent Shortage by 2025
UK Launches Deepfake Detection Challenge 2026 to Combat Rising Threats and Disinformation
FPT Invests $100 Million in Quantum AI and Cybersecurity Research Institute
