Artificial intelligence is rapidly transforming the landscape of cybersecurity, compelling defenders to adapt at an unprecedented pace. In Canada, Chief Information Security Officers (CISOs) are increasingly aware that every new AI model released into the public domain arms attackers with enhanced capabilities to breach defenses.
Recent insights underscore the urgency of this evolving threat environment. A report by Proofpoint indicates that 76% of CISOs expect a significant cyberattack within the next year, a rise from 70% in the previous year. Similarly, the 2025 Canadian Cybersecurity Study by CDW Canada reveals that while a majority of organizations aim for a Zero Trust approach, many struggle to modernize legacy systems that impede progress in cybersecurity. As noted by CanadianSME, AI is not only escalating the sophistication of attacks but is also providing new defensive tools.
Brent Fowles, Director of Cybersecurity and Business Services at Western University and holder of the CanadianCIO CISO of the Year title, notes that zero-day vulnerabilities can be exploited within 15 minutes of discovery. This reality emphasizes the necessity for a Zero Trust mentality, which limits lateral movement and assumes breach as a starting premise. “Those changes have just amplified the need for more automated tooling, for more automated response, [and] better detections to be in place,” Fowles elaborates.
The speed of threats has dramatically increased; attacks that once took weeks to formulate can now be executed within minutes of a vulnerability’s disclosure. Technologies like deepfakes and synthetic social engineering blur the line of trust, turning even routine tasks—such as document handling, vendor onboarding, and password resets—into potential entry points for AI-driven deception. This evolving landscape presents a paradox: while technology aims to bolster security, it simultaneously broadens the threat surface.
In response, Canadian organizations are shifting from static defenses to dynamic resilience, investing in Zero Trust architectures, identity protection, and automated detection systems that operate with an assumption of compromise. This shift represents a fundamental change in how security is approached, moving toward a more proactive stance.
From Defense to Anticipation
The same AI technology that enhances defenders’ abilities is also being used by attackers to automate deception. Fraudulent schemes like deepfake phishing and AI-generated code injection are accelerating the threat cycle. According to Proofpoint, three in five CISOs express concern over potential customer data loss via public generative AI tools. Consequently, Identity Threat Detection and Response (ITDR) has become a key investment area, with most organizations focusing on automated detection and continuous authentication.
As organizations strive to actualize Zero Trust principles, they must address the persistent challenges posed by entrenched legacy systems. The CDW Canada study found that while 63.5% of organizations have implemented Extended Detection and Response (XDR) solutions, many remain in the early stages of establishing a comprehensive Zero Trust framework.
At Western University, Fowles’ team has leveraged external partnerships to enhance their cybersecurity posture. Managed Detection and Response (MDR) providers now offer round-the-clock coverage, allowing for immediate action instead of waiting until traditional business hours. “Stuff didn’t have to wait till Monday morning at nine o’clock to take action on it,” he states, highlighting the efficiency of this collaborative model. This approach is becoming a standard practice across Canada, as managed security initiatives create a collective defense system that pools intelligence across sectors for quicker responses.
Marc Joly, President of Infolaser, emphasizes that even often-overlooked devices, like printers, play a crucial role in network security. “A printer or a copier is an endpoint on a network and oftentimes it gets overlooked,” he explains. “We’re able, with our solutions… to provide customers devices that are one: very secure. Two: software tools that can actually help them manage the security aspects of their fleet.” By embedding protections at the device level, organizations can better align with a Zero Trust framework.
Behind these technical advancements lies a significant leadership challenge. The rise of AI threats has compelled CISOs to transition into roles as risk translators, fostering collaboration among boards, business units, and vendors for shared accountability. The focus is shifting from mere compliance to coordinated effort, where security becomes a collective responsibility across the organization.
The ongoing cyber arms race underscores that AI acts as both an adversary and a solution. Canadian organizations are increasingly adopting AI-driven detection, automation, and Zero Trust strategies to effectively manage this duality. Rather than supplanting human judgment, AI is being integrated into layered defenses that adapt in real-time to counter sophisticated attacks.
The pressing challenge for Canada’s cybersecurity community is to convert this evolving mindset into actionable strategies. The nation’s future competitiveness hinges on how quickly organizations can operationalize trust as a core principle of their cybersecurity efforts. The pivotal question for leaders is how they will build teams, systems, and partnerships that make evolution an integral aspect of their operational framework.
AI-Driven Cyber Attacks Cut Vulnerability Response Time to Zero, Experts Warn
Anthropic’s Claims of AI-Driven Cyberattacks Raise Industry Skepticism
Anthropic Reports AI-Driven Cyberattack Linked to Chinese Espionage
Quantum Computing Threatens Current Cryptography, Experts Seek Solutions
Anthropic’s Claude AI exploited in significant cyber-espionage operation
