Hackers and Cybersecurity: The AI Arms Race
Artificial intelligence (AI) is now a critical tool in cybersecurity, used by hackers, spies, and defenders alike. This summer, Russian hackers introduced an AI-powered phishing attack targeting Ukrainians. The malicious attachment contained an AI program designed to automatically scan victims' computers for sensitive files and send them to Moscow. This is the first known case of Russian intelligence using large language models (LLMs) to create malicious code.
But Russian hackers aren’t the only ones using AI. Cybercriminals, spies, researchers, and security teams worldwide are incorporating AI into their workflows. LLMs like ChatGPT can translate plain language into computer code, identify vulnerabilities, and summarize documents, making skilled hackers more efficient.
How AI Is Changing Offensive and Defensive Cybersecurity
AI hasn’t yet turned novices into expert hackers or enabled catastrophic cyberattacks like shutting down power grids. However, it is speeding up the work of experienced hackers. On the defensive side, cybersecurity firms use AI to find software vulnerabilities before attackers do.
Google’s security engineering team uses its own LLM, Gemini, to hunt for critical software bugs. Since early 2024, this project has uncovered at least 20 previously overlooked vulnerabilities in widely used software, allowing companies to fix them quickly. These findings are not groundbreaking but demonstrate that AI accelerates known processes.
CrowdStrike, a leading cybersecurity company, observes increasing AI use among advanced hackers from China, Russia, Iran, and criminal groups. AI tools assist both in defending systems and in conducting attacks, especially in social engineering and crafting convincing phishing emails.
AI-Powered Hacking Tools Are Maturing
While automated AI hacking tools required heavy tweaking just two years ago, they have now improved significantly. Companies specializing in AI-driven hacking, like DreadNode and Xbow, have made headlines. In June, Xbow became the first AI to top the HackerOne U.S. leaderboard, which ranks hackers by the importance of vulnerabilities they discover.
HackerOne recently added a category to separate AI-driven hacking groups from individual human researchers, highlighting the growing role of AI automation in cybersecurity.
Who Gains More from AI: Attackers or Defenders?
The debate continues on whether AI will ultimately favor attackers or defenders. For now, defenders seem to have the upper hand. According to a senior cyber director at the U.S. National Security Council, AI benefits defenders because it helps discover vulnerabilities cheaply and efficiently, especially for smaller companies lacking elite security teams.
AI democratizes access to vulnerability information, making it easier to spot and fix bugs before criminals exploit them. However, this advantage may change as technology evolves.
Potential Risks Ahead
No widely available AI-powered automatic hacking tools exist yet, but their emergence could pose serious risks. If such tools become freely accessible, smaller companies could face increased attacks due to widespread exploitation.
Another concern is agentic AI—AI capable of independently performing complex tasks like sending emails or running code. This technology could become a new insider threat if deployed without proper safeguards, allowing malicious actors to misuse AI tools within organizations.
- AI accelerates both hacking and defense but hasn’t enabled catastrophic attacks yet.
- Security firms use AI to find software bugs faster and more efficiently.
- Hackers are adopting AI for social engineering and automating attacks.
- Agentic AI poses new risks if left unchecked in organizations.
For IT and development professionals, understanding AI’s role in cybersecurity is becoming essential. Staying updated on AI tools and security practices helps defend against smarter, faster cyber threats.
To deepen your knowledge of AI and cybersecurity, check out AI courses for IT and security professionals at Complete AI Training.
Your membership also unlocks:
