How Will AI Affect the Cybersecurity Field? Experts Share Their Predictions

Artificial Intelligence (AI) is revolutionizing multiple industries, and cybersecurity is no exception. As the digital landscape expands, so do the threats from cybercriminals, who are now leveraging AI to enhance their attacks. At the same time, AI-driven solutions are being deployed by security professionals to protect critical systems and data. The ongoing battle between attackers and defenders in cyberspace has become more complex, with AI as the new battlefield.

A particularly egregious example of AI’s dual role in cybersecurity was highlighted in a 2024 case where fraudsters used deepfake technology to swindle $25 million from a Hong Kong-based company. The criminals impersonated the CEO through an AI-generated deepfake video, deceiving an accountant into transferring the funds. This incident showcased the alarming potential of AI-powered attacks, and also raised questions about how could AI can be used in defense in order to effectively prevent disasters like this.

AI’s role in cybersecurity is evolving rapidly, and experts have varied perspectives on its effectiveness, benefits, risks, and limitations. On one hand, AI offers transformative benefits such as automating tasks, detecting new and emerging threats in real time, and even predicting potential vulnerabilities. On the other hand, it presents new challenges, particularly in the hands of adversarial actors who can exploit AI for malicious purposes, from deepfakes and phishing to automated ransomware attacks.

As soon as we set out to research this topic, we realized its that its immense complexity and interdisciplinary features could easily fill an entre tome or even a series of books. However, as we know our readers are busy and would prefer to keep up with the most relevant developments in this field, we instead opted to pick the brains of some of the most talented people in the cybersecurity industry.

Below, you will find some opinions from several industry leaders, all of whom are facing the various aspects of this struggle on a daily basis in their respective fields:

How effective is AI in detecting and responding to cyber threats compared to traditional methods?

Lars Koudal, CEO of WP Security Ninja:

AI has changed the game in threat detection and response. Traditional methods often fail against the evolving tactics of cybercriminals. AI can analyze huge amounts of data, spot patterns, and detect anomalies in real time.

At WP Security Ninja, we focus on finding security weaknesses and protecting sites from attacks. While we haven’t fully used AI yet, its potential is huge. AI can spot new threats that don’t follow usual patterns, like zero-day attacks. It can also make responses faster, suggesting or automating fixes before a human can.

The big difference is that AI learns and adapts. It gets better over time, making it more effective against changing threats.

—–

Bri Frost, Director of Security and IT Ops Curriculum at Pluralsight:

At its core foundation, Security has been and always will be a cat and mouse game. Cyber defenders improve their security controls, alerts and detections until, eventually, attackers find another way around them. As technology gets more and more complicated, that allows for more and more entry points that can be left vulnerable. So do I see a future where AI is detecting and mitigating cyber threats? Not truly. I think there will be a lot of vendor tools and platforms that boast AI-powered detections, but that’s an ineffective technique to rely on our organizations’ security. The way these AI-defense tools will be trained to identify attacks is basic measures. Attackers already have this information and are constantly finding ways to evade these defense techniques. They will continue to do so, whether it’s done via traditional analysts or LLM-trained AI models.

—–

What are the most significant benefits of automating security tasks with AI?

Lars Koudal, CEO of WP Security Ninja:

Automation has always been key in cybersecurity, and adding AI takes it further. AI lets us automate tasks like scanning for vulnerabilities and monitoring for suspicious activity. This frees up IT and security pros to focus on more important things.

For WP Security Ninja, automation means keeping websites safe without daily manual checks. We automate scans and alerts to prevent mistakes, a big risk in cybersecurity. AI can also automate complex tasks like analyzing logs and responding to threats in real time.

AI automation is great because it scales well. It works for one site or many, providing consistent and reliable protection every time. There are a lot of possibilities for AI to be used for automating processes.

—–

How can AI be used in threat hunting to identify and neutralize threats proactively?

Lars Koudal, CEO of WP Security Ninja:

AI has huge potential in proactive threat hunting. Unlike old methods, AI scans for unusual patterns and behaviors in real time. It analyzes a lot of data from network traffic, system logs, and user behavior. It would be close to impossible for a human to try to program the different circumstances and if-then logic, an AI would not need anything but rough instructions.

When AI gets smarter, it will know all about past attacks and weaknesses. It will spot patterns and find problems before we do. Or, it can make us double-check things that seem off.

This proactive approach could change how organizations handle security. It makes it possible to not just react to threats but also prevent them from getting worse.

—–

What are the risks associated with adversarial AI, where attackers use AI to outsmart defensive systems?

Bri Frost, Director of Security and IT Ops Curriculum at Pluralsight:

A common term I’m seeing discussed a lot right now is AI-powered attacks. And I think we need to be careful when using this term as it tends to immediately assume that AI is going to increase the sophistication of cyber threat actors. Now AI is going to be used in phishing attacks, crafting sneaky, targeted emails and deepfake videos. AI can be used in nefarious ways to disseminate misinformation and spread fear or confusion. When it comes to advanced threat actors, or APT groups, they will likely use AI capabilities to increase the efficiency and scale of their attacks. They can send out multiple campaigns to multiple kinds of targets more effectively, use chatbots for ransomware negotiations and many more use cases. However, AI is not increasing the sophistication of attacks, code or techniques from these types of groups. An advanced threat actor isn’t going to go to ChatGPT, or the like, and ask it to spit out exploit code. They have crafted very detailed malware that’s connected to their infrastructure which isn’t something that AI is capable of doing. Therefore using the same defensive controls and measures to effectively defend against common attackers, will also defend against any campaign that uses AI for scale.

—–

What are the main challenges and limitations of implementing AI in cybersecurity?

Yaroslav Savenkov, CEO of ZoogVPN:

Well, from a VPN point of view where we must focus on both cybersecurity and privacy, it’s very important to keep the balance. This is a no-brainer that the fuel of all AI tools is data. Yet, when it comes to VPNs and their use cases – we want to make sure the third parties get as little data as possible, but at the same time we all try to utilize AI in a way that benefits the privacy and security of a given customer. So, we’d say that the biggest challenge here is to make sure we don’t sacrifice users’ privacy when building cybersecurity solutions on top of AI even if it looks very attractive to use some of this data and “feed” machine learning algorithms with them.

At the same time, it creates certain limitations for us because if there is no data to exploit, there will be no result. When we discussed it with our engineers, they suggested abstracting AI from customer data and focusing on pure tech solutions, such as new encryption algorithms that will be able to adjust dynamically and self-improve over time as well as different server-side services that need to be improved for sure in all cybersecurity solutions nowadays.

—–

What ethical considerations should be taken into account when deploying AI in cybersecurity?

Yaroslav Savenkov, CEO of ZoogVPN:

First thing first – as a CEO of a VPN service, I believe ethical considerations in cybersecurity, especially with VPNs, are paramount. When we are talking about cybersecurity, we have to understand that user privacy is a top priority. Our users trust us with their personal data, so we must ensure it is handled securely and never logged or shared without consent. Providing cybersecurity solutions is not only about protecting people from external threats, it’s also about making sure the service they are using actually does what it tells. Even if the temptation to sacrifice some privacy is too high, we have to keep our word and make sure we do what users expect us to do – keep them secure from all parties.

Second, transparency is critical. Users should know exactly how their data is being used and protected and there should be no surprises. This is hard to prove and we used to rely on third-party reviews or independent researchers, but our team strongly believes this is where AI can step in. We can outsource all transparency concerns to AI and create some universal ways to check whether a given service is fully transparent to its users or not. Of course, the AI itself should be built with transparency and genuine commitment to the user.

Finally, trust is built on integrity—AI and automation can help secure networks, but human oversight must remain to ensure fairness, prevent false positives, and handle nuanced decisions. Last but not least, we have to ensure that no cybersecurity solutions are used for malicious purposes and we see a huge potential of AI that can regulate and decide it over humans here.

Conclusion

The rise of AI has upended many industries, yet the term is often misunderstood and concerns about AI are often misplaced. As these opinions indicate, many of its factors will not critically change the way cybersecurity operates, but will rather enable both mass-offense and mass-defense operations and will introduce some new factors into the game. Cybersecurity experts will have to start paying attention to extra concerns and performing additional precautions.

We would again like to express special thanks to the companies/organizations whose leaders took time out of their schedules to share their expertise with Wizcase’s audience:

WP Security Ninja – For over a decade, Security Ninja has been the guardian of thousands of websites, empowering site owners to navigate the digital space with confidence. This extension has seen a rapid rise in popularity in recent years as more and more tech pros embrace the utility it provides.

Pluralsight – Pluralsight provides advancements for the world’s tech workforce by unlocking opportunity for the underrepresented, increasing access to tech skill development, and promoting diversity in the tech workforce. Pluralsight has also been ranked no. 10 on Fortune’s Best Workplaces in Technology 2020 list.

ZoogVPN – ZoogVPN is the complete and trusted all-in-one VPN service that protects users’ sensitive personal and financial information online by using a highly encrypted VPN tunnel. Its core mission is “Breaking down Internet barriers and censorship for complete Internet freedom and privacy from anywhere”.