TLDR: Generative AI is rapidly transforming the cybersecurity domain, serving as both a powerful tool for defenders and a sophisticated weapon for malicious actors. While organizations are increasingly adopting AI for threat intelligence and offensive testing, cybercriminals are leveraging it to develop advanced exploits and code, leading to a significant increase in attacks. The evolving landscape necessitates new security frameworks and highlights the growing pressure on cybersecurity professionals.
The cybersecurity battlefield is undergoing a profound transformation with the widespread integration of generative artificial intelligence (AI). This advanced technology is proving to be a dual-edged sword, empowering both digital defenders and malicious adversaries with unprecedented capabilities.
On the offensive front, generative AI is enabling cybercriminals to escalate the sophistication and speed of their attacks. According to a July 9, 2025 report, generative AI allows malicious actors to rapidly develop tools such as exploits and new code. It’s estimated that in 2024, approximately 20% of all new code was AI-generated, a figure projected to grow rapidly. This capability significantly lowers the barrier to entry for less experienced developers, allowing them to quickly deploy complex malicious attacks. The ease with which complex code can be derived from a few prompts into a generative AI interface is a major concern for security professionals.
Conversely, cybersecurity defenders are also harnessing the power of generative AI to bolster their defenses. Organizations are increasingly adopting proactive strategies, utilizing AI in threat intelligence, security operations centers (SOCs), and offensive testing to create faster and more effective responses. For instance, BreachLock, a global offensive security provider, has developed Adversarial Exposure Validation (AEV), a product powered by 16 specialized generative AI agents. AEV is designed to simulate real-world attackers, mapping attack paths, exploiting vulnerabilities, and generating comprehensive, context-rich reports. Seemant Sehgal, founder and CEO of BreachLock, remarked, “It’s crazy to see how quickly that thing can turn out reports of that quality with screenshots and everything else.” He emphasized the company’s mission to ‘shift that discussion left,’ making security a proactive consideration rather than an afterthought.
Beyond traditional enterprise security, generative AI is also finding applications in specialized defense sectors. Seattle-based startup EdgeRunner AI, for example, recently partnered with the Air Force to experiment with generative AI on the service’s nonclassified internal network. This initiative, NIPRGPT, aims to leverage generative AI on a private, air-gapped network to transmit unclassified but sensitive information. EdgeRunner specializes in building on-device AI assistants with occupation-specific adapters for military roles like combat medics, logistics officers, and pilots. Colton Malkerson, EdgeRunner cofounder and COO, stated, “We’re trying to give every warfighter expert advice in a bottle on the fly to help them make better decisions faster and make better decisions more safely.” This approach enhances data security, privacy, performance, and operational security by keeping the system independent from the internet.
However, the rapid proliferation of generative AI also introduces new security challenges. A study highlighted in Security Magazine revealed that 75% of security professionals witnessed an increase in attacks over the past 12 months, with 85% attributing this rise to bad actors using generative AI. Ransomware remains a top concern, with 46% of professionals identifying it as the greatest threat to data security, and 62% considering it the number one C-suite concern. The pressure is so intense that 51% of security professionals are reportedly likely to leave their jobs within the next year due to the stressors caused by generative AI.
Also Read:
- Generative AI: A Transformative Force in Australian Defence and Global Military Strategy
- Grok-4 AI Breached Days After Launch by Novel Dual-Method Jailbreak
Addressing these emerging threats requires new frameworks and guidelines. The 2025 OWASP Top 10 for LLMs (Large Language Models) debunks the misconception that securing generative AI is solely about protecting the model or analyzing prompts. It provides valuable insights into systematically organizing threats and defining necessary solutions across the LLM Operations lifecycle. This includes guidance on ‘Agentic AI – Threats and Mitigations’ and preparing for ‘Deepfake Events.’ As 97% of organizations plan to use generative AI by 2025, the ongoing ‘AI vs. AI’ battle in the cyber realm underscores the critical need for continuous innovation and adaptation in cybersecurity strategies.
