Library Header Image Library Header Image

AI in Cybersecurity: The Double-Edged Sword of Attack and Defense


Posted on by Tatyana Sanchez

In today's digital landscape, AI has flipped the script for both cyber defenders and attackers. Cybercriminals are leveraging AI to deploy sophisticated attacks within minutes and continuously expand their methods. On the flip side, cyber professionals are utilizing AI to defend against these very attacks.

How is AI Being Used in Cybercrime Today?

In an RSACTM 2025 Conference presentation, one of the panelists, Derek Manky, Chief Security Strategist & VP Global Threat Intelligence at Fortinet, stated, "Cybercriminals are opportunistic, they follow a path of least resistance most of the time, until there is resistance." Cybercriminals are always looking for new, innovative ways to attack because as defenses improve in one area, they'll quickly pivot to exploit vulnerabilities elsewhere, whether that's through emerging technologies, unpatched systems, or human error.

Manky highlighted common AI attacks being used today, such as tools like FraudGPT. These are versions of GPT models taken offline and adapted for cybercriminal use, operating with no ethical restrictions. They are leveraged to craft region-specific language for sophisticated phishing and smishing campaigns. Additionally, blackmailer and extortion kits are openly sold on the dark web, alongside other new illicit services. Another AI attack method is evil proxy, offering a way to set up proxy phishing sites specifically targeting banks, utilizing AI to bypass multi-factor authentication (MFA) and steal credentials.

Nadir Izrael, CTO & Co-founder at Armis, also highlighted other common AI attacks being used today in his RSAC 2025 presentation, which include:

  • Deepfakes
  • Malware and polymorphic
  • Enhanced botnets & Distributed Denial-of-Service attacks
  • Adversarial attacks
  • Phishing and spear phishing
  • Automated exploit development
  • Credential stuffing and password cracking
  • Ransomware

In 2025, AIhasn't reinvented cybercrime—it has industrialized it. AsManky noted, tasks that attackers previously had to do manually are now being augmented by cybercriminals due to AI. These examples underscore the pervasive and evolving nature of AI-powered attacks in cybercrime.

How Does AI Bolster Defense?

Fortunately, AI defends as well as it attacks. And the integration of AI has significantly simplified the management and mitigation of threats within AI-driven proactive threat and exposure management systems. As highlighted by David Gruber Principal Analyst, Security Operations at Enterprise Strategy Group and Tyler Shields, Principal Analyst, Risk and Security at Enterprise Strategy Group in their RSAC 2025 presentation, the advancement of  proactive threat and exposure management is largely due to three key factors: API-driven environments, which empower program operations; the availability of big data and affordable storage, and of course AI.

According to Shields, "Now we have to analyze data with AI, as it makes it difficult to catch up to hackers using AI due to their speed and efficiency without using AI ourselves to defend against them."

Furthermore, AI and machine learning (ML) bolster defenses against AI-powered attacks by analyzing millions of data points, understanding the operational environment, and providing institutional awareness. They also alert teams to any changes in the environment and threat landscape. Organizations should also use automation for proactive security.

What About Small-to-Medium Sized Businesses (SMBs)?

As we know, SMBs are vulnerable to AI attacks. Lessie Skiba, Deputy Managing Director, at Cyber Readiness Institute and Jeremy Beam, Sr. Solutions Architect at Digital Charter talked about using AI to make business continuity plans for SMBs in their RSAC 2025 presentation. Beam highlighted that “73% of SMBs experienced a cyberattack or data breach in the past year,” and Skiba went on to say that SMBs are more vulnerable to such attacks because they normally do not have the budget, a robust plan, or the necessary experience.

Thankfully, the Cyber Readiness Institute (CRI) offers free online resources and guidance for SMBs. They also have an AI-enhanced business continuity guide designed for teams of any size, from a small 1–2-person pizza shop to a business with over 100 employees, as Beam stated.

Even better, CRI has built a new AI-powered business continuity plan tool. The Cyber Readiness Institute compiled thousands of documents to help SMBs with incidents and disasters. This new tool leverages all of that information, bringing expert-level guidance to SMBs. It's an on-demand, accessible, intelligent AI assistant specifically designed to simplify continuity planning for SMBs.

This interactive, AI-driven advisor helps prioritize speed and usability, requiring zero technical background. Even individual departments can use it to understand how to apply continuity within their specific area, translating overwhelming processes into easy, actionable advice as Beam emphasized.

AI presents a double-edged sword in cybersecurity.  By embracing AI-driven solutions and leveraging resources like those from the Cyber Readiness Institute, organizations of all sizes can strengthen their defenses and navigate the evolving threat landscape more effectively.

Contributors
Tatyana Sanchez

Senior Coordinator, Content & Programming, RSAC

View More Blogs

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSAC™ Conference, or any other co-sponsors. RSAC Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.


Share With Your Community

Related Blogs