AI Is Both the Weapon and the Shield in Cybersecurity

Artificial intelligence has arrived at a defining crossroads in cybersecurity, and it is not choosing sides. The same technology that security teams are racing to deploy as a defense tool is simultaneously being weaponized by threat actors to attack faster, smarter, and at a scale that was simply not possible a few years ago.

This dual reality is reshaping the world. AI-assisted phishing campaigns now generate convincing lures in minutes rather than days. Infostealer malware powered by machine learning is harvesting credentials at an industrial scale.

And frontier AI models, the most advanced large language models available, have proven capable of autonomously identifying software vulnerabilities and converting them into working exploits in near-real time, collapsing the window defenders once relied on to patch and respond.

At the same time, those same frontier models are being used by security researchers to find and fix vulnerabilities before attackers do. AI-driven security operations centers are detecting threats at machine speed. Behavioral AI is catching phishing attacks that bypass traditional filters.

The battle lines are no longer drawn between humans and hackers. They are drawn between AI-powered offense and AI-powered defense. And right now, the race is dangerously close.

The Numbers Behind the Threat

The data from the past 12–18 months tells a stark story about how rapidly AI has tilted the playing field:

• AI can generate a convincing phishing email in under a minute, compared to up to 16 hours for an experienced human operator, a 192x improvement in efficiency, according to IBM X-Force research.
• AI-crafted phishing emails achieve 54% click rates, versus just 12% for human-written ones, per a 2025 academic study. That’s a 4.5x increase in effectiveness.
• Adversary-in-the-Middle (AiTM) phishing surged 146% in 2024, as attackers used AI-powered kits to proxy sessions, steal authentication cookies, and bypass multi-factor authentication in real time.
• Identity-based attacks spiked 32% in the first half of 2025, according to Microsoft’s threat intelligence team, as adversaries weaponized AI to scale credential-stealing operations.
• Over 300,000 ChatGPT credentials were listed for sale on the dark web in 2025, demonstrating that AI platforms themselves are now prime targets for infostealer campaigns, carrying the same credential risk as core enterprise SaaS systems.
• Malicious deepfakes surged to 8 million in 2025, used in social engineering attacks that deceived executives into fraudulent wire transfers and compromised voice- and video-based authentication.
• The CrowdStrike 2026 Global Threat Report found an 89% year-over-year increase in attacks by AI-enabled adversaries, alongside a 42% increase in zero-day vulnerabilities exploited before public disclosure.
• The fastest observed attacker breakout time, the time from initial access to lateral movement, was just 27 seconds, according to CrowdStrike.
• Frontier AI models can reduce vulnerability discovery and exploit engineering from months to hours, per the Cyber Security Agency of Singapore’s April 2026 advisory.
• Palo Alto Networks disclosed 26 CVEs in a single Patch Wednesday, roughly 5x its usual volume, after testing frontier AI models as part of Project Glasswing, its AI-powered vulnerability research initiative.
• Business Email Compromise (BEC) fraud cost U.S. complainants more than $3 billion in a single year, according to the FBI’s IC3 2025 Annual Report, with AI-generated content now comprising a growing share of BEC attempts.
• 3.4 billion phishing emails are sent daily, and in 2024, there was a 47% increase in phishing emails successfully evading Microsoft’s native security tools and secure email gateways.

How AI Is Being Used as a Weapon

AI has handed cybercriminals an unprecedented force multiplier, enabling faster phishing, smarter credential theft, autonomous exploit discovery, and hyper-realistic deepfakes that make every inbox, login page, and video call a potential attack surface. Here are some examples of how AI is being weaponized:

• Phishing at Machine Scale and Speed
  The economics of phishing have been fundamentally disrupted by generative AI. Creating a convincing spear-phishing email once required hours of research, careful writing, and localization. Today, threat actors use large language models to generate hyper-personalized attack messages at scale, analyzing communication patterns, mimicking writing styles, and tailoring lures to specific targets, all automatically. Okta’s threat intelligence team documented attackers building complete phishing sites in under 30 seconds using generative AI.

• Infostealer Malware and Credential Harvesting
  AI has supercharged the infostealer economy. These tools quietly exfiltrate credentials, authentication cookies, session tokens, and API keys from infected devices, then disappear, leaving minimal forensic evidence. The top five infostealers alone generated more than eight million dark web advertisements in a single year. Because infostealers capture live session material, not just passwords, they can bypass multi-factor authentication entirely, rendering one of the most fundamental security controls ineffective.

• AI-Powered Vulnerability Exploitation
  Perhaps the most alarming development is the emergence of frontier AI models capable of autonomous vulnerability discovery and exploit development. Security researchers at Palo Alto Networks’ Unit 42 describe a world where AI models act as “full-spectrum security researchers,” capable of identifying how multiple weaknesses interact, chaining them into attack paths, and generating proof-of-concept exploits, with minimal human involvement. One example: a 17-year-old FreeBSD vulnerability was fully autonomously identified and exploited by a frontier AI model in 2026. The window between vulnerability disclosure and active exploitation, once measured in weeks or months, is now collapsing to hours.

• Deepfakes and Synthetic Social Engineering
  Voice and video deepfakes have industrialized executive impersonation. In 2025, CFOs received calls from synthetic voices mimicking their CEOs, authorizing millions in fraudulent wire transfers. HR departments interviewed entirely AI-generated candidates. Facial and voice recognition systems, once considered security controls, became attack vectors.

How AI Is Being Used as a Shield

Security teams are fighting back with the same technology, deploying AI to detect threats at machine speed, proactively hunt vulnerabilities before attackers find them, and catch AI-generated phishing that bypasses every traditional filter. Here are a few examples:

• AI-Driven Threat Detection and Response
  The same speed advantage AI gives attackers can work for defenders. Behavioral AI systems analyze communication patterns, login flows, and user activity to detect anomalies invisible to signature-based tools. AI-driven Security Operations Centers (SOCs) can investigate, validate, and respond to alerts at machine speed, something human analysts simply cannot do at the volume modern environments require.

• Proactive Vulnerability Discovery
  Frontier AI is also being used by the security community to find and fix vulnerabilities before attackers exploit them. Palo Alto Networks’ Project Glasswing, launched in 2026, uses frontier models to scan its own products at a scale and speed far beyond any traditional testing approach. The goal? To identify and remediate vulnerabilities during the narrow window before adversarial AI makes them widely exploitable. Research teams like AISLE have used AI to discover over 180 externally validated CVEs across 30+ open-source projects, including 15 in OpenSSL alone.

• AI-Augmented Phishing Defense
  Behavioral AI email security tools now detect AI-generated phishing attempts that lack traditional indicators of compromise, have no malicious attachments, no known bad links, and no suspicious domains. Instead, they look at the behavioral fingerprint of the message: timing, relationship context, communication patterns, urgency signals. This represents a fundamental shift in how email defense works, moving from signature-based blocking to anomaly-based detection.

Actionable Steps Organizations Can Take Right Now

Knowing the threat is only half the battle, here are eight concrete steps your organization can take today to reduce exposure, close gaps, and build defenses that can keep pace with AI-powered attacks.

1. Treat AI Platform Credentials Like Crown Jewels
   With hundreds of thousands of AI tool credentials already surfacing on dark web marketplaces, organizations must enforce the same credential hygiene for ChatGPT, Copilot, and other AI platforms as they do for core enterprise systems. Rotate credentials regularly, monitor for dark web exposure, and restrict AI platform access to authorized users only.
2. Deploy Phishing-Resistant MFA, Then Protect the MFA Itself
   Standard SMS-based MFA is no longer sufficient against AiTM attacks. Implement FIDO2 hardware keys or passkeys that cannot be intercepted by proxy-based phishing kits. Treat session token theft as a critical threat vector and deploy tools capable of detecting stolen or replayed authentication cookies.
3. Compress Your Vulnerability Patching Window
   The assumption that you have weeks to patch after a vulnerability is disclosed is no longer safe. Frontier AI models are collapsing that timeline to hours. Implement continuous automated scanning, prioritize exploitability over raw severity scores, and establish rapid patching workflows for internet-facing applications and authentication infrastructure.
4. Adopt AI-Powered Security Tooling
   Fighting AI-driven attacks with legacy tools is a losing strategy. Deploy behavioral AI for email and endpoint security, AI-assisted threat hunting, and AI-augmented SOC platforms. The goal is to match the speed and scale of AI-powered offense with AI-powered defense, not to outthink attackers manually.
5. Run AI-Specific Penetration Testing
   If your organization is beginning to integrate AI into internal systems or customer-facing tools, it is critical to assess how those solutions may introduce new risks. AI-focused penetration testing evaluates whether your implementation could unintentionally expose sensitive data, leak credentials, or reveal internal information to an adversary. These assessments are designed to ensure your AI systems operate securely and provide value without expanding your attack surface.
6. Train Employees on AI-Enhanced Social Engineering
   Deepfakes and AI-generated messages are indistinguishable from the real thing to the untrained eye. Update security awareness training to include deepfake recognition, verification protocols for financial requests regardless of medium, and healthy skepticism toward any urgent communication, even if the voice or face looks familiar. CampusGuard’s Information Security Awareness training includes modules that address AI security and managing AI risks.
7. Establish an AI Governance and Security Policy
   As AI tools become embedded in workflows, organizations must define what data can flow into AI platforms, how AI agent permissions are scoped, and how AI-generated outputs are validated. Ungoverned AI adoption is an expanding attack surface.
8. Monitor Dark Web and Credential Exposure Continuously
   Given the industrial-scale operation of infostealer marketplaces, organizations cannot rely on periodic audits. Implement continuous dark web monitoring so that compromised credentials are identified and rotated before attackers use them.

Final Thoughts

The emergence of AI as both weapon and shield is not a future scenario; it is the current reality of cybersecurity in 2026. The organizations that treat this as a coming threat rather than a present one are already behind.

What makes this moment particularly consequential is the asymmetry. A threat actor using frontier AI to discover vulnerabilities or generate phishing campaigns can operate with minimal resources and maximum impact. Defenders, by contrast, must protect an entire organization across every surface, all the time. AI tips that asymmetry back toward defenders, but only if organizations actively deploy it.

The good news is that the tools exist, the threat patterns are understood, and the actions required, better credential hygiene, faster patching, AI-native security tooling, and updated training, are achievable. The window to act is open now. But based on how fast the AI threat landscape is moving, it will not stay open long.

RedLens InfoSec, CampusGuard’s security team, provides penetration testing against AI-powered tools and environments. They responsibly harnesses AI tools to deliver deeper, more comprehensive assessments. Contact us today to identify vulnerabilities across your AI components before adversaries do.