Where is AI most useful in cybersecurity?

There’s no doubt that attackers are becoming more sophisticated thanks to AI. These days, a threat actor can ask an AI chatbot, “Write me a PowerShell script on how to attack this active directory domain.” The only way to fight AI at the speed of AI … is with AI. 

But use cases for AI are endless in every industry. From driver assistant tools in the automotive industry, to diagnostic and treatment recommendations in healthcare, to personalized recommendations and customer support chatbots in retail, it’s easy to dream up (or ask an AI chatbot) all the ways AI can help. But within security teams, budgets, time, and resources are limited. Where can AI help the most? 

1. Enhancing email defense

Even with improvements in security measures and greater awareness among users, business email compromise (BEC) and other social engineering attacks continue to flourish, resulting in $43 billion in losses over the last five years.¹ AI has elevated the volume and sophistication of BEC. Attackers launch AI-driven phishing campaigns that mimic communication of actual employees from real companies with alarming accuracy, tricking users into executing harmful actions on the attacker’s behalf. 

Traditional security email gateways (SEGs) struggle to detect and intervene, as these emails lack traditional indicators of compromise, such as illegitimate domain. An AI-native email security solution can analyze all email content between senders and receivers. These tools can analyze the behavior of typical communications and highlight anomalies, even if a sender’s email has been compromised. If the tone of an email is different from how they typically ask for things, this technology can detect that.  

2. Accelerating incident response

In the event of a cyberattack, a streamlined response is crucial to successful defense. AI can automate incident response processes for security operations analysts, making triage and response more efficient.  

By integrating AI with security information and event management (SIEM) systems, security orchestration, automation, and response (SOAR) technology, and other incident response tools, organizations can automate security alerts, prioritize incidents based on their severity, and initiate predefined response actions. This not only speeds up the response time but also reduces the burden on security teams, allowing them to focus on more complex tasks.

3. Scripting, analyzing, and writing 

We are still far from many AI advancements, but AI’s ability to digest and analyze normalized, parse-able data is one functionality that is already changing the game for tasks involving language and code. An AI chatbot can exponentially expedite an InfoSec team’s ability to evaluate an influx of RFP due diligence requests and identify the best suited and most applicable responses, especially in an era when regulations are only multiplying. 

AI-written code can enhance efficiency by automating routine tasks like managing access controls, drafting scripts for threat detection and vulnerability scanning, and also serving as the final “set of eyes” when checking for adherence to standards and protocols. 

A necessity, not a choice 

As cyberthreats become more sophisticated, integrating AI into cybersecurity strategies is no longer a luxury but a necessity. By embracing AI, organizations can face cybercriminals on a level playing field and safeguard their digital assets in 2025 and beyond.

Sources

¹ “Augmenting Your Microsoft 365 Email Security Infrastructure," Abnormal Security, May 2024.