AI in cyber security: Emerging threats to strategic opportunity

Published
2026-07-13T12:30:21.938+02:00 13 July 2026
Business Digital Intelligence
Location United Kingdom
Artificial Intelligence (AI) is rewriting the rules of cyber security and reshaping the threat landscape. It is both an accelerant for attackers and a force multiplier for defenders.
person wearing glasses reflecting lines of code

On the offensive side, attackers are exploiting AI to automate reconnaissance and attacks, deploying deepfake phishing campaigns that mimic trusted voices – and sometimes video – with alarming precision. Adversarial AI enables threat actors to scale operations at unprecedented speed, compressing what once took weeks into hours or even minutes.

Conversely, AI is transforming cyber defence. Machine learning models now underpin many anomaly detection systems and can be capable of spotting minute deviations in network behaviour to identify attacks faster and more accurately.

The advent of AI – and in particular frontier AI – marks a fundamental shift in what it means to be cyber resilient and the steps required to enhance security posture.

 

The imperative

Over many years, we’ve seen the effectiveness of perimeter-based strategies decline. The AI race has accelerated that trend, as it is harder than ever for organisations to rely solely on perimeter controls to keep all external threats out, especially given the prevalence of legacy technologies within many organisations. As the UK National Cyber Security Centre (NCSC) recently noted, “Whilst frontier AI can ultimately benefit our cyber defences, in the immediate term it is making it easier and faster for attackers to discover and exploit cyber weaknesses.”

The challenges posed from AI enabled attacks represent a broader shift in the risk paradigm. Historically, cyber threats were constrained by human bandwidth, linear attack chains and detectable infrastructure. AI collapses these constraints: capability becomes faster and more widely available, enabling small threat actors to generate outsized impact. In today’s world, risk is defined by the speed, adaptability and autonomy of the adversary – all of which are increasing thanks to AI.

Attack cycles are also shrinking dramatically. Intrusions that previously unfolded over days can now execute in hours or even minutes, putting the onus on organisations to accelerate their detection, response and containment processes. Speed and automation are no longer optional, they are essential, especially where it comes to addressing known technology vulnerabilities (e.g. applying security patches) and conducting incident response.

AI also magnifies existing weaknesses. Out of date and unsupported technologies, fragmented governance and siloed security operations create fertile ground for exploitation. Without a strategic rethink, organisations risk being overtaken by adversaries who move faster and adopt AI more aggressively.

 

The response

Addressing this shift requires the adoption of AI as a foundational element of cyber resilience – something which in general is yet to take place. For example, recent research suggests that AI-driven cyber threats are outpacing defence capabilities, with just 7% of companies using AI in defence despite 60% having faced AI-enabled attacks in the past year.

But a meaningful response requires more than new technology; it demands strengthening the full people‑process‑technology model behind cyber resilience. AI‑enabled defence works only when teams have the skills to interpret insights, when governance processes can act on them quickly, and when operating models support continuous learning rather than static controls. This shift is as much cultural as it is technical.

So, where should companies be focusing? Firstly, organisations must realise that implementation of static controls is not sufficient. A culture of continuous learning and training that enables teams to work confidently with AI tools, redesign workflows to integrate and increase automation and adapt controls is essential.

As the UK’s NCSC notes “Organisations should take these 5 urgent steps to maintain cyber security fundamentals:

  1. Reduce your attack surface
  2. Accelerate patching processes
  3. Address legacy systems
  4. Review and strengthen identity and access controls
  5. Prepare for incidents before they happen.”

 

In respect of legacy systems, Richard Horne, the CEO from NCSC, has stated that: “Our latest Assessment shows that by 2028, it is highly likely that AI-cyber capabilities will be used by attackers against known vulnerabilities in legacy technology in our critical national infrastructure.” Organisations therefore need to start taking action now to identify legacy assets, plan transformation approaches and manage a controlled migration within that timeframe.

In addition, detection and response capabilities need to continuously evolve and adjust their posture dynamically. AI enablement and machine learning can support this by processing vast datasets, identifying emerging attack patterns, and translating signals into actionable insights far beyond human capacity.

Agentic AI – autonomous agents that act, learn and adapt – are starting to redefine security operations. Autonomous defence capabilities are emerging rapidly. AI-driven orchestration can isolate compromised endpoints, patch vulnerabilities and restore operations automatically – delivering tangible benefits in terms of cyber resilience.

Resilience planning must similarly evolve. Integrating AI into incident response enables automated, or semi-automated, handling of basic and repetitive response actions, freeing up analysts to focus on other areas.

However, it’s critical to remember that AI is not a silver bullet. The AI-based cyber controls that are so important amidst the modern threat landscape are equally at risk of being attacked. As such, securing AI controls themselves by protecting against data poisoning and adversarial inputs is something organisations using AI enabled cyber defence need to consider. Equally, taking a strategic rather than tactical approach to AI-enablement, considering risks, benefits and on-going costs to the organisation is essential to consider.

 

What next? Turning insight into action

As AI continues to reshape the cyber domain, the question for organisations is no longer whether AI matters, but how to harness it safely and strategically to defend against adversarial AI-driven attacks.

Organisations that embrace a culture of continuous learning and adaptation will defend more effectively and recover more rapidly. Dealing with AI is not a one-off activity but will need an iterative approach, learning and adapting as organisations evolve.

In an environment defined by speed, automation and adaptive threats, organisations need confidence that their AI journey is secure, aligned to strategic objectives and capable of delivering measurable resilience. Only by fully understanding their unique organisational context will leaders be able to adopt AI effectively and with clarity about how the potential opportunities can be realised.
 

Learn more about AI in Cyber Security or contact our experts today

Subscribe to The Digital Thread to get the latest news and updates straight to your inbox

Contact our experts     Subscribe to The Digital Thread

Get in touch
Simon Viney

Cyber Security CNI Sector Lead

BAE Systems Digital Intelligence