AI and Cybersecurity – Innovation or a New Threat?

The use of artificial intelligence (AI) in vulnerability detection is truly changing the rules of the game. Its algorithms can identify flaws much faster and at a larger scale than traditional scanners or human teams. However, discovery is only half the battle — the real challenge remains patching and response.

Experts note that many vulnerabilities exposed by AI will never actually be fixed:

• Many systems are already outdated, and vendors no longer provide updates.
• Organizations often lack sufficient human resources or time to address every flaw promptly.
• For smaller companies, the financial and technical barriers are even higher.

AI also brings another dangerous aspect: its use by attackers.

• Cybercriminals can leverage AI to automatically design attack schemes, search for exploitable configurations, and generate customized exploits.
• There is a risk that AI agents integrated into internal systems (email platforms, CRMs, databases) could themselves become attack vectors.
• Some state-sponsored groups are already testing AI for targeted extortion and data theft scenarios.

The situation is further complicated by the fact that AI often generates large numbers of false positives. For SOC teams, this can be overwhelming and distract from addressing truly critical issues.

Recommendations:

• Prioritize vulnerabilities: Focus on flaws that pose the greatest risk to business-critical systems.
• Implement compensating controls where patching is not possible (segmentation, MFA, IDS/IPS rules, virtual patching).
• Adopt a “human-in-the-loop” approach: AI can detect and alert, but final decisions and actions must be taken by humans.
• Strengthen incident response plans and include AI-driven scenarios in tabletop exercises.
• Raise employee awareness so staff understand how to work with AI-provided information and assess its reliability.

Artificial intelligence can significantly strengthen security teams, but if organizations stop at detection without effective response, the risks will only grow.