In today’s digital age, the intersection of artificial intelligence (AI) and cybersecurity is a battleground. On one side, AI brings powerful tools for defence and detection; on the other, it empowers a new breed of cyber-criminal actors. 

Global technology companies such as OpenAI and Microsoft Corporation have confirmed that threat-actors are increasingly leveraging artificial intelligence, especially large-language models and generative-AI tools, to automate phishing campaigns, fabricate fake résumés, run social-engineering operations, develop malware and conduct large-scale cloud-based attacks.

This blog post highlights how AI is changing both sides of the fight.

The promise of AI in cybersecurity

Artificial intelligence offers tremendous potential for strengthening cyber-defences. Key advantages include:

• Automated threat detection: AI systems can monitor enormous volumes of network traffic, logs and user behaviour, spotting anomalies that may signal attacks.

• Rapid response: With machine learning models, responses to detected threats can be faster, reducing the window of vulnerability.

• Predictive capabilities: AI can learn patterns from previous incidents and anticipate future risks, enabling proactive defence rather than purely reactive.

• Adaptive defences: As attackers evolve, AI-based systems can continuously retrain and adjust, making them more resilient to emerging threats.

AI is becoming integral to modern security architectures: it is no longer a “nice-to-have” but a foundational tool.

The flip side: AI as a tool for cyber-crime

However, the same capabilities that make AI powerful for defenders also enable attackers. There are several ways criminals are leveraging AI:

• AI-driven phishing and social engineering: Using generative models, attackers can craft highly believable emails or messages, mimicking real employees, brand voices or even voice-calls, raising the bar for detection.

• Automated vulnerability scanning and exploit generation: Attackers can use AI to locate weak points in systems and even generate exploit code, accelerating their time-to-attack.

• Deepfakes and impersonation: AI-generated audio and video make impersonation of executives, employees or vendors far more convincing, enabling fraud, account takeover and other scams.

• Scaling attacks: Where manual attacks required time and skill, AI allows attackers to scale operations rapidly, targeting more organisations, more users, more vectors.

Key challenges at the intersection

Several major challenges emerge from this dual-use nature of AI in cybersecurity and cyber-crime:

1. Model robustness and adversarial attacks

AI systems themselves are vulnerable. Attackers can feed “poisoned” data, craft adversarial inputs, or exploit blind spots of machine-learning models.

Defenders must therefore not only deploy AI, but also design it to be resilient and monitored.

2. Ethics, privacy and transparency

Because AI often monitors vast amounts of data and behaviour, organisations must consider privacy and ethical implications. That is the importance of transparency: users and regulators expect to understand how decisions are made (or at least the role of AI in them).

Without oversight, the use of AI could erode trust or create regulatory risk.

3. The skills gap and alert fatigue

Even with AI tools, human analysts are vital. Many organisations struggle with a shortage of skilled cybersecurity personnel. AI can help, but only if teams are prepared to interpret, act on and fine-tune AI-generated insights.

Furthermore, too many alerts can overwhelm teams. Prioritisation remains key.

4. Legal, regulatory and geopolitical risks

Cyber-crime empowered by AI transcends borders; when an attack uses AI-generated content or spans jurisdictions, tracing perpetrators becomes harder.

Regulators are increasingly focusing on AI’s role in cyber-risk, meaning organisations must ensure compliance (e.g., with data-protection laws, AI-use frameworks).

The Risks We Must Address

AI’s potential in cybersecurity will only be realized if its development is anchored in responsibility and transparency. Without a common framework, we risk amplifying the very threats we seek to neutralize.

AI systems themselves can become attack surfaces. Malicious actors may manipulate training data, craft adversarial inputs or exploit model vulnerabilities. Security must be built into AI, not added afterward.

As AI monitors networks, users and communications, it must do so in a manner that respects privacy and human rights. Transparency around data use and AI-driven decision-making is essential to maintain public trust.

Global disparities in AI regulation create loopholes that bad actors can exploit. A global charter would establish shared ethical and operational baselines, aligning innovation with accountability.

Even the most advanced AI cannot replace human judgment. Cybersecurity professionals must be equipped to understand, audit and manage AI systems responsibly. Investment in education and cross-disciplinary collaboration is vital.

As defenders roll out AI-driven tools, attackers will continue to innovate using AI to automate, scale and personalise attacks. The result: the race isn’t just about technology, it’s about speed, adaptability and intelligence.

For organisations, that means staying agile: adopting AI is necessary, but not sufficient. It’s about building systems that learn, adapting to threat hunters who may be using AI too, and staying one step ahead in a world where the threat surface is continually expanding.

A Call to Collective Action

AI’s integration into cybersecurity is inevitable, but its direction is a matter of choice. The path forward demands cooperation between governments, industry, academia and civil society to define responsible standards that protect innovation while safeguarding humanity.

A Global Charter would not be a constraint on progress; it would be its foundation. By agreeing on shared principles, we can ensure that AI becomes a force for protection, not exploitation.

As organizations deploy AI across their digital infrastructure, each of us has a role to play:

• Businesses must commit to ethical AI governance and transparent use policies.

• Governments must craft harmonized regulations and invest in education and capacity-building.

• Researchers and technologists must design AI that is secure, fair and explainable by default.

• Citizens and civil society must remain engaged, demanding accountability and equity in digital security.

The Future We Choose

The future of cybersecurity will not be decided by who has the most advanced algorithms, it will be shaped by who uses them responsibly.

A Global Charter for the Responsible Use of AI can help balance innovation with integrity, enabling progress without sacrificing security or human dignity. The time to act is now.

Together, we can build a digital world where AI protects rather than threatens, where technology amplifies trust, resilience and safety for all.