AI-enabled cyber threats are reshaping cybersecurity by enhancing phishing, enabling deepfakes, and automating malware, leading to more sophisticated and scalable attacks. Find out how you can fortify your defenses against these emerging threats with practical tactics.
Artificial Intelligence (AI) has made it easier than ever for bad actors to carry out cyber attacks. A Deep Instinct study found that 75% of cybersecurity professionals have had to “change their cybersecurity strategy in the last year due to the rise of AI-powered cyber threats.” They also found that 97% of respondents expressed concern over their organization facing a security incident “due to adversarial AI.”
The anxiety around AI-assisted attacks is warranted—AI has fueled cyber-attacks in nearly every threat vector. Gone are the days of phone calls with robotic-sounding voices and phishing emails with tall tales of princes and typos. From phishing to vulnerability exploits, AI has enabled attacks to become highly targeted, scalable, convincing, and more evasive.
GenAI, specifically, has taken the legwork out of phishing attacks. Phishing emails no longer have a slew of obvious spelling and grammatical errors or old logos—they appear polished, professional, and legitimate. In addition, bad actors can use GenAI to tailor phishing emails based on data about the recipient, like referencing recent purchases. Threat actors can also use GenAI to craft emails based on the persona and writing style of the sender they’re impersonating.
Studies show that AI-written phishing emails are highly convincing, with 78% of recipients opening them and 21% clicking on malicious links or attachments.
While it’s debatable whether AI-generated phishing emails outperform the click rate of human-generated phishing emails, AI-generated emails are far more scalable and require fewer resources to produce. Since GenAI’s debut, malicious phishing emails have increased by 1,265% and production costs have dropped by over 95%, leading to a significant rise in attacks and potential victims.
Attackers are also using AI to alter their faces and voices, making it easier than ever to impersonate people you know and trust. AI can take information easily found online (like photos, short interview clips, and job details) for these impersonations. Convincing deepfakes are increasingly being used in phone calls, audio recordings, video clips, and video calls.
In fact, earlier this year, scammers successfully stole $25 million from engineering firm Arup by using an AI-generated deepfake to pose as their CFO in a video conference call.
Impersonations of C-level executives are not the only way deepfakes are weaponized, either. Reputations of entire companies are also being threatened through AI-generated synthetic content, which has the potential to spread misinformation and false narratives, like the viral 2019 deepfake of Mark Zuckerberg.
Bad actors also use AI to create malware that can automatically adapt and evolve, enabling it to evade traditional detection methods. AI can assist with the entire malware creation and execution process, from code generation to target identification, behavior modification, and real-time decision-making.
While talk of the use case of GenAI creating malware has existed since its emergence, there’s been very little evidence of attackers using it to write malicious code in reality. However, the September 2024 HP Wolf Security Threat Insights Report outlined and identified a malware campaign that was “highly likely to have been written with the help of GenAI.” The report continues, “The activity shows how GenAI is accelerating attacks and lowering the bar for cybercriminals to infect endpoints.”
To combat increasingly sophisticated AI attacks, organizations need a comprehensive approach that considers people, processes, and technology. While comprehensive, it does not need to be complicated. Below are practical tactics that can help you fortify your defenses.
1. Executive Sponsorship: Cybersecurity is everyone’s responsibility. Executives must prioritize and resource it properly.
2. Training and Awareness: Educate employees about AI threats through realistic simulations to improve their awareness and response. (Stratascale recommendation: executive tabletop exercises are a great way to increase awareness while engaging organizational leadership.)
3. Cybersecurity Culture: Promote a security-conscious culture where employees feel compelled to follow best practices and are even celebrated for reporting suspicious activities.
1. Access Controls: Limit data access to what’s necessary for each role, and ensure vigilance among those with higher access.
2. Business Controls: AI is most often used to attack the human firewall—make sure basic process protections are in place such as verification of financial transactions above a limit through a trusted channel.
3. Continuous Monitoring: Implement real-time monitoring to detect and respond to threats quickly.
4. Incident Response Plan: Regularly update—and test—your response plans to consider AI-powered threats.
1. Innovative Security Tools: As ironic as it may sound, AI can be a strong defensive weapon. Consider your own strategic use of AI-enabled tools for detecting and preventing threats.
2. Security Automation: Automate arduous or repetitive security processes to make your security team more efficient and focus their time on the threats that truly pose a risk vs. false positives.
3. Advanced Threat Intelligence: Leverage AI to analyze data, identify patterns, and anticipate threats quickly, strengthening defenses.
AI-fueled attacks may be pervasive, but they aren’t unstoppable. Understanding your threat vectors and focusing on fundamental security practices can help strengthen your defenses and make an AI attack less effective.
Looking for more practical ways to protect your business against emerging threats? Continuous penetration testing could be your new offensive weapon – learn more.
Practical Guidance & Threat Intelligence
Stay a step ahead of the competition–and attackers–with fresh perspectives, practical guidance, and the latest threat intelligence.
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.
Learn how explainability, governance, and auditability in agentic AI systems help ensure safe, ethical, and accountable deployment while keeping innovation on track.
Our team shares key takeaways from Black Hat 2025, including why foundational security practices, AI governance, and insider threat management are more critical than ever for building resilience and aligning cybersecurity with business strategy.
As work becomes more distributed, securing access without slowing productivity is essential. Learn how modern access browsers deliver enterprise-grade protection with a seamless user experience.
As cyber threats evolve, guarding your organizational data becomes increasingly important. Discover tactical ways to build AI-era protection for sensitive information.
To strengthen threat detection and accelerate compliance efforts, tool sprawl needs to be kept under control. Here are four steps to optimize your security tools and combat technology sprawl.
