Efter nya cyberhoten: “Bekämpa AI med AI” – Svenska Dagbladet

Global enterprises are increasingly deploying artificial intelligence to defend against a new wave of AI-powered cyberattacks, a strategy often described as “fighting AI with AI” to match the speed and scale of automated threats. According to security analysts and government agencies, this shift is necessary because traditional, signature-based defenses cannot keep pace with malware that evolves in real-time.

The transition to AI-driven security comes as attackers utilize Large Language Models (LLMs) to automate the creation of highly convincing phishing emails and develop polymorphic malware that changes its own code to evade detection. This arms race has moved cybersecurity from a reactive posture—where defenders respond to known threats—to a predictive model based on behavioral analysis.

The urgency of this shift was highlighted by a February 2024 incident in Hong Kong, where a finance worker transferred $25 million to fraudsters after being deceived by a deepfake video call featuring a digitally recreated chief financial officer and other staff members, as reported by the BBC. This event demonstrated that AI can now bypass traditional human intuition and multi-factor authentication processes.

How AI is automating cyberattacks

Attackers are using generative AI to remove the “human” tells that previously signaled a phishing attempt. While older phishing campaigns often contained grammatical errors or awkward phrasing, LLMs allow attackers to generate perfect, context-aware prose in any language. This enables “spear-phishing” at a scale previously impossible, where thousands of personalized messages are sent to specific targets simultaneously.

Beyond communication, AI is being used to automate vulnerability research. Attackers employ AI tools to scan vast networks for software flaws faster than human researchers can patch them. Some advanced malware now incorporates machine learning to “sense” when it is being analyzed in a virtual sandbox—a common security tool—and will remain dormant or change its behavior to avoid being flagged as malicious.

The risk extends to “credential stuffing” and password cracking. AI models can now predict common password variations based on leaked data patterns, significantly reducing the time required to breach an account. This automation removes the need for a highly skilled human operator to manage every stage of an attack, lowering the barrier to entry for cybercriminals.

The mechanics of AI-driven defense

To counter these threats, cybersecurity firms are integrating AI into Security Operations Centers (SOCs) to handle “alert fatigue.” In traditional systems, security analysts are often overwhelmed by thousands of daily alerts, many of which are false positives. AI filters these alerts, prioritizing the most critical threats based on risk scores.

Behavioral AI represents a fundamental shift from “signature-based” detection. While old systems looked for a specific “fingerprint” of known malware, behavioral AI monitors the network for anomalies. For example, if a user who typically accesses files from London at 9 a.m. suddenly begins downloading gigabytes of encrypted data from an IP address in another country at 3 a.m., the AI can automatically isolate that account in milliseconds.

Automated response, or “SOAR” (Security Orchestration, Automation, and Response), allows the system to take immediate action without waiting for a human operator. This includes shutting down compromised ports, revoking access tokens, or deploying emergency patches across thousands of endpoints simultaneously. According to the National Institute of Standards and Technology (NIST), managing these AI risks requires a framework that emphasizes transparency and the ability to “human-in-the-loop” critical decisions.

The risks of relying on AI for security

The deployment of AI in defense introduces new vulnerabilities, specifically “adversarial machine learning.” This occurs when attackers intentionally “poison” the data used to train a security AI, teaching it to ignore specific types of malicious activity. If an attacker can influence the training set, they can create a “blind spot” in the defense system.

The risks of relying on AI for security

There is also the risk of “hallucinations” in AI-driven security tools. If a security LLM incorrectly identifies a legitimate system update as a massive attack, it could trigger an automated response that shuts down an entire company’s operations. This creates a tension between the need for speed and the need for accuracy.

Furthermore, the reliance on AI may lead to a skills gap. As automated tools handle the bulk of threat detection, there is a risk that junior analysts will not develop the fundamental manual hunting skills required to identify “black swan” events—attacks that are so novel that the AI has no historical data to recognize them.

Institutional and regulatory responses

Governments are now treating AI cybersecurity as a matter of national security. In the United States, the Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance on the secure use of AI, emphasizing that organizations must vet the third-party AI tools they integrate into their security stacks.

Institutional and regulatory responses

In the European Union, the EU AI Act establishes a risk-based framework that classifies certain AI applications as “high-risk.” This includes AI used in critical infrastructure, requiring these systems to meet strict standards for data governance, documentation, and human oversight to prevent systemic failures.

Industry standards are also evolving. The shift toward “Zero Trust” architecture—where no user or device is trusted by default, regardless of their location—is being accelerated by AI. In a Zero Trust environment, AI continuously verifies the identity and behavior of every entity on the network, rather than granting a one-time entry pass.

The next major checkpoint for AI security regulation will be the continued implementation of the EU AI Act’s mandates throughout 2025, which will force companies to disclose the training data and risk assessments of their security AI. Readers can monitor updates on these regulations through official European Commission portals.

Do you believe AI will eventually eliminate the need for human security analysts, or will the “human-in-the-loop” always be necessary? Share your perspectives in the comments below.

Leave a Comment