Can Security Teams Trust AI? Experts Debate

The rapid integration of artificial intelligence into business operations presents a profound security paradox. While AI offers powerful tools for defense and efficiency, it simultaneously fuels a new generation of sophisticated cyber threats, creating a critical gap between innovation and organizational readiness. Reports reveal rising AI-driven attacks, hidden usage across enterprises, and widening gaps between innovation and security readiness. This dual-edged nature forces companies to govern AI responsibly while preparing for threats that evolve faster than traditional defenses can adapt.

Across the development lifecycle, AI creators are implementing layered controls. These measures include training models to reject harmful requests, deploying real-time input and output filters, and utilizing tracking tools like provenance tags and watermarking for post-incident analysis. This multi-stage approach aims to build safety directly into the technology’s foundation.

However, these defensive measures are countered by the weaponization of AI by malicious actors. Scammers now leverage these tools to generate convincing fake voices, videos, and personalized messages in seconds. These capabilities make it exceptionally difficult to identify fraud based on traditional cues like tone or grammatical errors. Despite widespread awareness of these risks, many individuals and organizations continue with habits that inadvertently aid attackers.

The adoption curve for AI is unprecedented. More than 1.2 billion people have used an AI tool within just three years of its mainstream debut. This blistering pace places immense and uneven pressure on governments, industries, and security teams to keep up. Within organizations, AI is fundamentally altering data workflows. The very tools that boost productivity can create new vulnerabilities, with many security leaders admitting they lack visibility into how generative AI handles sensitive information. Concerns range from employees pasting confidential data into public chatbots to internal models being trained on corporate data without proper oversight.

The impact is particularly acute in software development. AI coding tools are reshaping how software is written, tested, and secured. While they promise dramatic speed, that velocity often comes with hidden costs. A significant majority of organizations now use AI to generate production code, and many have directly observed new vulnerabilities introduced as a result. A survey of 450 professionals across the US and Europe, including developers and security engineers, confirms that while AI adoption within software teams is accelerating, the necessary security guardrails have not kept pace.

This readiness gap extends to broader enterprise risk management. Over half of organizations report deploying AI-specific security tools and training teams in machine learning, yet few feel prepared for the governance demands of impending AI regulations. A stark assessment finds that 90% of organizations are not adequately prepared to secure their AI-driven future, with a majority operating in an “Exposed Zone” lacking both cohesive strategy and technical capability. For instance, a large percentage lack essential data and AI security practices needed to protect critical business models and cloud infrastructure.

Corporate boards are dedicating more time to cybersecurity but still grapple with demonstrating how investments translate to business performance. The conversation has shifted from whether to fund protection to how to measure its return on investment. The rapid integration of AI, automation, and edge technologies is creating faster, more complex risks that demand new levels of executive oversight.

This rush to deploy AI is reshaping corporate risk posture. A global study indicates that while most companies are adopting AI quickly, many are unprepared for the strain it places on their systems and security. A small cohort of “Pacesetter” organizations stands apart by treating AI readiness as a core strategic priority, planning for scale, building robust infrastructure, and embedding security from the start.

The threat landscape is intensifying, with ransomware remaining a primary danger. Numerous ransomware gangs are now abusing AI for automation, contributing to the growth of cybercrime-as-a-service (CaaS) models. On dark web markets, AI tools are becoming accessible to less skilled criminals, democratizing sophisticated attack capabilities and lowering the barrier to entry for cybercrime.

Internally, the perceived impact of AI varies dramatically. While 71% of executives believe AI has significantly boosted security team productivity, only 22% of frontline analysts agree. This stark perception gap points to deeper issues with operational effectiveness and trust in the tools. Furthermore, organizations have alarmingly little oversight; they lack visibility into nearly 90% of AI usage despite having policies in place. While usage is concentrated in a few well-known applications, a long tail of “shadow AI” tools operates undetected, leaving security managers unsure where to apply controls.

The financial stakes are enormous. Most enterprises report a marked increase in AI-powered bot attacks over the last two years, and over half have suffered financial losses ranging from $10 million to over $500 million due to cyberattacks. In response, investment is soaring. AI-powered solutions currently constitute over a fifth of cybersecurity budgets, with projections showing that share rising to more than a quarter by 2026. Most organizations find greater value in purchasing these AI security solutions rather than attempting to build them in-house.

The consensus is clear: AI-powered cyberattacks are powerful new weapons that will only grow in prevalence. A large majority of IT leaders are concerned about nation-states using AI for smarter, targeted attacks, and many organizations admit they are stuck in a reactive posture, responding only after damage occurs. Closing the gap between today’s defenses and tomorrow’s AI-driven threats requires urgent and strategic action.

(Source: HelpNet Security)