Despite rising threats from AI-powered cybercrime, proactive defence remains patchy among global enterprises.
An Alarming Disconnect
While AI is revolutionizing enterprise operations, it’s also rapidly becoming a tool of choice for cybercriminals. A new global study by Trend Micro highlights a disturbing trend—security leaders are aware of the dangers, but many aren’t acting fast enough. Despite a 219% spike in malicious AI tool mentions on the dark web, only 53% of security leaders believe AI will increase cybersecurity complexity.
Warnings Ignored
The UK’s National Cyber Security Centre had already warned in 2024 that AI would “almost certainly” increase the volume and impact of cyber-attacks. Cybercriminals are now weaponizing jailbroken AI tools, such as ChatGPT and FraudGPT, to automate phishing, write malware, and exploit vulnerabilities more efficiently. Gartner predicts that AI agents will reduce the time needed to hijack accounts by 50% by 2027.
Shadow IT and Swelling Attack Surfaces
AI-as-a-service tools are creating new risks, including employees unknowingly sharing sensitive data, opaque AI models, and misconfigured large language models (LLMs). These add to existing exposures from cloud systems, remote work setups, IoT devices, and digital transformation efforts. Already, 73% of surveyed organizations have experienced security incidents due to unknown or unmanaged assets.
Proactive Security Still Rare
Despite 91% of security leaders linking attack surface management to business risk, only 40% use dedicated tools to manage it, and less than half monitor third-party vendors. Budget allocation is equally underwhelming, with only a quarter of the funds devoted to these critical activities.
AI Can Be a Defender Too
There is hope. AI-enabled tools are helping security teams detect vulnerabilities, misconfigurations, and breaches in real-time. However, for AI to be a force for good, security leaders must urgently align their strategy, tools, and secure boardroom buy-in.
As cyber risks evolve, indifference is no longer an option.
