The cyber threat landscape has changed beyond recognition due to AI, leaving organisations to face a new generation of highly evolved adversaries. Yet the conversation around cyber-risk has failed to keep pace. For years, too many voices in the industry have cried wolf, over-complicating the basics and leaving organisations fatigued by fearmongering and unable to fix the fundamentals.
AI has transformed the methodology, scale and speed of modern cyberattacks. The UK’s National Cyber Security Centre reports that nearly half of the incidents it handles are now classed as nationally significant, with highly significant attacks rising by 50 percent in the last year alone. This is a staggering shift. In this climate, organisations can no longer afford to pull the wool over their eyes and rely on periodic or performative security, and at times a ‘hope for the best’ mindset. If they want to stay ahead of AI enabled attackers, the minimum bar is clear: strong cyber hygiene and continuous network monitoring. Everything else is secondary.
How AI has Supercharged Cybercrime
New research from Gigamon shows the severity of the problem: 83% of organisations have already experienced AI involvement in a security incident in the past 12 months whether through AI driven attacks, internal leaks, unsanctioned use of AI or direct targeting of LLMs. This isn’t a future prediction – it’s happening right now, at scale. AI hasn’t just lowered the barrier to entry, it has bulldozed it. You can see this shift within underground forums in the darker corners of the internet, where references to so-called “dark LLMs” have surged by more than 200%. These are not the models you find employees experimenting with on their corporate laptops. These are open‑source models fine‑tuned for offensive use, models that don’t adhere to ethical constraints or regulatory oversight. With the right download link, anyone can now act as an elite hacker.
This has ushered in the death of security by obscurity. Historically, you had to reach a threshold of importance to warrant a human hacker being put on your case. Now, AI scans everything constantly and everyone is at risk of becoming a target. Kill times that once stretched over months have been slashed to hours and in some cases minutes. The threat is immediate, and it has been underestimated for far too long, largely because years of false alarms encouraged organisations to bury their heads in the sand.
This begs the question: why are the benefits of AI skewed so greatly towards attackers? The answer lies in less speed and access. Defenders can and should use AI, but they must do so responsibly. Their appetite for risk is far lower and tools must be vetted and tested prior to integration. Attackers do not face these limitations and this freedom allows them to move faster and take risks defenders simply cannot. Ultimately, organisations will never be able to AI their way out of an AI attack. They need to lock down the basics.
Why Cyber Hygiene Beats Buying More Security Tools
It is easy to believe that only the most expensive and glamorous new AI technologies can keep organisations safe. However, the truth is far more reassuring. The most effective defence against AI‑driven threats remains strong, consistent cyber hygiene. AI ensures that anything that can be found, will be. This means it must be assumed that every device, service and configuration is visible. In most cases, organisations already have the right tools in place to do this, but lack the discipline and culture to leverage them and apply best practices effectively.
Take patching as an example. In the UK, just 32% of organisations have policies in place to apply critical updates within 14 days – a basic security standard. Discussing cyber risk is too often framed as admitting failure rather than acknowledging a normal business reality. However, cyber risk is merely a natural by-product of doing business in the cloud. Ignoring it doesn’t make it go away and when organisations treat it as taboo warnings are overlooked and attackers find the open door they are waiting for.
Cyber risk must be better understood, recorded and managed, just like any other business risk. Years of over‑dramatisation has only alienated the people who need to engage with it, ultimately benefiting adversaries. Every organisation must maintain a clear view of its internal assets, external exposure and the attack paths an adversary is most likely to exploit.
Continuous Monitoring as the Defining Requirement of the AI Age
Organisations are operating in far more complex environments than they realise. New systems are added without being tracked, configurations change, permissions expand, and forgotten legacy services continue to operate quietly in the background. These small, unnoticed gaps accumulate, and are exactly what AI‑powered attackers are designed to exploit at scale. With continuous monitoring, organisations gain real‑time visibility into what exists. This allows them to see how systems are configured and where risk is emerging.
With continuous monitoring, organisations gain real‑time visibility into what exists. This allows them to see how systems are configured and where risk is emerging. When implemented effectively, it allows for issues to be identified as they arise. Remediation can subsequently be prioritised based on real exposure. In this way cybersecurity transforms from a reactive burden into a sustained operational capability.
You can’t stop AI‑driven attacks from being attempted, but you can have the process in place to shut them down. Attacks inevitably generate signals and SIEM and SOC capabilities are designed to detect those signals, at both application and user level, before threats escalate. Remediation can subsequently be prioritised based on real exposure. In this way cybersecurity transforms from a reactive burden into a sustained operational capability.
At a time where AI is accelerating the scale and sophistication of cyber threats, sporadic security is no security at all. An annual penetration test is not evidence of security maturity or best practice. It is the organisations that embed cyber hygiene and continuous monitoring into daily operations who are far better positioned to adapt and reduce risk. True resilience will belong to those who treat cybersecurity as an ongoing commitment, not an occasional checkbox.
