The rapid advancement of Artificial Intelligence (AI) is fundamentally reshaping the cyber threat landscape, amplifying both the volume and sophistication of attacks. As attackers leverage AI to generate more convincing phishing content, develop virtually undetectable malware, and automate exploit discovery, defenders face an escalating technical risk with limited room for error. Traditional detection-based security measures, already facing a challenging environment with zero-day threats and false positives, may struggle to keep pace with these AI-driven threats. In this evolving environment, organizations should reconsider their approach to cybersecurity, shifting toward preventative solutions designed to neutralize threats before they enter an organization’s systems.
AI Disproportionately Increases Defenders’ Technical Risk
Cyber defense is an asymmetric discipline where nefarious and creative attackers have an advantage. In an environment where the cost of a data breach averaged $4.4M in 2024, defenders have little margin for error in preventing chinks in their organizations’ cyber armor from expanding into costly ransomware, data theft, or disruption attacks. The stakes are even higher for critical infrastructure, where nation state-linked actors like Volt Typhoon are “preparing to try to shut down the U.S. electric grid and […] water systems.”
The costly impact of breaches, combined with the asymmetry between attackers’ and defenders’ goals in cybersecurity, mean that an increase in the volume or sophistication of cyber attacks poses a significant challenge for defenders. Unfortunately, developments in offensive uses of AI seem to indicate that AI is increasing attackers’ capabilities along both dimensions.
The advent of generative AI has already led to a marked increase in the quantity of distribution vectors for malicious content and will likely increase the amount of weaponized attack code. Since the release of ChatGPT in 2023, the number of phishing-related websites has increased by 138%, and the number of phishing emails increased by 1,265% between the fourth quarter of 2022 and March 2024. Concerningly, the new generation of AI is increasing not only the number of venues for hosting malicious content, but also the variety of exploits available – a 2024 study revealed that GPT-4 was able to generate exploit code based on plaintext vulnerability descriptions in the publicly-accessible Common Vulnerabilities and Exposures (CVE) database.
In addition to its impact on the quantity of possible attacks, AI has also enhanced the quality of attacks, making them harder to detect. A 2024 study showed that phishing emails generated by GPT-4 alone had a click-through rate nearly double that of a generic manually-generated phishing email; phishing emails generated by GPT-4, prompted using phishing best practices, generated clickthrough rates as high as 81%. And the ability of AI to generate content that can evade detection is not only limited to human detection – the UK’s National Cyber Security Centre predicted that, particularly for highly capable nation-state threat actors, “AI has the potential to generate malware that could evade detection by current security filters.”
Detection-Based Technology Impedes Productivity and Risks Security
Given the AI-driven increase in volume and quality of cyber threats, the continued use of detection-centric technology poses a risk to not only organizations’ security, but also their productivity. Because such solutions let potentially-malicious content onto organizational systems, they incur not only the primary costs associated with procuring, deploying, and adopting a solution, but also secondary productivity costs associated with false positives and detection and response efforts.
At the individual employee level, this risk is most present in phishing simulations and training, which focus on enabling the employee as a detection mechanism for malicious emails and sites. While the text of phishing emails was once so generic and badly-formed that it was relatively easy for employees to spot them, AI-accelerated content generation and social engineering based on publicly available data – as evidenced by the study on AI-enhanced phishing techniques – removes many of the common “tells” from such emails. This heightened degree of realism poses a threat not only to an organization’s security, but also its productivity (if employees mistakenly identify a legitimate email as potential phishing) and its culture (as employees have reported that emotionally-driven phishing simulations have eroded their trust in their employers).
At the cybersecurity organizational level, the risk of detection is prominently displayed in “zero-days” – exploits so new that endpoint detection and antivirus software cannot detect them and, therefore, cannot stop them. Our recent CYBER360 report found that 70% of IT Risk Analysts thought that detection technologies were flawed due to their blind spot for zero-day attacks. The application of AI to create polymorphic malware – malware that can change its signature to evade detection – may further increase the chances of a detection failure. But even if detection software successfully identifies malicious code, there is a resource cost associated with the increasing quantity of attacks: cybersecurity analysts will have to triage more incidents, and there may be short-term disruptions to employees’ work as a result of malware detection, isolation, and response, which can be costly to productivity.
Deterministic Technologies Offer a Preventative, Zero Trust Alternative
As the AI acceleration of attacks targeting both people and software increases the primary and secondary costs of detection for cyber defenders, deterministic, preventative security solutions can provide an alternative approach. Instead of allowing potentially malicious content onto organizational systems, where a person or computer analyzes it to detect malicious intent, preventative technologies are designed with Zero Trust concepts in mind. Because they do not trust any third-party content, preventative security solutions aim to transform all presented content into inert, safe formats that maintain usability and business value while eliminating malicious code. In the Cyber360 report, 79% of IT Security Directors believed their organization should procure more preventative cybersecurity solutions.
Remote Browser Isolation (RBI) is one example of a preventative cybersecurity technology designed to remove the risk of malicious webcode reaching corporate systems. By processing all webcode outside the organization and re-rendering browsing as an interactive pixel stream, RBI aims to contain any compromises on easily-reimaged virtual or hardware systems. Hardware-enforced security (Hardsec) RBI adds an additional level of security to the model by using hardware to transform web content to pixels, dramatically reducing the risk that an adversary could compromise the transformation mechanism. Using RBI, organizations can mitigate the risks associated with web browsing – whether it’s accidentally ending up at a malicious site during research or clicking on a particularly convincing phishing link – while providing their employees with the Internet access needed to achieve business objectives.
While RBI processes the links in phishing emails and the malicious websites they lead to, Content Disarm and Reconstruction (CDR) can process the files attached to emails and hosted on websites. Advanced CDR solutions open files outside an organization’s network perimeter and identify only the necessary business content (e.g., text, images, etc.) that users would need from that file. It then creates a new file using the known safe, useful content – a process designed to eliminate potential malicious content (e.g., malware, macros, etc.) in the new file. CDR enables organizations to present usable, business-relevant data to their employees while mitigating the risks associated with compromised files.
As AI enhances attackers’ capabilities, defenders should not rely solely on detection-based security to safeguard their organizations. Preventative technologies, such as RBI and CDR, can offer a proactive approach to neutralizing threats while maintaining business productivity. Designed to transform web content and files into safe, usable formats, these solutions align with Zero Trust principles and reduce reliance on reactive detection. In the face of AI-accelerated cyber risks, adopting a preventative security strategy is not just an improvement; it’s a necessity.
