Cybersecurity firms including CrowdStrike, Mandiant, and Palo Alto Networks have all published reports documenting the use of AI-assisted tools in recent major cyberattack campaigns attributed to state-sponsored threat actors. The AI capabilities are being applied primarily to accelerate vulnerability scanning, generate customized phishing content, and adapt malware to evade updated endpoint protection signatures.
The asymmetry between offensive and defensive AI capabilities is a central concern. Attackers need only succeed once while defenders must prevent every attack, and AI tools are proving particularly effective at identifying the gaps in complex organizational security postures that human operators miss under time pressure. The National Security Agency has warned that healthcare, energy, and water sector networks face elevated risk from AI-enhanced attacks in the current threat environment.
