AI arms race continues, with attackers and defenders vying for position

Just like any war, the AI arms race absorbs resources and time.

Enterprises are embracing the use of AI, CrowdStrike Field CTO Cristian Rodriguez told IT Brew, and working to ensure that they have a strong grasp on how to secure the technology. To make that security effective, defenders are using AI as a force multiplier—but so are attackers.

Victors? The back-and-forth battle over AI has attackers, so far, enjoying more success. While defenders have to abide by regulations and parameters both public and private, attackers aren’t subject to such restrictions.

“AI is turning cybercrime into this assembly line, and attackers and adversaries aren’t constrained by things like change management controls,” Rodriguez said. “They don’t care what your change management window is, nor do they care if you’re working on a holiday or not.”

AI is an accelerator for attackers, one that allows threat actors to use the technology to increase their capabilities. But as NCC Technical Director David Brauchler told IT Brew, there’s a difference between that and the fears that “we would start seeing fully autonomous threat actors, AI becoming the hacker in the hoodie, sitting in a dark room.”

For threat actors, the barrier to entry for utilizing AI has dropped. As Singulr AI CSO Richard Bird noted you can buy access to the technology, or get third-party attacker vendors to deploy it on your behalf. But that’s no excuse for defenders, he added, who should adjust their behavior to match the new AI reality.

“The economic perspective of the corporate world is, ‘We’re going to use AI to eliminate positions,’ and the bad guys are going, ‘I’m going to use AI to do more damage,’” Bird said. “I don’t know that that’s necessarily a friction problem or an overhead problem—I think that’s a poor leadership problem on the corporate side of the equation.”

Spoils. Such concerns don’t mean defenders are completely out of luck: AI allows them to identify threat patterns and danger more easily than before.

“That’s one area where AI really thrives, because it ultimately is pattern matching,” Brauchler said. “When we’re identifying where things don’t quite seem right, AI is a powerful tool to automate what would otherwise require a user to come in and or an employee to come in.”

Both attackers and defenders will use AI to scale up their activities. Rodriguez told IT Brew the technology is “accelerating all of their tradecraft by adding automation into their efforts” for bad guys. But on the security side, AI is also being used to streamline operations, especially with the introduction of AI agents. They allow defenders to reduce workflows and increase speed of investigations, leading to better outcomes for stopping breaches.

“That’s where real automation and more proactive agentic workflows make it into the ecosystem of a responder versus just having a chatbot that sends mass alerts,” Rodriguez continued. “You’re now using AI to enable the defender to act faster, and even have the AI model act on your behalf.”