Friend or Foe? How AI Is Powering Both Cybersecurity and Cybercrime

Written By Daniel Eaton

In today’s digital world, artificial intelligence (AI) sits squarely on both sides of the battle line. On one hand, AI is a powerful ally in keeping our networks, data and systems safe. On the other hand, it has become a potent tool for cybercriminals — lowering barriers to attack, automating deception and super‑charging threat vectors. This duality makes AI neither purely “friend” nor purely “foe” — rather, it is a force multiplier, and how it’s wielded matters immensely.

The Promise: AI as Cyber‑Defender

AI and machine learning (ML) are transforming how organisations defend against cyber‑threats. Some of the key positive uses:

  • Threat detection & anomaly identification — AI systems can ingest large volumes of network, application and user‑behaviour data and spot patterns or deviations that signal a potential breach. Blockchain Council+2Akamai+2

  • Automated response & remediation — Rather than waiting for human analysts, AI‑driven tools can accelerate containment and mitigation, reducing the “time‑to‑react.” Akamai+1

  • Behavioural biometrics & profiling — Using AI to profile how legitimate users behave (typing speed, usage patterns, etc.) helps detect when an account is compromised or misused. eipnetworks.ca

  • Proactive threat anticipation — With sufficient data and modelling, AI can help forecast likely attack vectors or vulnerabilities, enabling stronger preparation. People Tech Group+1

  • Scaling defences — In an era of enormous data and many endpoints, AI is helping security teams do more with less — essential given the shortage of security talent.

In summary: when properly implemented, AI gives defenders a fighting chance to stay ahead of evolving threats.

The Dark Side: AI as Cyber‑Weapon

However, the flip side is equally important — cyber adversaries are also leveraging AI, and often with less scrutiny, fewer guardrails and far more creativity. Some of the key ways AI is being weaponised:

  • Highly‑targeted phishing & social engineering — Generative AI can craft phishing messages that mimic the language style of known contacts, incorporate personal data, and scale the volume of attacks. eipnetworks.ca+1

  • Deepfakes & impersonation — Audio, video or image forgeries built using AI undermine trust and enable impersonation of executives, trusted partners or institutions. eipnetworks.ca+1

  • Automated malware / adaptive attacks — Attack tools now can use AI to evade detection, adapt behaviour based on the target environment, or autonomously explore networks. People Tech Group+1

  • Lowering the entry‑barrier — AI makes sophisticated attacks feasible for less‑skilled actors. This democratisation of threat capability multiplies the number of potential attackers. Thoughtworks+1

  • Large‑scale orchestration & speed — Attack campaigns can execute at speed and scale, with AI optimising targeting, timing and evasion. KnowBe4 Blog+1

In essence: criminal actors are wielding the same toolkit (AI/ML) as defenders — but they often face fewer constraints and have much to gain.

Why the Duality Matters

This “friend and foe” duality has profound implications:

  • Arms‑race dynamic — As defenders deploy AI, attackers respond with smarter tools; as attackers use AI, defenders must keep up. The pace of innovation is rapid.

  • Trust and authenticity are at risk — With deepfakes, generative text and voice cloning, the human component of “Is this real?” becomes harder to answer.

  • Defence complexity increases — Organisations must not only adopt AI‑driven defences, but also think about AI risk in tools they deploy, the ethical implications, and the potential for misuse.

  • Attack surfaces expand — With more AI‑powered systems (chatbots, assistants, automation) being deployed in enterprises, each becomes a potential vector or misuse point.

  • Regulation, policy and ethics gain greater weight — Because AI is being used both defensively and offensively, clear governance, accountability and transparency become more critical. The Official Microsoft Blog

Practical Steps: What Organisations Should Do

Given this landscape, organisations (and individuals) should adopt a layered approach:

  1. Invest in AI‑powered defences, but with a strong foundation of hygiene: patching, access management, multi‑factor authentication, user‑awareness training.

  2. Monitor AI risk — Treat new AI‑enabled systems as potential attack surfaces (e.g., exploit of your own AI chatbots, model‑injection, prompt‑injection). KnowBe4 Blog+1

  3. Use anomaly detection & behavioural analytics — Leverage AI to complement human SOC (Security Operations Center) functions.

  4. Educate users — Because humans remain a major vulnerability, training staff to recognise phishing, deepfakes, suspicious activity remains essential.

  5. Prepare incident‑response for AI‑enabled threats — Simulate scenarios such as deepfake fraud, AI‑driven malware/unusual lateral movement.

  6. Collaborate & share intelligence — Given the scale and sophistication of AI‑powered threats, public/private sector collaboration, threat‑intelligence sharing and standardisation magnify defence.

  7. Govern responsibly — Ensure your AI tools are transparent, auditable, and that you understand their behaviour and fail‑modes; ensure vendor risk is managed.

  8. Assume adversarial AI — Build with the understanding that attackers may have AI‑tools too, and design your defences accordingly (e.g., adversarial‑testing your own models).

Looking Ahead: What’s Next?

  • AI‑agents / autonomous threat actors — Some warnings note that AI‑agents (self‑learning systems that plan and execute without much human input) may become a frontier for attackers. KnowBe4 Blog

  • Deepfake economy & synthetic‑identity crimes — As generative models improve, synthetic identities, voice clones and AI‑driven impersonation will become more pervasive.

  • AI vs. AI on both sides — We’ll likely see defenders’ AI battling attackers’ AI in real time — model against model.

  • Regulation, ethics & trust frameworks — As AI capabilities grow, so will scrutiny. Policies that govern nation‑state behaviour, corporate duties, AI‑model use will play a bigger role. The Official Microsoft Blog

  • Integration of AI in critical infrastructure — While this gives huge benefits, it also raises systemic risks: compromise of AI‑systems in industrial, energy, health or governmental networks could have major consequences.

Conclusion

AI is neither a panacea nor merely a new risk — it’s a transformative force. As a defender, embracing AI with eyes open to its risks is critical. As an adversary tool, AI is changing the shape of cyber‑crime, making what was once specialist now more accessible. In this new era, the question isn’t just whether AI is friend or foe — it’s how we control the narrative, deploy the right safeguards, and ensure that on balance, AI remains a tool for defense rather than dominion.

Daniel Eaton
Next

Windows 10 End of Life Is Coming: What It Means for Your Business and What to Do Next