As we kick off Cybersecurity Awareness Month, it's important to recognize how AI is already transforming cybersecurity on both sides of the cyber battlefield
By: Khaled Fawzy - Senior Country Manager for Egypt, Libya & Sudan, Fortinet
Wed, Oct. 1, 2025
As we kick off Cybersecurity Awareness Month, it's important to recognize how AI is already transforming cybersecurity on both sides of the cyber battlefield. While threat actors continue to use AI to enhance the volume, velocity, and sophistication of the attacks they deploy, truly novel AI-driven threats remain largely theoretical. Not every sensational claim about AI-powered cyberattacks reflects reality, yet it’s easy to get caught up in and be distracted by the headline-grabbing hype.
This month is a reminder that, as defenders, we must separate the signal from the noise concerning AI-enabled cybercrime. By evaluating what’s happening today to predict how attackers may evolve their tactics in the future, we’ll be better positioned to defend today and to anticipate and disrupt these operations.
Understand How Attackers’ Use of AI Will Evolve
It’s easy to assume that cybercriminals are using AI to create novel attack methodologies, however, the reality is that threat actors primarily use AI to enhance the efficiency and scale of existing techniques like social engineering and malware deployment. The technology is also lowering the barrier to entry for cybercriminals, enabling both novice and skilled threat actors to execute successful (and lucrative) attacks.
While AI may be today’s “easy button” for threat actors as they weaponize code and execute new techniques, its influence is much broader. AI is a driving force behind the dark web marketplaces, tools, and services that power the cybercrime ecosystem. The dark web expands yearly, with new Cybercrime-as-a-Service (CaaS) offerings constantly emerging.
This is partly due to the way the cybercrime economy has changed structurally. A decade ago, most cybercriminal groups managed the entire attack process themselves. Today, they operate like businesses with diversified roles. Specialized units handle development, testing, access brokering, and monetization separately. Initial access brokers sell compromised systems to buyers. Others focus solely on social engineering or deepfake generation.
Speed, Awareness and Visibility are of the Essence
A serious long-term concern is the speed with which these actors share successful methods and tools. Techniques developed by one bad actor are often adopted by others in a matter of weeks. Organizations are being driven to move faster than their security teams can keep up with.
The security team now has to deal with this new technology they don’t fully control - an app, an AI model, an AI workload, previously unseen dependencies and a whole new set of security risks.
Incidents can occur if an attack surface is rapidly expanded and security teams are not aware of the nuances. In addition, the ‘shadow AI’ effect - the use of unvetted AI tools by employees - may expose organizations to data leakage, model poisoning and compliance failures. Sensitive data may be fed into external models without adequate governance, creating major privacy and security risks.
Future Developments and the Impact on Cybersecurity Defenders
As security professionals chart their defensive strategies, it’s vital that we anticipate how AI will reshape cybercriminal tactics in the coming years.
Equally important is recognizing the fundamental pivots and likely challenges that this evolution presents for the entire industry. Beyond using AI to mine for fresh vulnerabilities, cybercriminals could easily use AI to develop new attack vectors. Even though this isn’t occurring today, it’s a concept that will inevitably become reality.
Finally, while a group of autonomous agent swarms conducting entire cyberattacks doesn’t seem plausible today, it’s crucial that the cybersecurity community monitors how threat actors are incrementally adopting automation to support their attacks.
As we anticipate how attackers might leverage AI in the future, it’s clear that countering more advanced AI-driven threats requires an evolution in defense. AI technologies can help us defend not just against AI-based attacks, but against any type of attack. AI gives us better visibility, deeper insights, faster reaction times and smarter automation. AI can analyse vast amounts of threat data in real time, detect subtle anomalies that would go unnoticed by humans and even respond autonomously to incidents.
Fortinet’s own approach integrates AI across the entire cybersecurity lifecycle, not as a bolt-on feature, but as a foundational capability. Rather than isolate AI in individual tools, its FortiAI roadmap embeds intelligence across the entire cybersecurity stack. AI is part of the Fortinet security fabric platform, where its components are aware of each other. They share data. They make decisions together. At Fortinet, AI are not just isolated tools, but an intelligent, coordinated system.
FortiAI applies AI to the three key pillars of cybersecurity: threat intelligence, security enforcement, and security operations. Each pillar has its own AI-driven focus, which together form the backbone of Fortinet’s integrated security fabric.
AI will continue to impact every aspect of cybersecurity. The evolution of cyber-defense includes emphasizing AI-powered threat hunting, hyper-automated incident response capabilities, and the potential rethinking of security architectures.
