AI has changed the attacker, here’s how to change the enterprise

By E-Yang Tang (pictured), Vice President, Security, Resiliency and Network at Kyndryl

Cybersecurity is at an unprecedented inflection point. Artificial Intelligence (AI) is now both a weapon and a shield, with attacks unfolding at machine speed. What was once a technical problem to be solved with perimeter controls is now a systems challenge, where models can accelerate both intrusion and defence.

You don’t need to look far for proof. Last year, a Hong Kong firm lost $25 million to a scam where attackers used deepfake technology to impersonate the company’s CFO in a video conference. As early as next year, real-time deepfake technology will be fully commoditised.

Businesses must anticipate how risks will accelerate and interconnect, then act as a single enterprise across security, technology, risk and operations. Treat AI as the red thread through controls, workforce and suppliers. The goal is no longer perfect prevention but faster sensing, decisive response and rapid recovery. Here are the key strategic imperatives to start with:

Shift from detection to machine-speed defence 

First, accept that manual triage will be outrun. Prioritise three moves that use AI on your side.

Fight AI with AI. Deploy AI-powered security tools capable of real-time threat hunting, anomaly detection, and automated response. These platforms don’t just react, they monitor internal and external, and learn continuously, adapting to emerging attack patterns that traditional tools cannot anticipate.

Harden digital trust everywhere, but most importantly where AI attacks bite hardest. Deepfakes and synthetic voice target finance approvals and privileged access. This demands stronger digital identity frameworks. Upgrade to phishing-resistant multi-factor authentication, add continuous verification, and proactive monitoring of misinformation risks. Treat trust as a  business asset that drives competitiveness.

Establish clear security standards for how data is sourced, models are trained and systems are continuously monitored once deployed. Appoint leaders such as AI risk strategists and AI governance leaders to translate technical risk into business decisions.

Re-tool the workforce for AI-first security

AI is reshaping the workforce as profoundly as it is reshaping the threat. Repetitive SOC tasks and code are being automated. The cybersecurity practitioner’s role will shift from alert handling to investigation, threat modelling and orchestration.

Meanwhile, economic pressure raises insider risk. Widespread layoffs have created a pool of skilled but financially stressed individuals, which raises the likelihood of insider misuse. By the end of 2026, it’s plausible that a sophisticated ransomware group will be staffed by alumni from mainstream tech companies, further increasing the operational sophistication of these groups.

Act now. Launch a workforce program that upskills and reskills your current workforce, train governors as well as coders in secure prompt engineering, model auditing and AI red-teaming. Re-evaluate your insider threat controls to balance monitoring with trust.

Treat supply chain as your primary attack surface

AI amplifies third-party risk. 30% of all data breaches now involve a third-party vendor — a figure that has doubled from the previous year — with supply chain attacks surging by over 400% since 2021. Adversaries now use AI to map partner ecosystems, generate tailored attacks at scale and weaponise open source components. Meanwhile, suppliers may also ship software that embeds models you cannot see.

Evolve third party risk management from questionnaires to continuous assurance. Make a software bill of materials (SBOM) a contractual requirement and further this with an AI Bill of Materials (ABOM), listing models used, versions, training data and sources. Scan vendor security postures with your own AI tools and weight procurement decisions in favour of vendors who expose model lineage and offer red team results.

Start post quantum work and align it with AI realities

Finally, quantum threatens today’s public key cryptography on a multi-year horizon, while AI accelerates near-term by helping attackers find weak crypto use and misconfigurations faster. Assume harvest-now, decrypt later is active and plan accordingly. Assume stolen encrypted data that contains sensitive intellectual property, financial records and health information will be readable in future.

Create a post-quantum workforce that includes application, identity and network owners. Conduct a complete inventory of all public-key cryptography across the enterprise. This inventory is the foundational blueprint of any migration plan and must be funded and prioritised as a critical undertaking. Use your defensive AI to monitor for downgrade attempts and unusual certificate behaviour during transition.

Cybersecurity has reached a historic inflection point. The choice is no longer whether to use AI in security, but how to govern it, how to defend with it, and how to preserve trust in a digital world increasingly defined by it.