AI

AI and the new threat landscape

AI is the most consequential force in security since the cloud — for attackers and defenders alike. Cutting through the hype, here's how offensive AI actually changes the game, and how defense adapts.

Charlie Kim Charlie Kim · May 28, 2026 · 10 min read

Every transformative technology is dual-use, and AI is no exception. The same models that help defenders triage billions of events also help attackers scale and sharpen their operations. The honest assessment in 2026 is neither the breathless "AI will end cybersecurity" narrative nor dismissive "it's just a tool" hand-waving. AI doesn't invent fundamentally new attacks — but it dramatically lowers the cost, raises the quality, and increases the scale of existing ones. That shift alone reshapes the threat landscape.

Let's look honestly at how attackers are using AI, the genuinely new attack surface that AI systems themselves create, and how defense is rising to meet it.

Offensive AI: cheaper, faster, more convincing

The clearest impact of AI on the attacker side is force multiplication. Tasks that required skill and time are now cheap and instant:

  • Social engineering at scale. Flawless, personalized phishing in any language, generated by the thousands — defeating the "spot the typo" defenses of old.
  • Deepfakes. Cloned voices and synthetic video enable convincing CEO-fraud calls and identity bypass against weak verification.
  • Reconnaissance and code assistance. Models help summarize a target's attack surface, adapt exploit code, and write malware variants faster.
  • Faster operations. AI compresses the time between getting in and doing damage by automating reconnaissance and decision-making.
AI doesn't give attackers new superpowers so much as it removes the friction from their old ones. The barrier to a polished, large-scale campaign has collapsed.

Crucially, the fundamentals still hold. AI-written phishing still needs you to click; AI-assisted malware still has to execute and can be detected behaviorally. The defenses don't become obsolete — they have to scale to match the new volume and polish.

The new attack surface: securing AI itself

Beyond AI-as-a-weapon, there's a second, deeper shift: organizations are racing to deploy their own AI systems — chatbots, copilots, autonomous agents — and those systems introduce entirely new vulnerabilities.

Prompt injection

The signature vulnerability of the LLM era. Because language models can't cleanly separate trusted instructions from untrusted input, an attacker can hide malicious instructions in data the model processes — a web page, a document, an email — and hijack its behavior. Indirect prompt injection is especially dangerous for AI agents that read external content and can take actions: a poisoned web page could instruct an agent to exfiltrate data or misuse its tools.

Treat model output as untrusted. If an AI agent can read attacker-influenced content and also take consequential actions, you have a confused-deputy problem. Never let model output trigger sensitive operations without validation, scoping, and human approval where the stakes are high.

Beyond injection

  • Sensitive data disclosure — models leaking secrets or PII from their context or training data.
  • Excessive agency — agents granted broad permissions that an attacker can hijack.
  • Supply chain and model poisoning — tampered models, datasets, or plugins introducing hidden behavior.
  • Insecure output handling — passing model output unsanitized into databases, shells, or rendered pages.
Colorful code representing AI systems and their attack surface

AI-assisted defense

The same capabilities that help attackers are, in practice, an even bigger advantage for defenders — because defense has always been a scale and speed problem. A SOC drowning in alerts is the perfect use case for AI.

  • Detection at scale. Machine learning correlates billions of events to surface the handful that matter, catching subtle behavioral anomalies humans would miss.
  • Triage and enrichment. AI assembles context, summarizes incidents, and drafts response steps, freeing analysts for the judgment calls.
  • Accelerated response. Automated playbooks contain threats in seconds, with human oversight on high-stakes actions.
  • Threat intelligence. Models digest vast volumes of intel into actionable indicators faster than any team could.

The winning model is human plus AI, not human versus AI: machine speed for the volume, human judgment for the decisions that carry real consequence.

Governance: the part everyone skips

As organizations deploy AI, security and governance can't be an afterthought. The practical foundations are unglamorous but decisive:

  • Inventory your AI. You can't govern what you can't see — including the shadow AI tools employees adopt on their own.
  • Classify the data flowing into and out of AI systems, and control what models can access.
  • Constrain agent permissions to least privilege and require human approval for consequential actions.
  • Test adversarially. Red-team your AI systems for prompt injection, jailbreaks, and data leakage before they ship.
  • Align to frameworks like the NIST AI Risk Management Framework to structure the program.

The bottom line

AI raises the ceiling on what both attackers and defenders can do. Attackers get scale and polish; defenders get the only realistic way to keep up with the resulting volume — plus a new surface they must now secure. The organizations that thrive will treat AI as both a powerful defensive ally and a system that itself demands rigorous security and governance. The fundamentals of good security still apply. They just have to move at AI speed now.

Charlie Kim
Charlie KimAI Security Researcher · S-Security

Charlie researches the security of AI systems and the use of AI in defense, from prompt-injection red-teaming to building detection models that scale a SOC. He helps clients deploy AI without opening new doors for attackers.

Keep reading

Related posts

Phishing email concept on a dark screen
PhishingJun 1, 2026

The 2026 phishing playbook

Where AI-generated lures and deepfakes hit hardest.
Red ransomware warning visualization
RansomwareMay 2, 2026

Ransomware-as-a-service: inside the criminal supply chain

How automation is compressing the attacker kill chain.
Blue cloud infrastructure visualization
CloudMay 8, 2026

The cloud misconfiguration epidemic

The settings AI-powered scanners find first.
Defend at AI speed

Put AI-driven defense — and AI governance — on your side

See how S-Security fuses AI detection with human threat hunters, and helps you secure the AI systems you're deploying.

Request a Demo Talk to Sales