Harnessing AI in Cybersecurity: Lessons from Threat Actors
When Sun Tzu remarked, "To know your enemy, you must become your enemy," he could hardly have envisioned the profound implications this wisdom would have in the realm of artificial intelligence (AI) 2,500 years later. This perspective was resonated during the Gartner Cybersecurity and Risk Management Summit 2026, where analyst Leigh McMullen articulated a modern application of Tzu’s mandate. He emphasized that, in order to bolster cybersecurity defenses, it is imperative to comprehend the tactics and techniques employed by threat actors who are increasingly leveraging AI.
In recent years, malicious hackers have made remarkable strides in utilizing AI to orchestrate cyberattacks at unprecedented speed and scale. These advancements equate to a shift in the landscape of digital threats, putting pressure on security professionals to adopt similar techniques to safeguard their systems. McMullen highlighted that the processes employed by attackers do not need to be overly intricate or complex; rather, they present an opportunity for defenders to create effective countermeasures that mirror these tactics.
1. Upscaling Cyber Capabilities
One significant area where threat actors excel is in their ability to upscale their operations through AI integration. By enhancing their existing skill sets with AI, attackers can execute cyberattacks with greater speed, creativity, and discretion. This technology proves beneficial to individuals with varying skill levels: novices utilize AI to craft more effective attacks, while seasoned hackers leverage it to speed up convoluted digital assaults.
According to McMullen, defenders should likewise enhance their skill sets by incorporating AI into their cybersecurity strategies. By training AI models, security professionals can cultivate more effective systems for identifying threats, monitoring intrusions, and fortifying their defenses. Advanced AI solutions can support rapid detection, reducing the window of vulnerability that attackers exploit.
2. Strategic Target Selection
Another facet that cybercriminals are capitalizing on is AI-assisted target selection. McMullen explained that attackers often employ AI to meticulously research potential victims and the authority figures they aim to impersonate. This could involve training an AI agent to analyze data across the web, gathering personal information and communication styles of individuals to facilitate more convincing phishing attempts and other forms of deception.
However, security professionals can similarly harness AI for defensive intelligence. By deploying AI agents, defenders can evaluate the same information that attackers might exploit, enhancing their understanding of potential vulnerabilities. McMullen proposed the establishment of Retrieval-Augmented Generation (RAG) pipelines, which strengthen large language models by relying on pertinent external data. This could include developing custom threat intelligence feeds to track personally identifiable information (PII) breaches or monitoring targeting indicators related to key personnel.
3. Obfuscating Attack Techniques
Attack obfuscation is a growing trend among threat actors, as they increasingly use AI to camouflage their methodologies. McMullen pointed out that this tactic involves disguising their attack strategies to evade detection.
To counteract this, defenders can adopt similar techniques to confound attackers. McMullen suggested that security teams generate AI-driven synthetic data, diverting threat actors while concurrently gathering insights about their tactics, techniques, and procedures (TTPs). Tools like honeypots, imitation test ranges, and deceptive websites can lead attackers on fruitless ventures while simultaneously revealing valuable information to cybersecurity professionals.
4. Automating Routine Tasks
Lastly, McMullen noted that attackers often rely on AI to streamline time-consuming tasks. This includes executing living-off-the-land attacks and orchestrating automated sequences to enhance their operational efficiency.
Security teams can take a page from this strategy by automating many routine yet essential tasks. By delegating repetitive aspects of cybersecurity, such as monitoring threat activities, performing offensive testing, and governing security simulations, security leaders can allocate their time toward more strategic initiatives aimed at innovation and organizational growth.
Conclusion
While malicious actors have demonstrated the offensive capabilities of AI, defenders possess the tools and insights needed to level the playing field. By enhancing their skills through AI, sharpening their understanding of target selection, employing deception techniques, and automating mundane tasks, security teams can transition from merely reactive defenders to proactive adversaries in the digital landscape.
McMullen’s insights affirm that the best defense against cyber threats may very well lie in comprehending the mindset of attackers, adopting their methodologies, and leveraging them in a manner that fortifies security measures. In this ever-evolving battle against cybercrime, understanding the adversary is crucial—and as history shows, those who master their enemy’s tactics may emerge victorious.
Richard Livingston is an editor with Informa TechTarget’s SearchSecurity site, focusing on cybersecurity news, trends, and analyses.