Artificial intelligence is transforming cybersecurity, but not in the way most organisations expected. The immediate danger is not machine autonomy but human intent, because AI is lowering the cost of attack, widening the pool of capable adversaries, and accelerating an arms race that was already asymmetrical.
For much of the last decade, public anxiety about AI has focused on the machines themselves. Popular culture has trained us to imagine scenarios where autonomous systems spiral beyond human control or where artificial intelligence evolves into something humanity cannot contain. Those concerns may eventually prove justified, but they obscure a more immediate and tangible risk. The most pressing threat today does not come from machines acting independently, but from humans using AI as a force multiplier for cybercrime.
André Baptista, former hacker and Co-Founder and CTO of Ethiack, has spent his career close to the mechanics of that reality. Before founding Ethiack, he built his reputation in the world of ethical hacking, identifying vulnerabilities in systems before attackers could exploit them. That background gives him a particularly clear view of how AI is changing the cyber threat landscape, not through futuristic breakthroughs but through the automation of familiar attack techniques. “We are living some interesting times,” Baptista says. “AI is appearing in multiple areas, not just cybersecurity but many others. What we are witnessing in cybercrime is automation at an unprecedented scale and speed. Attackers are using these tools to generate better phishing emails, develop malware in an easier way to avoid detection, and even write exploits to break into systems, sometimes even when they are just getting started.”
The implications extend far beyond technical innovation. Cybercrime has always depended on expertise, persistence and a degree of specialised knowledge, which naturally limited how many individuals could participate effectively. AI does not remove human intent, but it removes much of the friction that once constrained it.
“Attackers can give context to these models and the models help them achieve their goals,” Baptista explains. “Without the AI component they would need to spend much more time learning how to do it, or they would need to take courses or study the topic deeply. Now they can get assistance directly from these systems. That is why it becomes a challenge, because cyber criminals are using these tools to exploit people and systems with far less effort.”
The barrier to attack has collapsed
The most visible change in modern cybercrime is not necessarily the emergence of entirely new techniques. Instead, existing methods have become faster, more scalable and more convincing. Phishing, social engineering and reconnaissance have always been among the most effective tools available to attackers, but AI has raised the quality and volume of those attacks dramatically.
“In the past phishing emails were often easy to recognise,” Baptista says. “They contained spelling mistakes, strange grammar or translations that made them look suspicious. For example, in Portugal it was very easy to see when an email had been translated automatically. But with the models we have today, these messages are written extremely well. They adapt to language and context, and that makes it much harder for people to detect that they are under attack.”
The consequence is that the skill threshold for launching effective cyberattacks has dropped sharply. Techniques that once required specialist knowledge are now available to a much broader group of actors, including individuals with limited technical experience. “Previously attacks required elite skills and a lot of time to develop,” Baptista explains. “Now they are available to what we call script kiddies, people who might have very little experience but who can still launch effective attacks.”
This expansion of the attacker base is already visible in threat intelligence reports around the world. The UK’s National Cyber Security Centre has warned that AI is now being used by a wide spectrum of threat actors, from state-sponsored groups to independent hackers and hacktivists. For Baptista, the development highlights a deeper dilemma about the nature of technological progress.
“There is always a balance that we need to consider,” he continues. “Technology should be accessible because democratization creates innovation and opportunity. But at the same time, we need to think about the consequences. Tristan Harris talks about the concept of the narrow path, which is the balance between openness and responsibility. We should democratize these capabilities, but we should also set rules and think carefully about the outcomes of deploying powerful technologies.”
Ransomware becomes industrialised
The impact of AI is particularly visible in ransomware, where cybercrime has evolved into a sophisticated and highly organised industry. Ransomware groups already operate using business models that resemble legitimate technology companies, with developers, affiliates and service platforms supporting their operations. AI is accelerating that industrialisation by enabling attackers to automate more of their workflow.
“One of the trends described by the NCSC is that AI will accelerate ransomware and similar threats,” Baptista says. “These groups can now launch hundreds of simultaneous campaigns with minimal human oversight. They may exploit vulnerabilities and deploy ransomware faster than organisations can even patch their systems.”
Automation allows attackers to scale operations dramatically. Instead of focusing on a small number of carefully selected targets, criminal groups can launch widespread campaigns that scan for vulnerabilities across large numbers of organisations. The economics of cybercrime change when the marginal cost of each additional attack becomes close to zero.
“In many situations attackers can move faster than defenders,” Baptista explains. “They can identify a vulnerability and start exploiting it before the organisation even realises that it exists. That speed changes the dynamics of cybersecurity.”
Enterprises have responded by improving resilience measures such as backup strategies and disaster recovery planning, which can limit the damage caused by ransomware attacks. Baptista acknowledges those improvements but warns that they represent mitigation rather than prevention. “Organisations are definitely improving their security practices, especially when it comes to backups and recovery systems,” he says. “But attackers are also improving, and AI is helping them do that faster.”
When AI creates new vulnerabilities
One of the most uncomfortable aspects of the current AI boom is that organisations may be increasing their exposure to cyber threats through their own adoption of the technology. Businesses are racing to integrate AI capabilities into products and internal systems, often under intense competitive pressure. In many cases, security considerations struggle to keep pace with the speed of development.
“Most companies today are rushing to integrate these tools into their organisations,” Baptista adds. “They are incorporating AI models into workflows and applications, and sometimes they forget basic security and privacy considerations. They might not anonymize the data they are sending to these systems, for example.”
Beyond privacy concerns, AI-assisted development introduces a new category of risk through automated coding tools. The growing trend known as “vibe coding” allows developers to generate large amounts of software quickly using AI assistance, but the speed of that process can conceal hidden weaknesses.
“With AI generating code, APIs and web applications, organisations are introducing new assets into their attack surface,” Baptista explains. “Sometimes those systems are deployed without thorough review. That means there may be low-hanging vulnerabilities that another human or even another AI system will find very easily.”
The problem is not simply that insecure code exists, because insecure code has always existed. The difference is that AI can dramatically increase the speed at which new software is created and deployed, expanding the attack surface faster than governance processes can adapt.
Fighting fire with fire
If attackers are using AI to automate cybercrime, defenders must consider how to respond. Baptista argues that cybersecurity strategies need to move away from reactive approaches towards proactive and continuous testing of systems. “For many years cybersecurity relied heavily on defensive tools and perimeter monitoring,” he says. “That approach is no longer sufficient. Organisations need to identify vulnerabilities before attackers do, which means continuously testing their systems and prioritising the vulnerabilities they find.”
He compares the concept to preventative healthcare rather than emergency medicine. Waiting for something to break before responding is often far more expensive than detecting problems early. “You can think about it like digital health,” Baptista says. “When we have a health problem we go to the hospital, but sometimes the damage has already been done. If we perform regular check-ups we can detect problems earlier. In cybersecurity we need the same mindset, continuous check-ups of our systems.”
AI can play a crucial role in enabling those check-ups by automating penetration testing and vulnerability discovery across complex environments. However, Baptista cautions that defensive AI is not a universal solution, because attackers are constantly developing new techniques to bypass detection systems. “There will always be ways to evade security controls,” he says. “The objective is not to reach perfect security because that is impossible. The goal is to reduce the probability of successful attacks as much as possible.”
Humans in the loop
Despite the growing role of automation, Baptista does not believe AI will replace human cybersecurity professionals. Instead, he expects the industry to move towards hybrid models in which humans and machines work together. “We are shifting towards humans working side by side with AI agents,” he says. “AI can handle high-volume and repetitive tasks while humans focus on complex analysis, research and strategic decision-making.”
This collaboration could significantly increase the effectiveness of cybersecurity teams. AI can process vast quantities of data and identify potential vulnerabilities quickly, while human expertise remains essential for interpreting results and deciding how to respond. “In our work we see that AI can find vulnerabilities that humans cannot find, and the opposite is also true,” Baptista explains. “The best outcomes come when humans and AI work together. That is why I do not believe in AI replacing humans. It is complementary.”
The productivity gains could also help address one of the most persistent challenges in cybersecurity, the shortage of skilled professionals. Small teams supported by AI tools may be able to achieve far greater coverage than would otherwise be possible. “If you have five security researchers who use AI tools effectively, they can perform the work of a much larger team,” Baptista says. “That allows organisations to scale their security capabilities much more efficiently.”
Governance and responsibility
As AI becomes integrated into cybersecurity systems, questions of governance become increasingly important. AI-powered tools must be carefully designed to ensure that they behave ethically and do not create unintended consequences. “Guardrails are extremely important,” Baptista says. “If we are developing AI systems for ethical hacking, the models must behave responsibly. We do not want a model that misbehaves or performs actions that were never intended.”
Developers must also ensure that AI systems cannot easily be manipulated to produce harmful outputs. Techniques such as prompt injection attacks attempt to bypass the safeguards built into AI models, making continuous testing essential. “There is a lot of work being done to prevent models from generating malicious instructions,” Baptista explains. “But attackers are constantly looking for ways to bypass those safeguards. That is why AI red teaming is important, continuously testing models to identify weaknesses.”
At the same time, regulators and corporate boards are beginning to recognise the strategic implications of AI-driven cyber threats. Cybersecurity is no longer an isolated technical issue but a central element of organisational resilience. “Boards are starting to realise that AI is changing everything,” Baptista says. “Attacks are no longer measured in weeks or days. They can happen in minutes or hours. That means organisations must adapt and respond in real time.”
An endless arms race
Even with stronger defences and better tools, cybersecurity will remain an asymmetric contest. Attackers need to exploit only a single vulnerability, while defenders must secure every possible entry point. “That is the harsh reality of cybersecurity,” Baptista says. “Attackers need only one vulnerability, but defenders must find them all. That is why attackers always have an advantage.”
However, Baptista remains cautiously optimistic about the role AI can play in reducing risk. By accelerating vulnerability discovery and enabling continuous testing, AI may help organisations detect and fix weaknesses before they are exploited. “When humans and AI work together, we can reduce vulnerabilities dramatically,” he says. “Not to zero, because one hundred percent security is impossible, but we can reduce them almost to zero by identifying them earlier.”
The future of cybersecurity will therefore depend less on individual technologies than on how organisations integrate human expertise with machine intelligence. In Baptista’s view, the coming years will not be defined by humans versus machines but by humans working with machines on both sides of the conflict.
“I do not think the future will be human versus machine,” he says. “It will be humans with machines against humans with machines. Attackers will use AI and defenders will use AI. The difference will be how effectively organisations combine human judgment with machine capability.”
If AI has fundamentally changed anything in cybersecurity, it is the pace at which the battle unfolds. Attackers can now probe systems faster than ever before, and defenders must adapt to a world where the window for response continues to shrink. For organisations still treating cybersecurity as a slow-moving compliance exercise, the real danger may not be the intelligence of the machines but the speed at which those machines are now helping humans exploit every weakness they can find.
