Artificial intelligence (AI) is rapidly changing the cybersecurity landscape, enabling both defenders and cybercriminals to automate tasks, accelerate operations, and improve effectiveness, according to cybersecurity firm Kaspersky.
While security vendors are increasingly embedding AI into their platforms to speed up threat detection and reduce analyst workloads, attackers are using the same technology to automate phishing campaigns, generate malware, and enhance social engineering tactics.
The result is what security experts describe as an escalating technological arms race.
Citing its own research, Kaspersky said 43% of organizations believe cybercriminals are already using AI to make their attacks more effective, while 21% think attackers currently hold the advantage in adopting emerging technologies.
“The question for enterprise security leaders is not whether to engage with AI, but how to implement it in a way that delivers genuine operational benefit rather than added complexity,” the company said.
According to Kaspersky, threat actors are now incorporating generative AI across multiple stages of cyberattacks, from creating convincing phishing emails to generating malicious code and improving the ability of malware to evade detection.
The company pointed to several recent investigations illustrating the trend. Among them was the RevengeHotels campaign, which targeted hospitality businesses in Latin America and reportedly used AI-generated code and phishing content to improve attack effectiveness.
Kaspersky also said AI has become a significant factor in financial-sector threats, helping attackers conduct more targeted fraud, social engineering, and market manipulation attempts.
Similar concerns have emerged in the entertainment industry, where AI-generated deepfakes and content fraud are becoming increasingly common.
“The common thread across these threat scenarios is speed and scale,” Kaspersky said. “AI removes the manual bottlenecks that previously constrained attackers.”
To counter these threats, cybersecurity vendors are increasingly integrating AI into detection, investigation, and response systems.
Examples include behavioral analytics that automatically identify suspicious login activity, AI-powered asset risk scoring, automated incident summaries, and virtual assistants that help analysts interpret complex security data.
Kaspersky said these capabilities can help security operations centers (SOCs) reduce investigation times and manage growing volumes of alerts without increasing staffing requirements.
The company also highlighted challenges organizations face when deploying AI in cybersecurity environments.
Among the key issues are poor data quality, fragmented security architectures, integration complexity, rising implementation costs, and skills shortages among cybersecurity personnel.
According to a 2025 Kaspersky survey, 99% of organizations planning to establish a SOC within the next two years intend to incorporate AI capabilities.
As AI adoption accelerates across industries, the company said organizations should focus on integrating AI into everyday security workflows rather than treating it as a standalone feature.
“The answer lies in integration,” Kaspersky said. “AI capabilities that operate in isolation, or that require significant manual configuration to function, add overhead without reducing risk.”
