AI in Cybersecurity: Defenders' Shield or Attackers' Spear?

At the recent Black Hat conference, a cornerstone event of the annual Hacker Summer Camp, a key debate emerged regarding the evolving role of artificial intelligence in cybersecurity: does it currently favor defenders or attackers? Mikko Hyppönen, then-chief research officer for Finnish security firm WithSecure, presented an optimistic, albeit temporary, view, suggesting that AI presently gives defenders an edge.

“I do believe that AI is the key [in security] because that’s one of the few fields where defenders are ahead of the attackers,” Hyppönen told the audience. He highlighted that while cybersecurity companies are extensively integrating generative AI into their products, attackers are only beginning to leverage the technology, with current AI-driven attacks remaining relatively simplistic. To illustrate, Hyppönen noted that in 2024, no AI systems were publicly known to have discovered zero-day vulnerabilities—critical software flaws unknown to developers. However, by mid-2025, researchers had already identified approximately two dozen such vulnerabilities using large language model (LLM) scanning, all of which have since been patched. He cautioned that as hackers increasingly employ AI for research, more discoveries are inevitable.

A contrasting perspective came from Nicole Perlroth, a former New York Times security correspondent and now a partner at Silver Buckshot Ventures. In a subsequent Black Hat keynote, she predicted that by next year, the advantage would likely shift towards offensive AI. Perlroth also pointed out the significant talent gap in the US security industry, citing 500,000 job vacancies—a statistic that drew rueful laughter from an audience acutely aware of the challenging job market.

Throughout the week, industry experts, including vendors, penetration testers, and those on the front lines of security, expressed a mix of optimism and skepticism regarding AI’s contribution. While many are positive about its potential, there’s a pervasive concern that the current defensive advantage won’t last indefinitely. Critically, no one surveyed anticipates AI systems being able to autonomously attack networks for at least another decade.

Presentations at the conference frequently touched upon AI tools for “red teaming”—simulating attacks to test network defenses. However, the consensus was that these tools are not yet fully trustworthy and are prone to basic errors if misused. Charles Henderson, an executive vice president of cybersecurity at Coalfire, emphasized that while his company uses AI tools, their effectiveness is severely limited without human oversight. He stated that “properly directed, AI does about 60 percent of the job,” making it excellent for lightening human workloads but unsuitable for taking over entire missions. Henderson explained that AI excels at detecting flaws, but its effective implementation is paramount; simply deploying AI tools without strategic human guidance is unhelpful, a point often overlooked by those overselling its capabilities. Chris Yule, director of threat research at the Sophos Cyber Threat Unit, echoed this sentiment, suggesting that AI should augment human skills rather than replace them, with machine learning systems needing clear, limited goals and human guidance for optimal use. This approach to red teaming also provides valuable insights into how future criminals might leverage these systems, allowing the security community to model and preempt potential attacks.

On the defensive front, the US government, through the Defense Advanced Research Projects Agency (DARPA), is actively investing in AI as a protective tool. DARPA recently awarded $8.5 million to three teams competing in its AI Cyber Challenge, a two-year contest aimed at creating AI systems capable of identifying and patching vulnerabilities without causing network instability. The grueling competition narrowed 42 teams down to seven, with the winning collaborative effort comprising top researchers from Georgia Tech, Samsung Research, the Korea Advanced Institute of Science & Technology (KAIST), and the Pohang University of Science and Technology (POSTECH). In the contest, the AI systems successfully discovered 54 and patched 43 of the 70 deliberately introduced vulnerabilities. More impressively, they autonomously identified 18 additional vulnerabilities—six in C and twelve in Java—and managed to patch 11 of them. The code developed from this challenge is now open-source, with more contests planned for the future. Elsewhere, sources noted AI’s particular aptitude for spotting SQL vulnerabilities, a common flaw, likely due to extensive training data.

A significant concern among attendees was AI’s potential impact on the job market. While some companies have reduced security staff, particularly in entry-level roles, others contend that the existing talent gap remains unaddressed. Chris Yule of Sophos argued that AI’s impact on security jobs has been overstated, suggesting it’s sometimes used as a marketing pretext for layoffs. He asserted that while AI has its uses, replacing entire segments of the security workforce is not currently feasible, and may never be. An anonymous CISO concurred, stating, “You’re never going to get past the human factor. [AI systems] are fine for crunching through data but human ingenuity is a tough sell at the moment, but that may change. But I trust my coders more than I trust an AI.”

For now, AI serves as a powerful augmentation tool in cybersecurity. As models continue to improve, the future landscape remains highly fluid, and experts are hesitant to make definitive predictions about its ultimate trajectory.