New defenses, new threats: What AI and Gen AI bring to cybersecurity

As cybersecurity incidents continue to rise, and threats like phishing, ransomware, and deep fakes become more sophisticated, organizations must strengthen their cybersecurity measures. 

In the latest report from the Capgemini Research Institute, New defenses, new threats: What AI and Gen AI bring to cybersecurity, explores the role that AI and Gen AI play in cybersecurity – both as a threat and a means of defense.

Rising cybersecurity threats and breach statistics

Our research shows that over 90% of organizations experienced a breach last year, a significant increase from 51% in 2021. The financial impact of these breaches over the last three years is severe, with around half of organizations reporting estimated losses exceeding $50 million.

How threat actors use AI and Generative AI

Threat actors use AI and Gen AI for more sophisticated attacks, including malware creation, social engineering, and phishing. An overwhelming majority (97%) of organizations reported security incidents related to Gen AI in the past year. Organizations must contend with an expanded attack surface due to risks such as prompt injection, vulnerabilities in AI-integrated applications, shadow AI, and internal misuse. Further, the entire lifecycle of Gen AI solutions from enterprise data collection and model customization to development and maintenance —must be secured.

Mapping and mitigating Generative AI risks

The value chain of Gen AI can be complex, involving multiple external parties and introducing diverse risks across its stages. A crucial element of developing a secure AI strategy is understanding the various risks the organization is responsible for mitigating.

The key to building trust in AI and Gen AI models lies in:

  • Understanding the use case
  • Mapping associated risks
  • Evaluating these risks
  • Implementing appropriate mitigation strategies

To secure Gen AI initiatives, organizations must identify and minimize risks at each stage of the AI pipeline. This structured approach helps ensure a robust and trustworthy implementation of AI systems while addressing challenges across the entire lifecycle.

Role of AI in strengthening cybersecurity defense

Despite the cybersecurity challenges related to AI and Gen AI, organizations increasingly rely on AI to strengthen their security measures. Three in five believe AI is essential for effective threat response, and many are seeing improved threat detection times. More than 60% of organizations believe Gen AI will strengthen cybersecurity in the long term.

Despite the cybersecurity challenges related to AI and Gen AI, organizations increasingly rely on AI to strengthen their security measures. Three in five believe AI is essential for effective threat response, and many are seeing improved threat detection times. More than 60% of organizations believe Gen AI will strengthen cybersecurity in the long term.

Building a secure AI-driven cybersecurity strategy

To safeguard operations, organizations must develop a clear strategy for integrating AI and Gen AI into existing security systems. This means:

  • Continuously reassessing the security landscape to identify new risks
  • Acquiring necessary infrastructure, including advanced data management systems and cloud computing resources
  • Establishing robust policies and governance to ensure data safety and integrity
  • Investing in AI and Gen AI-based solutions to enhance security operations center (SOC) systems
  • Providing comprehensive AI cybersecurity  training for employees
  • Fostering a culture of risk awareness among employees