Changing threat landscapes and artificial intelligence's evolving role in cyber defense have important lessons for defending against attacks.

February 26, 2024

4 Min Read
A screen showing technology icons such as keys, 0 and 1, and wireless signal, in hexagons.

By Jay Goodman, Director of Product Marketing, BlackBerry

Artificial intelligence (AI) already does incredible things: It can help doctors diagnose and treat patients, uncover risky transactions that may signal financial fraud, improve many aspects of the supply chain, and allow your streaming service to suggest what you might like to watch. Some of its most meaningful impacts today are in cybersecurity —  specifically in cyber defense.

That AI can learn, adapt, and predict rapidly evolving threats makes it an indispensable tool to protect businesses and governments. Spam filtering is a basic application of AI; a much more advanced application powers predictive analytics and AI-assisted response. AI plays a crucial role on the cybersecurity front lines, defending an organization's digital assets from threat actors.

The future for AI in cybersecurity is not wholly positive, however. There are already signs of a significant shift in attackers' favor, driven by the democratization of AI technology. While AI continues to empower organizations to build stronger defenses, it also provides threat actors with tools to craft more sophisticated and stealthy attacks.

The changing threat landscape and AI's evolving role in cyber defense have important implications for defending against attacks of the future.

AI in Cybersecurity: Phase One (2000–2010)

The turn of the millennium sparked a new age of digital transformation impacting both personal and professional spheres. Most organizations operated within tightly managed IT environments, relying on desktops, laptops, and on-premises data centers.

During this phase, cyber threats aiming to create chaos and notoriety took center stage. Malware like ILOVEYOU, Melissa, and MyDoom created global disruptions. Financial incentives led to the rise of phishing schemes and the Zeus banking Trojan targeting unsuspecting users.

Most organizations defended themselves with basic security measures such as signature-based antivirus software and firewalls. Network security introduced improved intrusion detection systems and the adoption of two-factor authentication (2FA).

Also during this phase, spam emails surged and AI emerged as a valuable tool for defenders. Despite skepticism, AI demonstrated unprecedented skill in identifying and quarantining suspicious messages, reducing risks, and restoring productivity. This was a hint at AI's potential to combat evolving threats.

AI in Cybersecurity: Phase Two (2010–2020)

During the second phase, the world experienced a major shift in IT infrastructure. The rise of SaaS applications, cloud computing, bring-your-own-device (BYOD) policies, and shadow IT expanded the attack surface for threat actors.

Threats also became more complex, with incidents like the Stuxnet worm and high-profile breaches at Target and Sony Pictures making headlines. Supply chain vulnerabilities, exemplified by the SolarWinds breach, and the rise of ransomware and wiper attacks further emphasized the need for scalable and accurate defenses. At this point, AI become an indispensable tool against cyberattacks.

Cylance, founded in 2012, integrated AI into cybersecurity, replacing legacy antivirus software with lightweight machine-learning models. AI's capabilities increased to include anomaly detection, behavioral analysis, and predictive analytics, enhancing defense mechanisms against sophisticated attacks.

AI in Cybersecurity: Phase Three (2020–Present)

Today, AI's role in cybersecurity is undergoing another profound transformation. A work-from-anywhere workforce and hyperconnected IT systems blur traditional security perimeters, amplifying the attack surface.

Also, while AI used to be solely a defensive tool, it now cuts both ways, wielded by adversaries and defenders. While mainstream generative AI tools like ChatGPT try to prevent malicious use of AI, tools like WormGPT emerge to aid attackers, surfacing new challenges in cybersecurity.

As AI evolves, organizations must adapt to its dual nature, embracing innovation to navigate the complexities of modern cybersecurity.

New AI-based threats include:

  • AI-generated phishing campaigns: Generative AI helps attackers craft harder-to-detect phishing emails.

  • AI-assisted target identification: Attackers are leveraging machine learning algorithms to efficiently identify high-value targets.

  • AI-driven behavior analysis: Malware empowered by AI can mimic normal user behaviors to evade detection.

  • Automated vulnerability scanning: AI-powered tools make autonomous network scanning for vulnerabilities easier than before.

  • Smart data sorting: AI can help threat actors select valuable information for exfiltration, reducing detection chances.

  • AI-assisted social engineering: Deepfake audio or video enhances the credibility of social engineering attacks.


The ongoing evolution of cybersecurity reveals the relentless innovation of threat actors and the imperative for defenders to remain vigilant and aware. AI is now transitioning into a dual role as both shield and spear, making the cybersecurity narrative new once again — and also more complex.

Fortunately, generative AI is becoming a powerful tool for defenders, offering a new lens to anticipate and counter the sophisticated threats of tomorrow. The future holds great promise for those prepared to embrace the evolving tapestry of AI-powered cybersecurity.

Related Reading

About the Author

Jay Goodman, director of product marketing at BlackBerry, is a direct, driven, enthusiastic, and engaged product marketing lead. Making the most of opportunities with customers by being a curious and thoughtful decision-maker is critical to being the highest impact team member that he can be. Telling the story to customers in a clear, concise, and relatable manner is Jay's most important skill, and he believes it is critical to find a common understanding as a product is brought to market.

Read more about:

Sponsor Resource Center
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights