CISOs Fear Speed of AI-Powered Cyberattacks

- Generative AI tools are a primary driver of a 1,265% increase in phishing attacks, with AI-generated phishing emails achieving a 78% open rate. Attackers use these tools to create highly personalized and convincing messages that mimic legitimate communications, significantly increasing their success rate. - Threat actors are now using AI for more than just phishing, including creating adaptive malware that can change to evade detection, automating the discovery of software vulnerabilities, and launching large-scale, multi-stage campaigns with minimal human oversight. For instance, the BlackMatter ransomware uses AI-driven strategies to evade traditional endpoint detection systems. - The speed of attacks has dramatically increased, with AI-powered tools able to crack 51% of common passwords in under a minute and execute complex, automated attacks in seconds that would traditionally take hours or days. This acceleration leaves security teams with a drastically reduced window to detect and respond to threats. - High-profile attacks have demonstrated the real-world impact of AI-powered threats. The DarkSide ransomware group used AI techniques in the 2021 Colonial Pipeline attack, and hackers used AI-generated SMS messages in a 2023 phishing campaign against Activision. More recently, state-backed actors have used Google's Gemini AI for reconnaissance to profile high-value targets. - Despite the growing threat, many organizations are unprepared, with 60% of IT professionals feeling their organizations cannot counter AI-generated threats. A 2026 report found that while 71% of CISOs say AI has access to core business systems, 92% lack full visibility into those AI identities, and 95% doubt they could detect misuse. - Deepfakes are a rapidly growing concern, with incidents increasing 680% year-over-year. These AI-generated audio and video files are used in impersonation scams, which cost the U.S. $12.5 billion in losses in 2023. In one notable example, attackers used an AI-generated deepfake voice call to steal sensitive data from the CEO of WPP. - Defenders are also turning to AI, with companies using AI-powered security able to identify breaches 108 days faster than those using traditional methods. Organizations that consistently use AI and automation in their cybersecurity efforts save an average of $2.2 million compared to those that do not. - A significant challenge for security leaders is the rise of "Shadow AI," where employees use unsanctioned AI tools that are integrated into enterprise systems. Three out of four CISOs have discovered unapproved AI tools running in their environments, often with embedded credentials that are not being monitored.