By Sam Yan, Head of Sales for Asia Emerging Countries, Kaspersky
While cybersecurity companies leverage AI to enhance threat detection, cybercriminals are weaponizing the same technology for automated phishing and malware attacks —highlighted by the fact that 43% of organizations believe hackers are using AI-driven methods to boost their effectiveness. To stay protected, organizations must adopt AI-powered platforms rather than relying on isolated tools.
Artificial intelligence has firmly established its presence in enterprise cybersecurity. Solution providers are embedding it to accelerate detection, reduce analyst workload and counter attacks that move faster than human responders can manage. While cybercriminals are using it to automate reconnaissance, generate convincing phishing content and scale operations that would previously have required significant resources and expertise.
This symmetry is the challenge. Every AI-driven capability available to cybersecurity providers is also available, or adaptable, to attackers. According to Kaspersky data, 21% of organizations believe cybercriminals are ahead in the technology arms race, with 43% saying criminals are able to adopt new technologies like AI to increase the effectiveness of their attacks.
Security leaders need to understand how AI is being weaponized, invest in AI-powered protection that is genuinely integrated into daily security workflows and approach the organizational and technical challenges of AI implementation with the same rigor applied to any critical infrastructure decision.
AI-based threats: how cybercriminals are using AI
The adoption of AI by threat actors is systematic. Attackers are integrating generative AI across the full attack chain: automating the creation of phishing lures, generating functional malicious code, improving the evasiveness of payloads and making social engineering more convincing at scale. What previously required skilled human operators can now be replicated and scaled cheaply.
Kaspersky’s Global Research and Analysis Team (GReAT) documented this shift in detail through its investigation of the RevengeHotels campaign, which targeted hospitality businesses across Latin America. Threat actors incorporated AI-generated code into their malware development and delivery process, producing more convincing phishing content and more evasive payloads than earlier iterations of the campaign.
The financial sector has also felt the impact directly. Kaspersky’s analysis of financial threat trends in 2025 identified AI as a key enabler of increasingly targeted fraud, social engineering and market manipulation attempts, with attackers using AI to model victim behavior, craft more persuasive lures and probe infrastructure at a pace and scale that manual methods cannot match.
The entertainment industry tells a similar story. Kaspersky identified AI as the thread running through the most significant emerging risks facing studios, content platforms and rights holders in 2026, from AI-generated deepfakes and content fraud to AI-assisted probing of content delivery infrastructure.
The common thread across these threat scenarios is speed and scale. AI removes the manual bottlenecks that previously constrained attackers, compressing the time between reconnaissance and compromise, between identifying a target and deploying a convincing lure, and between creating a payload and adapting it to evade detection. For defenders, the response time advantage that once existed is eroding.
AI-based protection: how security vendors are responding
The cybersecurity industry has responded to the AI threat landscape by embedding AI throughout the detection and response lifecycle. Kaspersky has extended AI-driven capabilities throughout its portfolio enabling security teams to understand what is happening across their ecosystems, why it matters and what to do next, delivering richer, faster and more actionable intelligence without increasing the burden on analysts.
AI has the potential to deliver wide ranging advantages. For instance, behavioral correlation rules can be used to establish a baseline of normal login activity and automatically flag anomalous events, triggering account theft alerts without requiring manual analyst review of individual log entries. While AI-powered asset scoring can continuously evaluate for risk based on the sequence and context of detected security events across the infrastructure. Assets with unusual or correlated patterns receive elevated risk scores and are automatically categorized by severity helping teams focus limited resources where exposure is greatest.
In addition, AI-enabled incident summarization can explain the attack chain, initial vector and adversary actions in plain language. Analysts can use this to immediately understand what happened without manually reviewing large volumes of raw event data, directly addressing the investigation bottleneck that strains under-resourced SOC teams. Meanwhile, AI-based assistants can deobfuscate command lines, provide analytical explanations and produces concise investigation reports, reducing cognitive load and accelerating analysis, especially in complex, multi-stage incidents.
In addition to these capabilities, there are many other AI-powered features that further assist cybersecurity companies in creating comprehensive and resilient solutions against evolving threats.
AI implementation in infrastructure: challenges and key steps
According to a 2025 Kaspersky survey, nearly every company planning to establish a SOC within the next two years (99%) intends to enhance it with AI. However, many of these organizations face a distinct set of organizational and technical challenges when integrating this technology into their security infrastructure, and approaching these challenges without a clear framework risk compounding the very problems AI is meant to solve.
Data quality and telemetry coverage: AI detection and correlation capabilities are only as effective as the data they operate on. Fragmented architectures with siloed data sources produce inconsistent telemetry that limits AI effectiveness. Organizations must prioritize centralized data collection across endpoints, identity, cloud and network before AI-driven correlation can deliver meaningful results.
Integration complexity and total cost of ownership: AI capabilities introduced as isolated features within fragmented stacks add integration overhead without delivering unified operational benefit. Infrastructure requirements, API complexity and ongoing model tuning can multiply initial investment costs significantly. Enterprises should evaluate AI security capabilities not by feature lists but by how effectively the underlying platform consolidates telemetry, eliminates manual context-switching and reduces total operational burden.
Skill gaps and change management: AI tools that require deep technical configuration to operate effectively may widen rather than narrow capability gaps in under-resourced teams. The most operationally effective AI implementations are those that embed intelligence directly into analyst workflows.
Responsible AI governance: As AI becomes embedded in security operations, enterprises must also consider the governance framework governing those tools. Kaspersky has committed to responsible AI development as a signatory to the EU AI Pact, going beyond baseline compliance requirements and actively integrating principles of transparency, human oversight and risk-based governance into its AI practices.
The practical steps for organizations navigating AI integration are as follows: Consolidate telemetry into a unified platform before layering AI capabilities. Fragmented data limits AI effectiveness. Evaluate AI security tools based on workflow integration, not feature count. The measure is analyst time saved, not capabilities listed. Prioritize platforms where AI capabilities are built-in rather than bolted on, to minimize integration overhead and reduce TCO. Establish internal AI governance standards that align with emerging regulatory requirements and vendor accountability frameworks. Run phased deployments with measurable outcome baselines to validate AI impact before full-scale rollout
Building a resilient AI strategy
The question for enterprise security leaders is not whether to engage with AI, but how to implement it in a way that delivers genuine operational benefit rather than added complexity.
The answer lies in integration. AI capabilities that operate in isolation, or that require significant manual configuration to function, add overhead without reducing risk. AI embedded directly into unified detection and response workflows is where the operational gains are realized. Kaspersky Next Expert product line is built on this principle, embedding AI across detection, investigation and response within a unified platform designed to scale with enterprise environments without scaling headcount or operational complexity.
Organizations ready to transition from AI aspiration to AI implementation can discover how to make the process seamless with the dedicated Kaspersky’s expert guidance.