AI in Cybersecurity: Shield or Sword?

Introduction: the double edge of the new guard

For decades, cybersecurity has been a game of speed. Detect before they strike, patch before it explodes, respond before it escalates. Now, a new player has entered the match: artificial intelligence.

In theory, AI promises what we always dreamed of: analyzing millions of events in seconds, uncovering invisible patterns, and automating responses without human fatigue. But at the same time, it hands attackers the very same arsenal. A weapon that doesn’t rust or sleep, capable of generating convincing phishing, self-learning malware, and deepfakes that deceive both eyes and ears.

The question is no longer whether AI will help in cybersecurity. It’s more uncomfortable: what happens when the shield and the sword are, in fact, the same machine?

Act I – AI as Defender

In modern Security Operations Centers (SOCs), a human analyst can barely review a fraction of the noise generated by logs, alerts, and suspicious emails. AI changes that equation:

• Detects anomalies in network traffic that no human would ever notice.

• Automates incident triage so teams can focus on the critical.

• Learns from historical patterns to anticipate suspicious behavior.

Companies are already integrating machine learning models that cut false positives, accelerate response, and, in some cases, neutralize attacks without human intervention. For small businesses without large security teams, these tools are the equivalent of a digital army available 24/7.

Act II – AI as Attacker

The problem is that the enemy uses it too.

We’re already seeing phishing campaigns written by AI with no typos, tailored to each victim’s communication style. Malware has been observed retraining itself after each failed detection attempt—an evolutionary process no human programmer could replicate. And deepfakes have stopped being a curiosity to become real fraud: voice impersonations, AI-generated faces on video calls, messages exploiting people’s natural trust.

What once required months of work from an organized group can now be assembled by a lone actor with access to generative models. The incubation time of an attack has been drastically reduced.

Act III – The Opaque Guardian’s Dilemma

Delegating security to AI brings a dilemma that isn’t purely technical.

If a model blocks a legitimate transaction, who is responsible? The company that trained it, the team that deployed it, or the black box that made the decision without explanation?

Biases in training datasets can blind AI to new attacks or to those targeting under-represented groups. And the opacity of certain models makes it impossible to audit why a specific decision was made.

The risk is not just a technical failure but a vacuum of accountability. A perfect defense we cannot question is not security—it’s blind faith in an oracle.

Act IV – Toward Hybrid Defenses

The way forward may not be choosing between humans or machines, but embracing the necessity of hybrid systems.

• Explainability: demand models provide understandable traces of their decisions.

• AI red teams: test defenses using attacks generated by the same technology.

• Data governance: audit who trains what, with which datasets and controls.

• Human oversight: keep analysts in the loop, able to validate, correct, and learn from AI.

More than blind trust, it’s about using AI as a mirror that amplifies our abilities without replacing critical judgment.

Act V – A Pending Reflection

In an upcoming piece, I’ll dive into an uncomfortable exercise: thinking from the perspective of those who use AI to attack. Not to hand out recipes for crime, but to understand their logic, their new tools, and their motivations. Only by knowing that imagination can we design realistic defenses.

Cybersecurity is not about fortifying walls, but about imagining how someone might try to cross them. AI makes that game faster, more unpredictable, and more human than it seems.

Conclusion

Artificial intelligence is neither ally nor enemy: it is a force of amplification. Whatever it touches, it multiplies. It multiplies the capacity to defend—but also to deceive.

The great task is not deciding whether we use AI—that battle is already lost—but how we integrate it without losing the ability to question its decisions. The true risk is not that an algorithm makes a mistake, but that we obey it without understanding why.

In security, the worst vulnerability is not technical. It’s blind trust.

R. Adams