The force awakens: What Gen AI means for the future of cybersecurity

While Gen AI is causing new cybersecurity risks to emerge, it also presents organizations with a powerful opportunity to boost their cyber defense strategies for the long term. Our recent report, New Defenses, New Threats: What AI and Gen AI Bring to Cybersecurity, explores how Gen AI may be used to do just that.

What’s everyone saying?

• The emerging cyber threats posed by Gen AI are becoming increasingly apparent. A striking example occurred in Hong Kong in February 2024, when a finance worker at a multinational firm was tricked into paying out $25.6 million by fraudsters who posed as the company’s CFO during a video call using deepfake technology.
• What is less commonly known is that Gen AI can also significantly improve cybersecurity. While many organizations sense this potential, they often lack the expertise to harness it to their benefit. 

What do we have to say?

• Cybersecurity incidents are on the rise. A surprising 92% of organizations experienced a breach last year, up from 51% in 2021. The financial impact of these breaches is severe, with around half of organizations reporting estimated indirect and direct losses exceeding $50 million over the last three years. And Gen AI is increasingly used by malicious actors to enhance their attacks.
• In fact, Gen AI allows for more sophisticated attacks, including malware creation, prompt injection, social engineering, and phishing. All in all, 97% of organizations report security incidents related to Gen AI in the past year, and 43% said they have suffered financial losses arising from the use of deepfakes.
• However, Gen AI also expands the cyberattack surface due to vulnerabilities in AI-integrated applications, shadow AI (the inappropriate installation and use of unsanctioned AI applications), and internal misuse.
• Organizations must, therefore, seek to secure the entire lifecycle of Gen AI solutions. This includes the initial data collection phase, where valuable, sensitive information is gathered, the customization of Gen AI models to specific business needs, and development and maintenance.
• They are increasingly aware of these heightened security risks and of the necessity to enhance their investment in cybersecurity measures.

• Despite the cybersecurity challenges, organizations also increasingly rely on AI to strengthen their security measures. Three in five believe AI is essential for effective threat detection and response, and more than 60% think Gen AI will strengthen cybersecurity in the long term.

• They are already noting that, by automating certain aspects of threat detection and response, Gen AI can help them respond to breaches faster. Additionally, many have begun experimenting with Gen AI to generate threat intelligence and vulnerability assessments.
• Despite these benefits, Gen AI’s training and operating costs remain a cause for concern and a potential barrier to adoption. Interestingly, fewer than 50% of organizations believe Gen AI can help them save costs.

Who’s doing it right?

• The applications of Gen AI for cybersecurity are countless, offering valuable solutions across all industries, as highlighted by two recent examples.
• Using our Gen AI Security Suite, a top electronics brand was able to create a secure product assistant chatbot, enhancing customer experience and driving sales.
• Similarly, a government agency used a Capgemini-developed AI risk framework toolkit to strengthen its AI risk management and ensure regulatory compliance.
• Head here to find out more about how leading organizations are driving secure innovation using Gen AI.

What’s the bottom line?

There are multiple actions organizations can implement to strengthen their defenses using Gen AI.

• Develop a Gen AI security strategy. AI and Gen AI have distinct applications: while the former can detect threats or anomalies, automate responses, and analyze large datasets, the latter can create realistic phishing simulations and develop scenarios for testing defenses. Organizations should thus develop a specific strategy to integrate Gen AI into existing security systems, evaluating long-term returns against expenses and conducting regular reviews of their cybersecurity strategy and AI policies to adapt to evolving threats.
• Continuously reassess the security landscape to identify new risks.
• Acquire the necessary infrastructure. Gen AI adoption requires advanced communications, data management, cloud computing infrastructures, specialized AI processors, and extensive data storage. Organizations can develop these upgrades in-house or purchase them from specialized providers.
• Establish robust framework and policies for data safety and integrity. This means building an integrated, scalable data platform and improving data quality while also addressing data governance, IP, bias mitigation, and responsible use. Establishing a dedicated team to oversee said governance is crucial.
• Integrate Gen AI-based solutions into existing security operations center systems, deploy AI agents into these operations, and continuously monitor and update Gen AI systems to defend against evolving threats.
• Create comprehensive AI training programs for employees and foster an understanding of Gen AI’s capabilities, limitations, and ethical considerations to ensure responsible use.
• Safeguard business processes and cultivate a risk awareness culture to ensure employees remain vigilant and proactive against security breaches and can swiftly recognize and report them.
• To harness Gen AI for cybersecurity, organizations need end-to-end solutions and a partner that can help them stay abreast of technological evolutions and innovate. This is key for preparing to face any threat and staying ahead of potential new risks.

Looking for more?

• As the new year approaches, find out what it may hold for Gen AI-powered cyberattacks and Gen AI’s role in decision-making in our TechnoVision Top 5 Tech Trends to Watch in 2025.
• In a recent point of view, our expert Christophe Menant dived into how to make better security decisions faster with Gen AI.

• Looking to protect and empower your Gen AI initiatives? Our Gen AI Security Suite is the go-to solution for seamlessly embedding security into your AI projects, allowing you to innovate confidently.

And you, what are you saying?

Has Gen AI impacted your organization’s cybersecurity strategy? Have you started experimenting with new ways to leverage AI to strengthen your cyber defenses? Join the conversation in the comments section below.