- Spear-phishing at scale: GPT-4-class models generate highly personalised emails using LinkedIn and company data.
- Automated vulnerability discovery: AI-assisted fuzzing is finding zero-days in enterprise software faster than manual research.
- Social engineering bots: Deepfake voice calls impersonating executives for BEC fraud have tripled since 2024.
- Alert triage: AI reduces analyst fatigue by summarising and scoring alerts before human review.
- Behavioural baselines: ML models detect insider threats and lateral movement that rule-based SIEM misses.
- Code scanning: GitHub Copilot and Cursor now surface security issues inline as developers code.
The Dual-Use Dilemma
AI is now embedded in both sides of the security equation. Attackers use LLMs to automate phishing at scale, write malware variants that evade signatures, and conduct recon across millions of targets simultaneously.
Defenders use the same technology to correlate alerts, summarise incidents, and recommend playbook actions.
Offensive AI in the Wild (2026)
Defensive AI Wins
The Bottom Line
AI doesn't replace security professionals — it changes the skills they need. At Shuraya Labs, we've integrated AI literacy into every course to ensure our graduates can leverage — and defend against — the new landscape.