The Next 24 Months Will Decide Who Survives the AI Cybersecurity War

Companies that fail to adapt to AI-driven threats won't just fall behind; they'll be exposed.

Faraz Weerabangsa | BSc in MIS (Special)

Write A Catalyst

· ~5 min read · April 28, 2026 (Updated: April 28, 2026) · Free: Yes

There was a time when cyberattacks required skill, patience, and technical expertise.

Not anymore.

Today, AI has completely changed the game, and not in a good way.

The barrier to becoming a cybercriminal has dropped so low that almost anyone with access to AI tools can launch an attack. You no longer need to master English, study hacking techniques for years, or craft believable phishing emails.

AI does it for you.

And that changes everything.

The Rise of "Effortless" Cybercrime

Think about phishing attacks for a second.

Before AI, attackers had to carefully write emails, often filled with mistakes, making them easier to detect. Now?

They can generate perfectly written, highly convincing messages in seconds, tailored specifically to you.

As Naveen Balakrishnan, Managing Director at TD Securities, puts it:

"Attackers now have access to incredible tools that allow them to search your public data, your personal information, and do very personalized deep phishing tactics. And it's incredible how much work is already done for them with very little effort."

That's the scary part.

Very little effort. Massive impact.

Speed + Scale = A Dangerous Combination

AI doesn't just make attacks easier, it makes them faster and bigger.

Hackers can now:

Generate malware at scale.
Automate entire attack campaigns.
Target thousands (or millions) of victims at once.

This creates a new kind of threat, one where speed becomes the biggest enemy.

David Cass, cybersecurity instructor at Harvard Extension School and CISO at GSR, shared a real-world example:

"I've had to work with companies where, in under 30 minutes, they've lost more than $25 million."

Thirty minutes.

That's not enough time to react. Sometimes, it's barely enough time to understand what's happening.

The Weakest Link? It's Not Always You

Most people assume cyberattacks happen because of internal weaknesses.

But in reality, a huge number of attacks come from somewhere else:

Third-party vendors.

"I think 70 percent of those attacks make it into our environment through our vendors," Balakrishnan explains.

Modern companies rely on dozens, sometimes hundreds of tools, platforms, and integrations.

Every connection becomes a potential entry point.

And attackers know exactly how to exploit them.

If You're Using AI… You're Also Exposed to It

Organizations today are rushing to adopt AI.

But here's the uncomfortable truth:

Using AI also introduces new risks.

Especially if you don't fully understand how it works.

To stay safe, companies need to start asking better questions:

How does this AI system make decisions?
What safeguards are in place?
How is model behavior monitored over time?
What happens when things go wrong?

Because right now, many AI tools are still young, evolving, and not fully governed.

The Hidden Threat Inside Your Own AI

It's not just external attacks you need to worry about.

Your own AI systems can be turned against you.

AI models learn from data. And if attackers manipulate that data?

They can poison the model.

David Cass explains it simply:

"If models are poisoned by attackers, they can become useless or worse, create entirely new attack paths"

Even more dangerous?

You might not even realize it's happening.

Instead, you'll trust the system… while it quietly feeds you the wrong information.

Why Humans Still Matter (More Than Ever)

With all this talk about AI, it's easy to assume machines are taking over cybersecurity.

They're not.

AI is powerful, but it's not perfect.

It can:

Hallucinate
Miss context
Be manipulated

That's why keeping humans in the loop is critical.

Human analysts can:

Catch inconsistencies
Question unexpected outputs
Stop attacks, AI might miss

In short, AI accelerates defense, but humans make it reliable.

The Good News: AI Is Also a Powerful Defender

It's not all bad.

The same technology attackers are using… defenders can use too.

Security teams deal with thousands of alerts every day. Sorting through them manually is slow and overwhelming.

AI changes that.

"Now you can get a skilled responder investigating within minutes," says Balakrishnan.

That speed can mean the difference between:

A minor incident
A multi-million-dollar disaster

The Black Box Problem

There's another issue many companies overlook:

They don't fully understand their own AI systems.

And that's a problem.

"AI can't operate as a black box," Cass warns.

Organizations need clarity:

What decisions is the AI making?
What actions is it taking?
What have we allowed it to do?

Because at the end of the day:

"You can never outsource your accountability." Cass continues

If something goes wrong, the responsibility still falls on you, not the AI.

The Talent Gap Is Real

AI isn't replacing cybersecurity professionals.

If anything, it's increasing the demand for them.

But there's a catch:

The skills required are changing fast.

"AI is solving lower-level problems, but it's not a replacement for people," Cass explains.

Every organization is different:

Different systems
Different configurations
Different vulnerabilities

That means human expertise is still essential.

But teams need to evolve.

"We really need to start upskilling and training people," says Jennifer Gold, CISO at Risk Aperture.

Because rolling out AI without proper training?

That's just creating new risks.

What's Coming Next?

The future of cybersecurity will be shaped by one thing:

The intersection of AI, business, and security.

We're entering a phase where:

New attack methods will emerge
"Shadow AI" will expand risks
Asset visibility will become harder
Regulations will increase

Even companies that track 90% of their assets face serious gaps.

"If you have 300,000 assets, that still leaves 30,000 unaccounted for," Cass points out.

And any one of those could be a vulnerability.

The Next 18–24 Months Will Define the Winners

According to Balakrishnan, we're heading toward a critical period.

Companies will need to:

Learn AI fundamentals
Build clear security playbooks
Define their risk appetite
Invest heavily in capabilities

Those who get it right?

They'll gain a massive competitive advantage.

Those who don't?

They'll fall behind or worse, get breached.

Final Advice: Master the Basics First

With all this complexity, the advice from experts is surprisingly simple:

Don't ignore the fundamentals.

"AI will evolve. But you must understand the basics," Balakrishnan says.

That means:

Securing emails
Strengthening firewalls
Understanding core systems

And then?

Keep learning.

Because cybersecurity isn't static and AI is only speeding things up.

One Last Thing Most People Overlook

Cybersecurity isn't just about tools.

It's about people.

"Build a strong network of security professionals," Balakrishnan advises.

Because the challenges you're facing?

Others are facing them too.

And sometimes, the best defense isn't just technology, it's shared knowledge.

If there's one takeaway, it's this:

AI isn't just a tool. It's a force multiplier for both attackers and defenders.

The question is no longer:

"Will AI impact cybersecurity?"

The real question is:

"Are you ready for how fast it already is?"

References

AI and the Future of Cybersecurity | Harvard Extension School

A panel of chief information security officers and cybersecurity leaders discuss the future of AI and cybersecurity.

harvard.edu

#cybersecurity #ai #artificial-intelligence #security #hacking

< Go to the original