When generative AI hit the scene almost three years ago, a concern among security teams and MSSPs was that bad actors would use the technology to create more convincing phishing messages.
That proved to be a real concern. A report released this month by
Yubico, an authentication security vendor, highlighted that most people can’t distinguish whether a phishing message is written by AI or a human.
The results in Yubico’s annual
Global State of Authentication survey reflect that there is a disconnect between how companies perceive the security of their environments and their actual cybersecurity habits, according to the company with headquarters in Stockholm, Sweden, and Santa Clara, California.
It’s also another proof point in how the use of AI by threat actors is changing the cybersecurity landscape and the need for organizations and MSSPs to embrace the technology in what is essentially turning into an
AI arms race.
“In a world that’s more connected than ever, the landscape of cybersecurity threats is constantly evolving,”
Ronnie Manning, chief brand advocate at Yubico,
wrote in a blog post. “Bad actors, now supercharged with artificial intelligence ... are becoming increasingly adept at exploiting human error through sophisticated phishing and social engineering attacks. This makes robust cybersecurity a universal issue, impacting everyone from individuals to the largest global enterprises.”
Convincing Phishing Messages
In the survey conducted by
Talker Research, 46% of the 18,000 people surveyed could correctly identify that it was written by AI when shown a phishing message. The remaining 54% either thought it was an authentic message written by a human or were unsure, according to the Brooklyn, New York, research company.
In addition, the age of those surveyed didn’t seem to make a difference in the results. For Gen Z, 45% were able to recognize the phishing attempt, about the same for Millennials (47%) and Gen X and Baby Boomers (both 46%).
AI vs. AI
That said, the threat of AI-written phishing messages is just part of an ever-expanding environment where defenders are deploying AI to protect against AI-based attacks. It’s an AI vs. AI contest that cybersecurity vendors like
CrowdStrike are putting into perspective.
“The AI battleground is here,”
Beth Williams, senior technical product marketing manager, and
Luis Gil, offensive security lab engineer
, wrote in August. “Adversaries are weaponizing AI to launch attacks with unprecedented scale, speed, and effectiveness. In response, defenders are turning to AI as an analyst force multiplier, using it to offload repetitive tasks, accelerate decision-making, and scale expertise across the SOC.”
AI and Cybersecurity Transformation
IT services provider
Kyndryl, this summer, pointed to “five interconnected transformations” that are driving a rapid evolution in cyber risk for organizations, with the rise of AI being the most significant. (The other four are the AI-driven disruption of the workforce, evolving geopolitical tensions, the coming quantum computing era, the need for better cryptographic agility, and the increasing fragility of foundational digital infrastructure.)
In a nine-page report,
Cybersecurity at a Historic Inflection Point: Navigating the Converged Threats of the Digital Age,
Kris Lovejoy, Kyndryl’s global security and resiliency practice leader, wrote about the “twofold” impact of AI.
“On one side of this new battleground, adversaries leverage Generative AI for sophisticated social engineering and to create adaptive malware,” Lovejoy wrote. “Simultaneously, AI-enabled malware is being deployed that can analyze its environment, identify security tools, and dynamically alter its code to evade detection.”
Arming the Defenders
On the other side are corporate security teams, MSSPs, and other defenders that are fighting AI with AI.
“Defensive algorithms now sift through trillions of data points to identify subtle anomalies indicative of an attack, shifting security teams from a reactive to a proactive posture,” she wrote. “AI-driven Security Orchestration, Automation, and Response (SOAR) platforms are automating the triage and containment of common threats, freeing up human analysts to focus on novel incidents.”
On the horizon is a “paradigm of autonomous warfare”
driven by AI agents, she added.
New York City-based Kyndryl, which spun out of IBM in 2021, said organizations need to continue to invest in AI-powered defenses for threat hunting, anomaly detection, and automated response, and create programs to ensure the secure development and deployment of internal AI.
An Expanding Role for MSSPs
MSSPs will play an increasingly large role as this AI arms race expands, according to
Tony de Bos, vice president of security and resiliency at Kyndryl
“The cybersecurity landscape is shifting from isolated threats to systemic risks, driven by AI, geopolitical fragmentation, and infrastructure fragility,” de Bos told MSSP Alert. “In this environment, MSSPs must evolve from reactive defenders to strategic partners focused on keeping customers resilient against threats. Given the rising number and sophistication of cyberattacks, MSSPs are poised to play an even more critical role for enterprises, including mid-market businesses that face enterprise-grade threats without enterprise-scale resources.”
He said as the threat landscape becomes more complex and the shortage of cybersecurity talent expands, organizations increasingly rely on MSSPs, MSPs, and other service providers, including Kyndryl. It’s part of the ongoing shift from do-it-yourself security to co-managed and fully managed models, driven by factors such as the talent gap, economic pressure, and complex regulatory requirements.
Closing the Gaps
To rise to the occasion, MSSPs must close critical gaps, de Bos said.
“This means securing AI systems by establishing governance frameworks, implementing red-teaming capabilities, and developing secure prompt engineering practices,” he said, adding that “workforce transformation is essential, which involves upskilling talent for AI-era roles and strengthening insider threat programs.”
They’ll also need to address other areas, including the need for quantum readiness via cryptographic inventories and planning for post-quantum migration, and aligning cybersecurity with operational resilience and “blackout response planning” to address widespread IT system failure due to cyber events.
