Soon after OpenAI released ChatGPT three years ago, it became fairly clear to security teams and others in the cybersecurity industry that generative AI and everything that’s come after it – most recently AI agents – would play a central role in not only how organizations would protect their systems and data, but also how bad actors would use the technology in their own operations.
The result has been an acceleration in cybersecurity’s long-running cat-and-mouse game, with organizations using AI to combat the rapidly evolving AI-driven cyber threats, only to see bad actors maturing their tactics with new AI capabilities of their own. It’s created what many in the field refer to as an
AI arms race, and the rise of AI agents is only
adding fuel to the fire.
“AI is rapidly becoming the backbone of our world, promising unprecedented productivity and innovation,”
Charlie Bell, executive vice president of security for Microsoft,
wrote in a blog post this month. “But as organizations deploy AI agents to unlock new opportunities and drive growth, they also face a new breed of cybersecurity threats.”
Vendors continue to outline the security challenges and opportunities that AI presents and attempt to assess the impact the technology is having on organizations, seeking to provide greater clarity in a constantly evolving environment. Managed infrastructure provider
11:11 Systems looked to do just that in a recent report.
“AI is powering both attackers and defenders,” 11:11 Chief Experience Officer
Kaushik Ray told MSSP Alert. “On offense, it’s accelerating phishing at scale and adaptive malware; on defense, it’s improving anomaly detection and triage. The survey shows leaders are rightly concerned: 74% believe integrating AI could increase their vulnerability.”
AI is the Top Security Concern
The AI issue is among several aspects that the Fairfield, New Jersey, startup touched on in its survey,
11:11 Cyber Trends Report – 2025, with others including the ubiquitous nature, expense, and complexity of modern cyberattacks, varied approaches organizations take to cyber resilience, and incident recovery solutions that can help.
In the survey of more than 800 senior IT, security, and risk executives in North America, Europe, and Asia-Pacific, AI is a thread that wends its way through all of these topics. AI-based attacks are the top concern of IT security leaders, according to the survey.
“AI is transforming work as we know it, so it’s no surprise that it’s impacting cybersecurity as well,” the report’s authors wrote. “IT and business leaders are very aware of how AI is changing the cybercrime landscape, and many have already felt its effects.”
The survey also found that 74% of respondents say that using AI in their own business could make them more vulnerable to cyberattacks, while 66% of IT leaders worry that AI will make it easier for bad actors to attack their infrastructure and target their employees. In addition, 45% said they’ve experienced an AI-driven phishing attack, while 35% have been targeted in autonomous and mutating malware attacks.
The technology is also having an impact on the market for cybersecurity tools, with respondents saying advancements in AI and automation are the top growth drivers in the incident recovery market.
Use Enhanced Tools
According to 11:11, the number-one step for protecting against AI-powered attacks is to use AI-enhanced tools. Ray added that there are a number of areas organizations can invest in to deal with the burgeoning challenges, including prioritizing prevention and then recovery.
“When budgets force tradeoffs, consider frontloading spend into strong preventive controls – EDR [endpoint detection and response] and XDR [extended detection and response], managed detection and response [MDR], continuous risk scanning – because blocking the incident saves far more than optimizing a recovery you might not need,” he said.
Others, including investing in testing and runbooks and pairing prevention with trusted recovery, ensuring that organizations have “immutable, segmented copies and an on-demand clean room to investigate, remediate, and certify workloads before cutback,” Ray said. “This is how AI-assisted detection translates into verified, clean recovery paths.”
Closing the 'Confidence Gap'
11:11’s report also addressed what executives called a “confidence gap,” with 82% of companies experiencing a major cyberattack last year, while most also believe they’re well-prepared to recover from one. The gap “exists because recovery has become more complex than many teams anticipate,” he said. “The report shows that cyberattacks are pervasive, yet planning for cyber incident recovery is the single biggest hurdle, driven by integration sprawl, budget constraints, limited in-house expertise, and lack of access to clean room recovery.”
He added that “relying on outdated plans and hoping for the best isn’t the answer. Modernizing recovery with intelligent detection, air-gapped clean rooms, and tailored expertise is how you reduce risk and recover faster, every time.”
