Ivan Milenkovic, Vice President – Cyber Risk Technology, EMEA at Qualys, says, as much as generative AI can fortify security, it equally arms malicious actors with new tools

How is generative AI being utilized to enhance cybersecurity measures today?
Today, generative AI is used to bolster cybersecurity defences in a multitude of ways. It automates mundane tasks, sifting through vast data logs to identify potential vulnerabilities and weed out false positives (Gartner, 2021). More impressively, generative AI can predict emerging threats by simulating attack scenarios, helping teams spot anomalies before they escalate (Mandiant, 2022).

Compared with older rule-based systems, these AI models adapt in real time, learning from both benign and malicious activity to create dynamic defence postures. A notable example is Darktrace’s “Antigena” product, which uses self-learning AI to detect abnormal network behaviours. In 2018, it reportedly thwarted an insider threat by flagging unusual data transfers in a UK-based financial services firm (Darktrace, 2018). The technology reduced the manual workload on analysts by automating front-line triage, freeing human experts to focus on higher-level investigations.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
As much as generative AI can fortify security, it equally arms malicious actors with new tools. Sophisticated attackers are already deploying adversarial machine learning to bypass detection (Goodfellow et al., 2014) and using deepfakes to manipulate social engineering scams. One infamous example involved fraudsters using deepfake voice impersonation of a CEO to authorise a fraudulent wire transfer of approximately €220,000 from a UK-based energy firm in 2019 (Wall Street Journal, 2019).

This dark side underscores why cybersecurity leaders must remain vigilant. Generative AI can automate the creation of malware variants, obfuscate malicious code, or create entire networks of bot accounts capable of launching coordinated attacks (ENISA Threat Landscape, 2021). These challenges highlight the need for organisations to keep their AI defences on par with adversarial AI capabilities.

How can organizations leverage generative AI for proactive threat detection and response?
Given the growing dangers, organisations are increasingly using generative AI for proactive threat hunting. By training models on historical attack datasets, security systems can anticipate emerging vulnerabilities, formulate defensive strategies, and even recommend immediate containment measures (IBM X-Force Threat Intelligence Index, 2022). Generative AI excels at pattern recognition, which — when combined with behavioural analysis — helps security teams detect anomalies that conventional defences might miss.

Several Fortune 500 companies have begun deploying AI-driven “red team” exercises using synthetic data to simulate real attacks (Ponemon Institute, 2022). By synthesising new attack variants, these organisations can better train their detection algorithms and prepare incident response teams for novel threat scenarios.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
A critical ethical question arises when deploying powerful AI tools for cybersecurity: Where do we draw the line between data-driven intelligence and intrusive surveillance? Privacy concerns loom large, particularly when AI systems process personal information to identify potential insider threats (NIST SP 800-53, 2020). It is essential that organisations establish transparent governance structures, involving cross-functional teams from legal, compliance, and human resources.

These frameworks should clarify data usage policies, ensure algorithmic fairness, and reinforce accountability (European Commission, 2021, EU AI Act, 2024). Treating user data with respect whilst maintaining robust defences is not just a matter of compliance; it’s a moral imperative that, if neglected, can damage trust irreparably.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
Despite the allure of next-generation solutions, cybersecurity teams often face significant hurdles when incorporating generative AI. Firstly, there is a matter of technical complexity. Building models that accurately understand and adapt to evolving threats requires specialised expertise and substantial computational resources (Gartner, 2021). Secondly, legacy systems are mostly ill-equipped to handle the high data throughput AI demands, leading to integration bottlenecks (Mandiant, 2022). Then, there is a problem of inflated expectations. The hype around AI can cause organisations to invest in poorly scoped projects, hampering returns and morale (Ponemon Institute, 2022).

To combat these issues, teams should conduct thorough proofs of concept and collaborate with experienced data scientists to align capabilities with organisational needs.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
Several case studies highlight the growing success of generative AI in thwarting attacks. Darktrace reported detecting anomalous “beacon” traffic months before a known banking Trojan was publicly identified (Darktrace, 2019). Meanwhile, a large financial institution in Asia leveraged AI-driven user behaviour analytics (UBA) to pinpoint a suspicious spike in credential escalations, uncovering an elaborate insider threat that might otherwise have slipped under the radar (IBM, 2020). These incidents illustrate the transformative power of AI when integrated thoughtfully with security operations.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
Over the coming years, generative AI is expected to mature into an even more intuitive and autonomous guardian. As data collection methods expand and computational power grows (Ponemon Institute, 2022), AI models will become more adept at detecting zero-day exploits and adapting, on the fly, to novel attack techniques. Widespread adoption of AI systems that interact seamlessly with security analysts will facilitate real-time recommendations, and “self-healing” networks capable of automated patching are likely to become mainstream (Gartner, 2021).

However, we should brace for an escalation in AI-enabled cyberattacks as well (e.g. from near perfect deep-fakes, to far better personalised targeted attacks). This unfolding arms race underscores the importance of continuous innovation and collaboration between industry, academia, and government (ENISA Threat Landscape, 2021).

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
Human-in-the-loop oversight remains indispensable. Even the most advanced AI systems can produce false positives or overlook subtleties requiring human judgement (European Commission, 2021). Skilled analysts, especially those with deep domain knowledge, are needed to validate AI-driven alerts, fine-tune learning models, and account for socio-political contexts.

As a result, AI should be viewed as an extension of human capabilities rather than a replacement. A balanced combination of machine efficiency and human intuition results in the most effective security outcomes (Mandiant, 2022). Lastly, let’s not forget that emerging legislations (EU AI Act for example) might “insist” on having human decisions for certain privacy-critical aspects.

How can smaller organizations with limited budgets incorporate generative AI for cybersecurity?
Budget constraints need not bar smaller organisations from leveraging generative AI. A pragmatic step is to use cloud-based security tools with built-in AI features, offsetting the cost of on-premises infrastructure (Microsoft Azure Security Centre, 2021). Partnerships with managed service providers can also help smaller entities develop tailored AI strategies.

Starting with low-complexity use cases, such as automated phishing detection, can yield quick wins and free up resources to invest in more advanced capabilities. By focusing on modular, scalable solutions, smaller organisations can gradually expand their AI footprint without jeopardising financial stability.

What best practices would you recommend for implementing generative AI tools while minimizing risks?
To implement generative AI responsibly, organisations should embrace and follow industry good practices. A good example would be NIST SP 800-53. Basic steps should not be news to cyber-security professionals:

1. Establish a clear governance framework that outlines AI deployment goals, data usage policies, and oversight responsibilities.
2. Invest in robust training datasets to mitigate bias and ensure the AI can accurately detect real threats.
3. Enforce rigorous testing and validation procedures, including adversarial testing to identify potential exploits.
4. Maintain audit logs and version-control for the AI models, enabling swift rollback if necessary.
5. Finally, foster a culture of transparency by openly communicating to stakeholders how and why AI is used within the security apparatus.