Subhalakshmi Ganapathy, the Chief IT Security Evangelist at ManageEngine, says, by simulating threats, auto-remediating incidents, and decoding attacker tactics, AI empowers organisations to stay ahead of adversaries

How is generative AI being utilised to enhance cybersecurity measures today?
Generative AI is redefining cybersecurity’s future, transforming defenses from reactive to predictive. By simulating threats, auto-remediating incidents, and decoding attacker tactics, it empowers organisations to stay ahead of adversaries. Yet, its true power lies in harmonising human expertise with machine speed—augmenting analysts to focus on strategic risks, not routine alerts. As AI-generated attacks surge, the same technology becomes a double-edged sword, demanding ethical frameworks to prevent misuse.

Forward-thinking leaders must prioritise adaptive AI ecosystems that learn in real time while safeguarding trust. The next frontier isn’t just about stopping threats but fostering resilience through innovation, collaboration, and responsible AI governance. Cybersecurity’s evolution hinges on this balance.

What potential risks does generative AI introduce in the cybersecurity landscape, such as AI-driven cyberattacks?
Generative AI, while a powerful defender, also brings in sophisticated threats. While empowering defenses, it supercharges attacks: AI-crafted deepfakes erode trust, hyper-personalised phishing bypasses filters, and self-mutating malware evades detection. Adversaries leverage AI to automate exploitation, democratising sophisticated attacks for low-skilled threat actors.

Worse, AI models themselves become targets—poisoned training data or adversarial inputs can corrupt defensive systems. This arms race erodes the asymmetrical defenders once relied on. Leaders must confront the paradox: the tools fortifying security also weaponise threats. Mitigation hinges on AI-augmented threat hunting, adversarial testing of models, and global collaboration to govern AI’s ethical use. Proactive resilience, not just reaction, is the new imperative.

How can organisations leverage generative AI for proactive threat detection and response?
Generative AI enables organisations to shift from reactive to anticipatory cybersecurity by synthesising intelligence and automating precision. By training models on historical and synthetic threat data, AI identifies subtle attack patterns—like zero-day exploits or insider risks—before they escalate. Real-time behavioral analysis flags anomalies in user activity or network traffic, while AI-driven simulations stress-test defenses against evolving adversarial tactics (e.g., AI-generated phishing lures).

Automated playbooks powered generative-AI tools, instantly quarantine threats and patch vulnerabilities, slashing response times. Crucially, generative AI augments human teams—curating actionable insights from noise—enabling analysts to prioritise high-impact risks. The key lies in ethical, explainable AI frameworks that balance autonomy with oversight, fostering trust in machine-augmented defense.

What ethical concerns arise when using generative AI in cybersecurity, and how can they be addressed?
Ethical AI in cybersecurity isn’t just about security; it’s about building a future where security and rights coexist. The ethical frontier of generative AI in cybersecurity demands rigorous introspection, particularly regarding data provenance. The AI’s very efficacy hinges on the data it consumes, a double-edged sword. What type of datasets are ethically sound, and what would constitute a privacy minefield?

We must move beyond mere technical accuracy and embrace ethical precision. Training AI on sensitive, personally identifiable information, or data reflecting historical biases, risks perpetuating and amplifying societal inequalities within security systems. This demands a paradigm shift: prioritising anonymised, representative datasets, and rigorously auditing training data for potential biases.

What challenges do cybersecurity teams face when integrating generative AI tools into their workflows?
Integrating generative AI into cybersecurity workflows presents a formidable challenge: balancing innovation with operational integrity. The crux of the issue lies in the accuracy of AI-driven remediation. Inaccurate detection breeds false positives, overwhelming SOCs and eroding analyst trust. More critically, flawed remediation suggestions risk catastrophic configuration changes, impacting employee experience and potentially crippling critical infrastructure.

Imagine AI incorrectly disabling a crucial user account or altering vital system configurations. This necessitates a paradigm shift: AI as an augmentation, not an automation, tool. Rigorous testing, human-in-the-loop protocols, and granular control are paramount. We must avoid the allure of fully automated remediation instead of focusing on AI as a powerful analytical tool that empowers human decision-making. The future of AI in cybersecurity hinges on cautious integration, prioritising accuracy and control to prevent unintended consequences.

Are there any notable examples of generative AI successfully preventing or mitigating cyberattacks?
While the vision of AI autonomously repelling cyberattacks captivates, the reality remains a journey, not a destination. We’ve achieved a pivotal advancement: AI’s prowess in threat detection. However, the full spectrum of AI-driven mitigation remains largely theoretical, confined to controlled environments and phased deployments. Enterprises are cautiously navigating this landscape, recognising the potential but wary of the unknown.

We stand at the cusp of a paradigm shift, where AI’s predictive capabilities could preemptively neutralise threats. Yet, true realisation requires meticulous testing and controlled integration. The focus must shift from isolated detection to a holistic, AI-powered security ecosystem. The future holds immense promises, but responsible innovation demands a measured approach, acknowledging that the AI-driven cybersecurity revolution is still in its nascent stages.

How do you see generative AI evolving in the cybersecurity domain over the next few years?
The trajectory of generative AI in cybersecurity points towards a significant evolution, primarily aimed at alleviating the chronic resource shortage plaguing Security Operations Centers (SOCs). We’re witnessing a shift from reactive to proactive security, where AI’s extensive training and Retrieval Augmented Generation (RAG) capabilities will dramatically reduce incident investigation times. By seamlessly integrating data from disparate ecosystems, AI will provide enriched, contextualised insights, empowering analysts to make faster, more informed decisions.

This evolution will not be about replacing human analysts but about augmenting their capabilities. AI will become a powerful force multiplier, automating mundane tasks and freeing up human experts to focus on complex, strategic threats. We’ll see AI evolving into a sophisticated threat intelligence platform, capable of predicting and preempting attacks rather than merely reacting to them. The future of cybersecurity will be defined by a collaborative partnership between human intelligence and AI’s analytical prowess.

What role does human oversight (HITL) play in ensuring generative AI systems are effectively managing cybersecurity threats?
In the dynamic realm of cybersecurity, generative AI serves as a powerful ally, but its efficacy is fundamentally dependent on human oversight. AI excels at processing vast datasets, identifying anomalies, and automating routine tasks. However, it lacks the nuanced understanding of context, ethical considerations, and strategic adaptability that human analysts possess.

HITL ensures that AI-generated alerts are validated, false positives are filtered, and complex threats are accurately assessed. It’s the critical bridge between algorithmic precision and human intuition, ensuring AI remains a tool, not a replacement, for strategic security. Furthermore, human oversight is vital for mitigating bias in AI models and adapting to the ever-evolving threat landscape, ensuring ethical and effective AI deployment

How can smaller organisations with limited budgets incorporate generative AI for cybersecurity?
For resource-constrained organisations, AI cybersecurity isn’t a luxury, but a strategic imperative. The key lies in intelligent deployment. Embrace MSSPs as force multipliers, gaining access to sophisticated AI defences without prohibitive capital expenditure. Prioritise targeted AI applications, focusing on high-return areas like phishing and anomaly detection, thus maximising impact with finite resources.

Democratise AI access through open-source tools and AI-infused security platforms. Crucially, cultivate an AI-literate workforce. Investing in targeted education ensures these tools are leveraged effectively, transforming potential into tangible security gains. This isn’t about mere adoption; it’s about strategic empowerment, turning budgetary constraints into a catalyst for innovative security.

What best practices would you recommend for implementing generative AI tools while minimising risks?
To truly unlock generative AI’s cybersecurity potential, we must build a fortified framework, not merely deploy tools. Foundational to this is rigorous data governance, ensuring AI’s intelligence is built on pristine, unbiased data. Continuous model vigilance is non-negotiable; constant monitoring and evaluation are essential to preempt performance drift and bias.

Human-in-the-loop protocols are the linchpin, guaranteeing that critical decisions remain anchored in human wisdom. Proactive risk assessments and relentless security testing transform vulnerabilities into strengths. Transparency, woven into the AI’s decision-making fabric, builds trust. Clear policies and procedures, coupled with a commitment to staying at the forefront of AI evolution, ensure adaptability in a rapidly changing threat landscape. This holistic approach empowers organisations to harness AI’s transformative power, not as a gamble, but as a strategic, risk-mitigated advantage.