Contact us
Placeholder for Andrea de santis Zr N5oxcg Lkw unsplashAndrea de santis Zr N5oxcg Lkw unsplash
AI in cybersecurity

The same technology making your defences smarter is making attackers faster

Artificial intelligence is reshaping cybersecurity on both sides of the equation. Understanding what that means in practice — and how to respond — is becoming a core competency for security teams across Europe.

For years, the security industry has promised that AI would transform threat detection. That promise is now being delivered — but not exclusively by defenders. Attackers are using the same technology to move faster, craft more convincing attacks, and scale operations that previously required significant human effort. The result is a more dynamic threat landscape than most organisations had planned for.

This is not a future scenario. It is the environment security teams are operating in today.

What attackers are doing with AI

The most visible impact of AI on the threat side is in social engineering. Large language models have effectively eliminated the language barrier that once made phishing emails easier to spot. Poorly worded requests from foreign senders were a reliable signal — one that no longer applies. AI-generated phishing messages are now grammatically flawless, contextually appropriate, and increasingly personalised using data scraped from public sources.

Beyond phishing, AI is accelerating several other attack patterns. Vulnerability research that once took skilled analysts days can now be partially automated, compressing the window between a vulnerability being published and an exploit being deployed. Malware is being generated and modified at speed to evade signature-based detection. And deepfake audio and video — once the domain of nation-state actors — are becoming accessible to less sophisticated threat groups.

"The barrier to running a sophisticated attack operation has dropped significantly. What required a team of specialists two years ago can now be partially automated by a moderately skilled actor."

For organisations, this means the threat surface is effectively expanding without any change on their side. The same controls that were adequate in 2022 may no longer be sufficient — not because the organisation changed, but because the cost and capability of attacking it did.

How AI is strengthening the defence side

The defensive applications of AI are equally real, and in many cases are already embedded in the tools that modern security operations centres run on. The difference is that defenders have to be right every time — which makes the application of AI somewhat more demanding than on the attack side.

Detecting what rule-based systems miss

Traditional security monitoring relies on known signatures and defined rules. AI-based detection looks for behavioural anomalies — patterns that deviate from a baseline in ways that are statistically significant, even if no rule has ever been written to catch them. This is particularly valuable for detecting lateral movement, insider threats, and novel attack techniques that have no prior signature.

In Nomios's SOC operations, AI-assisted analysis helps analysts triage a far larger volume of alerts than would otherwise be possible. The technology does not replace analyst judgement — it focuses it, surfacing the signals most likely to be meaningful and filtering out noise that would otherwise consume investigative time.

Accelerating incident response

When an incident does occur, time is the critical variable. AI tools can correlate events across multiple systems simultaneously, building a picture of an attack chain much faster than manual analysis allows. This compression of the investigation timeline — from hours to minutes in some cases — can be the difference between containing a breach early and managing a full incident.

Threat intelligence at scale

The volume of threat intelligence available to security teams has grown faster than the capacity to process it. AI makes it possible to ingest, correlate, and act on a much broader set of intelligence feeds — identifying emerging tactics and mapping them to the organisation's specific exposure before they are weaponised against it.

The strategic question for security leaders

Given this landscape, the relevant question for CISOs and security directors is not whether AI matters — it clearly does — but where to focus. Two priorities stand out.

The first is ensuring that your detection capability has kept pace with the evolution of the threat. If your SOC is still primarily rule-based, or if your analyst team is spending most of their time on alert triage rather than investigation, that is a gap worth addressing. The application of AI to detection and response is now mature enough to deploy in production environments with confidence.

The second is understanding your own AI risk exposure. Organisations adopting AI tools — in security or elsewhere — introduce new attack surfaces. AI models can be manipulated, poisoned, or bypassed. Understanding how AI is being used within your own environment, and what the associated risks are, is becoming a standard part of the security consulting conversation.

Nomios works with organisations across both dimensions — helping security teams develop a clear strategy for AI in their security programme, and operating the detection and response infrastructure that puts it into practice. If you are trying to understand where your current posture stands relative to the AI threat landscape, a structured assessment is usually the right starting point.

Get in touch

Is your security programme keeping pace with AI?

We help organisations understand their exposure and put the right detection and response capability in place. No obligation — just an honest conversation.

Placeholder for Portrait of young ethnic malePortrait of young ethnic male
Updates

Latest news and blog posts

Placeholder for Quantum Safe NetworkingQuantum Safe Networking
Nokia

Quantum Security Network security

Why quantum-safe networking needs to be on your 2026 agenda

Find out why quantum-safe networking should be on every IT leader's 2026 agenda and what practical steps to take now on encryption, key governance, and post-quantum cryptography readiness.

Vincent de Knegt
Placeholder for Vincent de KnegtVincent de Knegt

Vincent de Knegt

4 min. read
Placeholder for Accelerate25 blog heroAccelerate25 blog hero
Fortinet

SASE

FortiOS 8.0: Secure Networking in the AI Era

At Fortinet Accelerate 2026 in Las Vegas, Fortinet introduced FortiOS 8.0, the latest release of the operating system powering the Fortinet Security Fabric.

Michel Adelaar
Placeholder for Michel AdelaarMichel Adelaar

Michel Adelaar

2 min. read
Placeholder for HPE Juniper SRX400HPE Juniper SRX400
HPE

NGFW

Security from Core to Edge: HPE Juniper Networks Introduces the SRX400 Series

One of the most concrete announcements is the HPE Juniper Networking SRX400 series: a compact next-generation firewall that brings carrier-grade security to the edge of the network.

Richard Landman
Placeholder for Richard landman 1024x1024Richard landman 1024x1024

Richard Landman

3 min. read
 See all updates