Skip Navigation
BlackBerry Blog

The AI Standoff: Attackers vs. Defenders

One of the most notable trends in cybersecurity right now is an AI standoff between cyber threat actors and cyber defenders. While AI has the potential to help both attackers and defenders — in the short term, threat actors may have an advantage, as they can quickly adopt new techniques without worrying about production readiness.

However, over the long run, AI will likely equalize capabilities as defenders gain more context and build robust detection systems.

I recently discussed this during an episode of the Unsupervised Learning podcast hosted by Daniel Miessler and I’d like to explore the topic here briefly. 

AI for Cyber Threat Actors

Artificial Intelligence is rapidly changing the way we live and work and this is also true for threat actors. For example, unique malware is being created and launched at an astonishing rate as Generative AI helps speed its development. The team I lead at BlackBerry, our Global Threat Research and Intelligence Team, uncovered that attackers are now using nearly three unique malware variants per minute to target organizations. 

Threat actors understand that if they generate enough variations of their malware and tools, it makes detection much more difficult, especially for those still using legacy, signature-based solutions. This flood of new threats also challenges security teams, who must work to identify emerging risks in a chaotic digital environment.

Another area that is poised to get significantly worse is targeted phishing, which is developed through advanced artificial intelligence techniques. And when an AI-generated voice or video can impersonate a person in a convincing way, trusting any digital communication will become much harder. Defenders will need to analyze interaction patterns and look for anomalies to identify automated or synthetic interactions versus actual human interactions.  

AI for Cyber Defenders and Cybersecurity Teams

When it comes to AI and cybersecurity, there is some good news for cyber defenders. AI and machine learning are advancing detection and response, and this will greatly shorten the window attackers have to carry out their objectives while remaining unnoticed.

When considering an attack timeline from initial reconnaissance to final objectives, defenders have multiple opportunities to detect an attacker across each stage. While it’s true that attackers only need to succeed once to compromise a system, defenders can disrupt the attack at multiple points. AI tools along with the right sensors, policy enforcement, and response capabilities can help defenders architect an environment that makes a perfect, undetected attack very difficult to achieve. 

However, not all AI tools are created equally, despite the marketing claims around them. Some tools do a fantastic job stopping attacks before they can execute; others do not. Consider this independent test of real-world novel attacks on Endpoint Protection Platforms (EPPs), and you’ll see the difference can be significant. 

The AI Standoff Continues: Threat Actors vs. Defenders 

While the artificial intelligence arms race will continue, defenders can develop an advantage through AI-powered tools and layered defenses. By thinking strategically, defenders can stack the odds in their favor — even as attack techniques evolve at an accelerating pace. 

For our entire conversation on how AI is changing the threat landscape and why human defenders remain a key part of our cyber defenses, please listen to our discussion on the Unsupervised Learning podcast:


For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.

Ismael Valenzuela

About Ismael Valenzuela

Ismael Valenzuela is Vice President of Threat Research & Intelligence at BlackBerry, where he leads threat research, intelligence, and defensive innovation. Ismael has participated as a security professional in numerous projects across the globe for over 20+ years, which included being the founder of one of the first IT Security consultancies in Spain.

As a top cybersecurity expert with a strong technical background and deep knowledge of penetration testing, security architectures, intrusion detection, and computer forensics, Ismael has provided security consultancy, advice, and guidance to large government and private organizations, including major EU Institutions and US Government Agencies.

He holds many professional certifications, including the highly regarded GIAC Security Expert (GSE #132) in addition to GREM, GCFA, GCIA, GCIH, GPEN, GCUX, GCWN, GWAPT, GSNA, GMON, CISSP, ITIL, CISM, and IRCA 27001 Lead Auditor from Bureau Veritas UK.