Smart Attacks, Smarter Defenses: The Battle Against AI Cyber Threats
AI-generated deepfakes are just the start of a new wave of cyber threats as hackers utilize the latest technological tools to crack corporate security systems. Security companies are learning how to fight back.
- AI tools offer new opportunities for hackers to breach corporate security systems.
It began with an urgent email. It came from the UK CFO of engineering giant Arup; he needed a money transfer. Suspicious, a finance employee sought reassurance via a video call; surely, a foolproof security check. Joining the call, a familiar face appeared on screen: it was the CFO. Satisfied, the employee wired $25.6m. But in fact, Arup had been the victim of an AI-generated deepfake. The CFO’s identity had been fabricated.
The 2024 Arup attack served as an early example of how AI could be weaponized for cybercrime, producing deep-fakes and hyper-realistic phishing campaigns. Since then, the problem has only worsened. Now malware software like MalTerminal uses Chat GPT to generate malicious code in real time to probe network vulnerabilities, while AI-assisted malware loops can adapt to override cyber defenses. In short, AI has given hackers “unprecedented” speed and volume, according to a recent CrowdStrike report, with large language model-trained AI facilitating even amateur criminals in launching an attack.
“You don’t need to be technical in order to get in the game (now),” said Jane Frankland, author of In Security, a non-fiction book on cybersecurity. “In the past, it would take about 40 hours to profile a company (for a phishing attack). Now it takes less than a minute.”
This has created a new headache for executives, who already face a blitzkrieg of assaults from malicious actors. EQT-backed SK Shieldus, one of Asia’s leading security providers, alone says it fends off 25,000–30,000 intrusions a day. Attack volumes globally have risen by a double-digit percentage rate every year for the past few years. Each successful attack can cost a firm many millions of dollars to resolve.
AI is simply making this worse, with some 16 percent of breaches studied by IBM in its 2025 report linked to the technology. It’s also making attacks more costly; IBM’s report found that data breaches involving AI cost organizations an additional $670,000 to resolve. Companies adopting AI-based technologies without adequate safeguarding might even introduce additional risks, warns EQT Growth Director Rob Sternberg, as those tools could open new attack vectors.
“Businesses are giving (AI) agents full reign to access internal data stores, often without adequate protections,” he says.
It’s little surprise, then, that global cybersecurity spending is expected to exceed $300bn in 2025.
Average Cost of a Data Breach
In light of the new threat, cyber defense firms are getting smart – and deploying AI to fight AI attacks in what Frankland likens to “an arms race.”
For instance, cybersecurity firms like ReliaQuest now use AI to detect, contain, investigate and respond to threats faster. Their AI agents automate 90 to 95 percent of low- to mid-level alerts, the firm says. In doing so, it tackles human fatigue, taking over repetitive tasks, and also addresses the gap in cyber expertise, says EQT Growth partner Kirk Lepke, who led EQT’s investment in ReliaQuest.
ReliaQuest’s software platform, GreyMatter, is underpinned by a proprietary orchestration engine that leverages the power of multiple AI models, says Lepke, ensuring clients can reap benefits from the latest model advancements. That’s given attackers a run for their money; the average time to contain a threat has decreased to under five minutes, he adds.
Sang Jun Suh, an EQT Infrastructure Partner who sits on the board of directors at SK Shieldus, says the security provider had been preparing for the misuse of AI for years and created its own AI-powered defense, focused on automating detection and initial response actions. In doing so, it has developed an accessible tier of products for smaller companies that have traditionally been more complacent about cybersecurity or unable to fork out for defenses.
“While AI may keep chief information security officers up at night, it also is making tools like ReliaQuest so much better,” says Lepke, adding that “we’re still just scratching the surface of what’s possible.”
Security hygiene
Even with the advances in AI-related tools on both sides of the battlefield, companies should still pay attention to the basics when it comes to digital security, Suh warns.
Most vulnerabilities are still rooted in basic procedural failures such as misconfigured access, poor data controls and trust-by-default systems, not exotic AI-enabled malware. A 2024 Verizon Report found that 60 percent of worldwide breaches reported by its vendors involve a human element, with credential misuse among the leading causes as well as phishing. Meanwhile, a third of U.S. companies lack regular backups and system testing.
Today’s security tools can help tackle phishing by checking the configurations of IT systems or user permissions, and flagging vulnerabilities, says Lepke. Looking ahead at the next generation of these tools, AI is powering a shift from reactive remediation to proactive prevention.
These and other AI-enabled defenses are fast becoming important to combating the volume and sophistication of today’s attacks. But technology alone isn’t a silver bullet. Even the best cybersecurity systems rely on getting the foundational organizational approaches right. As such, Frankland’s advice is to remain concentrated on the overall cyber threat. “You do need to worry, you do need to take action. Work on the basis that it’s going to happen to you.”
ThinQ by EQT: A publication where private markets meet open minds. Join the conversation – [email protected]
On the topic ofTechnology
Exclusive News and Insights Every Week
Sign up to subscribe to the EQT newsletter.