AI takes the front line in cybersecurity

Cyberattacks are no longer just the work of humans. As hackers deploy AI to automate scams, launch deepfake campaigns, and overwhelm systems, cybersecurity experts say the defense must evolve just as fast – and that’s where large language models (LLMs) are stepping in.

“LLMs are becoming an intelligent layer that helps organizations with analyzing, detecting, and predicting threats,” said Irina Artioli, Cybersecurity Speaker and TRU Researcher at Acronis, during The Crypto Radio’s X Space on AI-driven defense. “No human can interact at the same level as machine speed.”

Her remarks came as cybersecurity specialists discussed how generative models are reshaping the fight against fraud – highlighting their potential to detect malware, automate responses, and enhance company security as hacker threats grow more sophisticated.

“They can get a threat model, assess it against scan results, and check the circumstances happening on the ground,” added William Entriken, a cybersecurity and blockchain specialist.

Rising threats across the MENA region

In the MENA region, DDos (distributed denial-of-service) attacks – where hackers overwhelm a website or server with excessive traffic to knock it offline – rose 183% year over year, with government and energy sectors hit hardest, according to the MENA Cyber Summit 2025 Annual Report. The UAE, Saudi Arabia, and Iran were the top targets, accounting for 21%, 18%, and 14% of recorded attacks respectively.

The report identified a growing trend of AI-driven social engineering, ransomware, and geopolitically motivated attacks, while noting that AI-based security systems have already helped many organizations cut breach costs. Supporting that, the IBM 2025 Cost of a Data Breach Report found that firms using AI-assisted tools responded to incidents more quickly and effectively.

Even so, adoption remains uneven. Only 30% of companies reported using AI-driven authentication systems, according to The Trust Report: From Risk Management to Strategic Resilience in Cybersecurity (October 2025).

“Cybercriminals’ main aim is to gain money," Artioli said. "The most suitable victims are the countries whose economies are developing faster.” She added that attackers often exploit public holidays to launch mass phishing campaigns and that APT groups – advanced, state-linked hacker networks that infiltrate systems over long periods – and geopolitically motivated actors continue to pose major risks to governments and large enterprises alike.

Cybersecurity experts say the UAE’s rapid digital growth has made Dubai a prime target for sophisticated cyberattacks. Photo: Unsplash / Snapshot 2920

Inside the new AI defense systems

At Switzerland-based cybersecurity and data protection firm Acronis, artificial intelligence now underpins many layers of its threat detection process. “AI and machine learning are used in various components for detecting different type of threats on all stages of their execution – from downloading or pre-execution to even identifying malicious documents,” Artioli explained.

Acronis uses an AI copilot in its endpoint detection and response systems to summarize activity across a network and explain why it’s happening. “It also matches with the Mitra evaluation frameworks and attack framework,” she said, referring to standardized threat-analysis models.

She also shared an example of how AI is being weaponized. “The attackers were using generative AI to scrape LinkedIn profiles, and then they wanted to create hyper-personalized phishing emails. It was all synthesized by AI and very convincing,” she said.

Artioli noted that the healthcare sector has become one of the most frequently targeted industries due to the sensitive nature of medical data and often outdated systems.

Entriken, meanwhile, highlighted similar weaknesses in energy infrastructure, where legacy software and complex physical networks make systems difficult to secure. “If you look at the strike on Iran’s nuclear facilities 20 years back, it is the same way that a successful hack will work on any energy system because you have to get in through multiple layers and physical controllers that nobody’s seen before,” he explained.

He added that many energy companies in the Middle East still rely on Windows XP, creating significant exposure that requires advanced AI tools to detect and assess vulnerabilities quickly.

Outdated systems across Middle Eastern energy networks leave critical infrastructure vulnerable to AI-enhanced attacks. Photo: Unsplash / Gabriela

Why human awareness still matters

Artioli warned that these tools are not infallible. “AI systems can also hallucinate and be fed with wrong data, threatening your projects – which is why it’s important to always maintain visibility across the attack surface and have the right controls in place,” she said. “We need to have a human in the loop of all this chain, because we won’t be able to control what’s happening.”

Entriken emphasized that cybersecurity awareness can’t rely on theory alone – it requires hands-on exposure to real threats. “If you don’t have your hands on one of these phishing emails, you’re just not going to be inspired to understand what’s happening,” he said. “These hackers are using non-public information… they know the names, the email addresses; they’re scraping contact lists.”

He stressed that business leaders must recognize how much the landscape has shifted. “Understanding how the realities of running a business today are different than they were three years ago is essential,” he said. “Teaching is the first step.”

Artioli agreed, underscoring the importance of regular security training to help employees spot red flags early. “It’s crucial to stay up to date and be aware,” she said. “If you see any type of email, you need to learn how to identify it.”

As organizations race to integrate AI into their defenses, experts agree that human vigilance remains irreplaceable. Large language models may analyze threats at machine speed, but it’s people who ultimately decide how – and when – to act.