Here’s how a new AI-driven “arms race” has snarled cybersecurity
Here’s how a new AI-driven “arms race” has snarled cybersecurity
https://universitybusiness.com/heres-how-a-new-ai-driven-arms-race-has-snarled-cybersecurity/
Publish Date: 2026-03-20 03:46:00
Source Domain: universitybusiness.com
Using an unordered list, summarize the following article with between 4 and 8 key points. Artificial intelligence is reshaping how colleges and universities think about cybersecurity, accelerating both the threats they face and the tools now deployed to stop them.
As attackers use AI to intensify phishing, malware and identity-based intrusions, institutions are fighting fire with fire by adopting new threat detection systems, security models and stricter oversight of third-party systems to protect increasingly complex systems.
“AI can be used for good, or it could be used for bad. We’re in an arms race to stay one step ahead,” says Dan DeBacker, chief product officer of infrastructure at Extreme Networks.
One significant way AI is helping cybersecurity professionals is with proactive threat detection. Instead of waiting for an incident to spread, AI-driven systems can flag unusual behaviors—such as anomalies on a user’s laptop—and isolate the device for investigation.
This is a major innovation in a field where network traffic is increasingly difficult to monitor naturally, with speeds exceeding 400 gigabits per second.
“The amount and volume of traffic has increased so much that it’s nearly impossible without AI to try to find all those blind spots, especially when you get into large-scale environments,” DeBacker says.
Your next read: AI’s mission evolves as adoptions spread
Despite technological advancements in cybersecurity, phishing remains one of the most effective methods to gain unauthorized access to university systems. Attacks powered by AI are now even more dangerous, says Michael Parente, vice president for information technology and chief information officer at Stevens Institute of Technology.
“You have all these deepfakes that can bypass identity checks” at increased speed and scale, he says. “We’ve gotten into the millions and millions of phishing attacks getting blocked behind the scenes thanks to AI-powered detection capabilities.”
The industry’s response has been a decisive move toward Zero Trust security over the past two years. Rather than assuming trust based on a device or location, Zero Trust ensures no one is granted access by default. Users must authenticate their identity to access specific applications. Policies follow the user, regardless of whether they’re on the network.
DeBacker describes Zero Trust as a significant evolution for higher education institutions with increasingly mobile and distributed users.
“I can sit here in my house and take a course at a university that’s 3,000 miles away,” he says. “I may never have to visit the campus, but that expands the blast radius for that university.”
Other growing cybersecurity priorities
Beyond the network, third-party risk has emerged as one of higher education’s most pressing vulnerabilities.
In high-profile breaches at the University of Phoenix, University of Pennsylvania and other institutions in 2023, hackers infiltrated Oracle’s E-Business Suite and stole thousands of sensitive files without having to interact with campus cybersecurity systems. The team behind these attacks used a similar method in 2023 to access data from over 900 institutions.
As a result, universities are dramatically increasing scrutiny of their partners. Security questionnaires are now standard, and vendors are expected to meet stringent compliance requirements to do business with higher education.
Frameworks such as GovRAMP are gaining traction as baselines for cloud security, particularly for public institutions.
Underpinning all of these efforts is a cultural shift to treat cybersecurity as a fully-funded institutional mission, with regular discussions at the board and vice president levels to ensure sustained investment and awareness, Parente says.
“It’s about spreading awareness and ingraining cybersecurity in your institutional culture,” he says. “You need executive buy-in if you want to get support for it long term because, just like with anything else, this does cost resources.”
