Harnessing AI in cybersecurity: Ways companies can stay ahead of AI-driven threats
Harnessing AI in cybersecurity: Ways companies can stay ahead of AI-driven threats
Publish Date: 2026-07-05 20:54:00
Source Domain: technode.global
Using an unordered list, summarize the following article with between 4 and 8 key points.
While cybersecurity companies leverage AI to enhance threat detection, cybercriminals are weaponizing the same technology for automated phishing and malware attacks —highlighted by the fact that 43 percent of organizations believe hackers are using AI-driven methods to boost their effectiveness. To stay protected, organizations must adopt AI-powered platforms rather than relying on isolated tools.
Artificial intelligence has firmly established its presence in enterprise cybersecurity. According to data from Kaspersky’s 2026 global study, almost 100 percent of organizations in APAC – including firms in markets like Singapore, Indonesia, and Vietnam – intend to incorporate AI into security operations. This is consistent with solution providers embedding AI into their workflows to accelerate detection, reduce analyst workload and counter-attacks that move faster than human responders can manage. On the other hand, cybercriminals are using it to automate reconnaissance, generate convincing phishing content and scale operations that would previously have required significant resources and expertise.
This symmetry is the challenge. Every AI-driven capability available to cybersecurity providers is also available, or adaptable, to attackers. According to Kaspersky data, 21 percent of organisations believe cybercriminals are ahead in the technology arms race, with 43 percent saying criminals are able to adopt new technologies like AI to increase the effectiveness of their attacks.
Security leaders need to understand how AI is being weaponized, invest in AI-powered protection that is genuinely integrated into daily security workflows and approach the organisational and technical challenges of AI implementation with the same rigour applied to any critical infrastructure decision.
AI-based threats: How cybercriminals are using AI
The adoption of AI by threat actors is systematic. Attackers are integrating generative AI across the full attack chain: automating the creation of phishing lures, generating functional malicious code, improving the evasiveness of payloads and making social engineering more convincing at scale. What previously required skilled human operators can now be replicated and scaled cheaply.
Kaspersky’s Global Research and Analysis Team (GReAT) documented this shift in detail through its investigation of the RevengeHotels campaign, which targeted hospitality businesses across Latin America. Threat actors incorporated AI-generated code into their malware development and delivery process, producing more convincing phishing content and more evasive payloads than earlier iterations of the campaign.
The financial sector has also felt the impact directly. In 2025, Kaspersky logged more than 530,000 attempted financial phishing attacks across Southeast Asia, with Thailand recording the highest number of attacks at 247,560, Indonesia at 85,908, Malaysia at 64,779, Vietnam at 59,560, as well as Singapore and the Philippines recording just over 38,000 each. Furthermore, Kaspersky’s analysis of financial threat trends in 2025 identified AI as a key enabler of increasingly targeted fraud, social engineering and market manipulation attempts, with attackers using AI to model victim behavior, craft more persuasive lures and probe infrastructure at a pace and scale that manual methods cannot match.
The entertainment industry tells a similar story. Kaspersky identified AI as the thread running through the most significant emerging risks facing studios, content platforms and rights holders in 2026, from AI-generated deepfakes and content fraud to AI-assisted probing of content delivery infrastructure.
The common thread across these threat scenarios is speed and scale. AI removes the manual bottlenecks that previously constrained attackers, compressing the time between reconnaissance and compromise, between identifying a target and deploying a convincing lure, and between creating a payload and adapting it to evade detection. For defenders, the response time advantage that once existed is eroding.
AI-based protection: How security vendors are responding
The cybersecurity industry has responded to the AI threat landscape by embedding AI throughout the detection and response lifecycle. Kaspersky has extended AI-driven capabilities throughout its portfolio, enabling security teams to understand what is happening across their ecosystems, why it matters and what to do next, delivering richer, faster and more actionable intelligence without increasing the burden on analysts.
AI has the potential to deliver wide-ranging advantages. For instance, behavioral correlation rules can be used to establish a baseline of normal login activity and automatically flag anomalous events, triggering account theft alerts without requiring manual analyst review of individual log entries. While AI-powered asset scoring can continuously evaluate for risk based on the sequence and context of detected security events across the infrastructure. Assets with unusual or correlated patterns receive elevated risk scores and are automatically categorised by severity, helping teams focus limited resources where exposure is greatest.
In addition, AI-enabled incident summarization can explain the attack chain, initial vector and adversary actions in plain language. Analysts can use this to immediately understand what happened without manually reviewing large volumes of raw event data, directly addressing the investigation bottleneck that strains under-resourced SOC teams. Meanwhile, AI-based assistants can deobfuscate command lines, provide analytical explanations, and produce concise investigation reports, reducing cognitive load and accelerating analysis, especially in complex, multi-stage incidents.
In addition to these capabilities, there are many other AI-powered features that further assist cybersecurity companies in Southeast Asia in creating comprehensive and resilient solutions against evolving threats.
AI implementation in infrastructure: Challenges and key steps
According to the aforementioned 2026 global Kaspersky survey, nearly every company across Southeast Asia planning to establish a SOC within the next two years intends to enhance it with AI. However, many of these organizations face a distinct set of organisational and technical challenges when integrating this technology into their security infrastructure, and approaching these challenges without a clear framework risks compounding the very problems AI is meant to solve.
Data quality and telemetry coverage: AI detection and correlation capabilities are only as effective as the data they operate on. Fragmented architectures with siloed data sources produce inconsistent telemetry that limits AI effectiveness. Organizations must prioritize centralized data collection across endpoints, identity, cloud and network before AI-driven correlation can deliver meaningful results.
Integration complexity and total cost of ownership: AI capabilities introduced as isolated features within fragmented stacks add integration overhead without delivering unified operational benefit. Infrastructure requirements, API complexity and ongoing model tuning can multiply initial investment costs significantly. Enterprises should evaluate AI security capabilities not by feature lists but by how effectively the underlying platform consolidates telemetry, eliminates manual context-switching and reduces total operational burden.
Skill gaps and change management: AI tools that require deep technical configuration to operate effectively may widen rather than narrow capability gaps in under-resourced teams. The most operationally effective AI implementations are those that embed intelligence directly into analyst workflows.
Responsible AI governance: As AI becomes embedded in security operations, enterprises must also consider the governance framework governing those tools. Kaspersky continues to show deep commitment to not just responsible AI development but building a safer digital world for all, with its strong endorsement for the UN’s Global Digital Compact – a detailed framework for global governance of digital technology and artificial intelligence. Building upon this, Kaspersky has also been expanding its investments and capabilities in Southeast Asia in a bid to strengthen the region’s cybersecurity ecosystem preparedness and resiliency in the face of intensifying AI integration.
The practical steps for organisations navigating AI integration are as follows:
Consolidate telemetry into a unified platform before layering AI capabilities. Fragmented data limits AI effectiveness;
Evaluate AI security tools based on workflow integration, not feature count. The measure is analyst time saved, not capabilities listed;
Prioritize platforms where AI capabilities are built-in rather than bolted on, to minimize integration overhead and reduce TCO;
Establish internal AI governance standards that align with emerging regulatory requirements and vendor accountability frameworks;
Run phased deployments with measurable outcome baselines to validate AI impact before full-scale rollout.
Building a resilient AI strategy
The question for enterprise security leaders is not whether to engage with AI, but how to implement it in a way that delivers genuine operational benefit rather than added complexity. As enthusiastic as Southeast Asian markets like Singapore have been in AI adoption, besides the workforce being inundated by AI-enabled cyber threats, employers still face significant technical gaps – ones that impede business operations.
The answer lies in integration. AI capabilities that operate in isolation, or that require significant manual configuration to function, add overhead without reducing risk. AI embedded directly into unified detection and response workflows is where the operational gains are realised.
Simon Tung is the General Manager for Kaspersky in ASEAN (Association of Southeast Asian Nations) and AEC (Asia Emerging Countries). Effective October 2025, he leads the company’s strategic direction and business operations across the region, focusing on empowering organizations and governments to navigate an increasingly complex threat landscape.
His primary focus is on accelerating growth, building key partnerships, and enhancing the delivery of Kaspersky’s innovative solutions to meet the evolving needs of customers and partners in the digital era.
Simon has over three decades of extensive experience in the technology sector, with a proven track record of building and scaling businesses across Asia Pacific. He combines financial discipline with strategic foresight to deliver sustainable results. He has successfully transformed underperforming units, doubled revenues, and launched new business models that accelerated market expansion during his stints in companies like Crayon, Microsoft, and SAP.
He holds a Master’s Degree in Business Administration from University of Adelaide, Australia, is a Chartered Certified Accountant with ACCA (UK), and has an SMU-SID Accredited Diploma in Directorship from Singapore Management of University, Singapore.
Featured image: lhon karwan on Unsplash
Finding focus: A strategic approach to cybersecurity for SMBs in SEA