<p>When Sun Tzu said, “To know your enemy, you must become your enemy,” he never could have imagined how his wisdom would be applied to AI 2,500 years later.</p>
<p>During his session at the Gartner Cybersecurity and Risk Management Summit 2026, Gartner analyst Leigh McMullen agreed with Tzu, in that threat actors have much to teach defenders about using AI. In just a few years, nefarious hackers have harnessed the technology to launch cyberattacks at stunning speed and scale. Yet, security professionals can be just as successful using similar techniques. “The [offensive AI] processes are not necessarily particularly exquisite, elaborate or all that involved and actually present us with an opportunity to create the mirror of them in defense,” he said.</p>
<p>McMullen identified four key areas where threat actors are using AI to <a href=”https://www.techtarget.com/searchsecurity/feature/AI-powered-attacks-What-CISOSs-need-to-know-now”>augment and improve their capabilities</a>, and explained how defenders can use similar methods to counter threat activity and mitigate risk.</p>
<section class=”section main-article-chapter” data-menu-title=”1. Upscaling”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>1. Upscaling</h2>
<p>Threat actors complement their existing skill sets with AI to execute cyberattacks more rapidly, creatively and evasively than ever before. The technology benefits attackers of all levels — those with basic skills use AI to craft more potent attacks, while advanced threat actors use it to become faster and launch more complex digital crimes. </p>
<p>McMullen said defenders should also expand their abilities by putting AI to work. He said the AI models that defenders train will be more adept at <a href=”https://www.techtarget.com/searchsecurity/feature/How-AI-threat-detection-is-transforming-enterprise-cybersecurity”>identifying threats</a>, containing intrusions and protecting systems.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”2. Target selection”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>2. Target selection</h2>
<p>Threat actors who conduct <a href=”https://www.techtarget.com/searchsecurity/feature/How-to-avoid-phishing-hooks-A-checklist-for-your-end-users”>phishing</a> and <a href=”https://www.techtarget.com/searchsecurity/feature/Deepfake-era-demands-proof-based-security-not-just-awareness”>deepfake</a> operations frequently use AI to research both those whom they intend to impersonate and their victims. For example, an attacker might train an AI agent to scour the web and learn the personal details and communication style of an authority figure, enabling the attacker to effectively mimic that authority figure.</p>
<p>Criminals aren’t the only ones who can benefit from this highly targeted AI-assisted research. Security professionals should deploy AI agents to both learn what information is available to potential attackers and to unearth facts about those same threat actors.</p>
<p>McMullen recommended setting up <a href=”https://www.techtarget.com/searchenterpriseai/definition/retrieval-augmented-generation”>RAG</a> pipelines, which enhance <a href=”https://www.techtarget.com/searchcio/tip/Beyond-thehypeA-CIOs-guide-to-LLM-risk-management”>large language models</a> by grounding responses in specific external data. For example, he suggested creating custom threat intelligence feeds to continuously monitor for PII breaches involving key executives and potential targeting vectors. RSS feeds, AI-generated scripts, web crawlers, ISAC feeds and <a href=”https://www.techtarget.com/searchsecurity/definition/Common-Vulnerabilities-and-Exposures-CVE”>CVE feeds</a> are all tools at the security professional’s disposal. Those same tools can be directed outward by directing AI research agents toward known threat actor groups.</p>
</section>
<section class=”section main-article-chapter” data-menu-title=”3. Attack obfuscation”>
<h2 class=”section-title”><i class=”icon” data-icon=”1″></i>3. Attack obfuscation</h2>
<p>Attack obfuscation is becoming increasingly common, McMullen said. “This is threat actors using AI to hide their modus operandi for attacking.”</p>
<p>Defenders can use similar techniques to trick attackers, he said. For instance, he suggested that security professionals make AI-generated synthetic data to keep threat actors busy, then monitor activity to learn attackers’ TTPs. Authentic-looking honeypots, test ranges, look-alike tools, fake websites, bogus vulnerabilities and dead-end backdoors can all send attackers on wild-goose chases while revealing valuable information about them to security
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: