Artificial intelligence has become both the arsonist and the firefighter of modern cybersecurity. It’s rewriting the rules of digital defense—accelerating attacks while also promising to predict, prevent, and even repair them faster than any human team could.
As a result, today’s IT and security leaders need to do more than just keeping pace with AI’s evolution. They need to stay ahead of bad actors.
At Rubrik’s Data Security Summit, award-winning journalist, cybersecurity expert, and host of podcast To Catch a Thief Nicole Perlroth discussed how AI is rapidly amplifying both sides of the cybersecurity equation. Here are the key takeaways from the session.
Sign up to access the full session on-demand at Rubrik’s Data Security Summit.
The Double-Edged Sword of AI in Cyber Defense
Perlroth noted ransomware groups are now using large language models (LLMs) to automate every stage of the attack chain—reconnaissance, zero-day exploits, and even ransom negotiations using automated chatbots for maximum psychological impact. According to Perlroth, ransomware actors are automating the entire kill chain, leaving no room for human error.
At the same time, defenders are still learning how to apply AI effectively for defense—using it to triage alerts, patch weaknesses, and forecast which systems are most at risk.
Complicating matters, Perlroth says, is that AI is also empowering people in organizations to code using natural language and develop applications. Unfortunately, that code is often chockablock with security vulnerabilities, creating new avenues for threat actors to attack.
“We are potentially vibe coding our way into the abyss,” Perlroth said.
In practice, this creates a new kind of arms race: speed and accuracy of AI attack vs. speed and accuracy of AI defense. The organizations that survive will be those that automate wisely—embedding AI in both their detection and recovery processes.
Nation-State Attacks Redefine Risk
Perlroth commented that advanced actors—particularly from China—are infiltrating small business IT and even home routers, using those resources as a beachhead to launch attacks.
These infiltration campaigns make it almost impossible to catch the criminals because victim organizations may overlook an influx of traffic coming from a home or small business in a random city. This mismatch between adversaries and defenses allows attacks on critical systems and infrastructure to go undetected. And, contrary to what many might think, the US government doesn’t have as clear a line of sight on what’s happening on private networks.
“The government is really blind to a lot of these threats and our adversaries are designing attacks so that we are blind to them,” Perlroth said.
The takeaway isn’t just that threats are increasing; it’s that they’re getting harder to detect and defend against. Plus, now that power grids, healthcare systems, and logistics networks all rely on digital supply chains, a single compromise can cascade across an entire region or industry.
For organizations looking to defend themselves, this evolved threat landscape has eliminated any room for human error.
“To do this well, at a large organization basically requires running your own intelligence agency these days,” Perlroth said. “It is ridiculous to me that companies are now expected to defend themselves from advanced nation state threats, sometimes multiple advanced nation state threats on a daily, sometimes hourly basis. But that's where we are.”
Learning from the Front Lines: Ukraine’s Cyber Resilience
If the problem sounds overwhelming, recent history offers a model of hope. During Russia’s invasion of Ukraine, a coalition of private and public organizations rallied to defend and supplement the country’s digital infrastructure.
This collective action, known as the “Shields Up” initiative, was spurred by a Russian DDoS attack that targeted Ukraine's defense ministry, armed forces, and two major banks so that people could not withdraw cash from ATMs when they needed it most. Perlroth called out the response to this—and further developments like Russia trying to take down Ukraine's internet—as one of the clearest demonstrations of effective public and private partnership.
Shields Up showed what’s possible when governments and enterprises work together, she noted. It wasn’t about impenetrable defense; it was about rapid recovery and collaboration under fire.
Perlroth said that these types of collaborations and the sharing of information is really the only way she can see to stay ahead of attackers.
Back to Basics: Building Human-Centered Security
While AI-powered attacks and nation-state threats dominate headlines, most breaches still trace back to lapses in basic security hygiene, Perlroth said. Multifactor authentication, intrusion detection, tested backup protocols, and other best practices are still the best defense.
The reality, however, is that perfect execution of these basics remains elusive. Human error, burnout, and complexity creep in—especially as security teams continue to face a talent shortage.
Here, AI emerges as a force for good. AI-assisted monitoring tools are emerging that flag misconfigurations, detect privilege escalations, and even roll back malicious changes in real time.
"Being able to use these tools to fill the unfilled jobs in cybersecurity is something I'm really optimistic about,” Perlroth noted.
The Leadership Imperative: From Fear to Preparedness
One of the subtler repercussions of our new security landscape that Perlroth described is that the right kind of leadership is more critical than ever. Cybersecurity isn’t just an IT problem—it’s an organizational mindset. The most resilient companies are starting with foundational cyber hygiene (“Don’t click that link”) but also cultivating a culture of cyber resilience (“Here’s how we recover when someone inevitably does click that link”).
This mindset shift will define the next generation of security leaders. Instead of measuring success by the absence of incidents, they’ll be judged by the speed and confidence of recovery.
For executives and CISOs, that means budgeting for recovery drills, investing in immutable backups, and building relationships with vendors, law enforcement, and regulators before a crisis hits.
The Takeaway: Surviving after AI
AI may have opened Pandora’s box by automating existing attack methods and enabling newfound creativity, but it’s also giving defenders new ways to see, respond, and rebuild. As Perlroth’s insights made clear, the organizations that thrive in this new era will be those that both collaborate and use AI to enforce and evolve security best practices.
Want to dive deeper into these insights? Watch the full session “Digital Resilience: Surviving the AI-powered Threat Tsunami” from the Rubrik Data Security Summit 2025.