Artificial intelligence (AI) is creating a new cyber battleground where adversaries are using AI tools to launch sophisticated attacks. Against this backdrop, organizations face the dual challenge of defending against AI-powered threats while simultaneously implementing AI within their own security operations, a new paper by KPMG says.
Released earlier this year, the report emphasizes the urgent need for organizations to prepare for the AI era. It highlights a recent incident involving Anthropic as a prime example of the threats arising from the rapid advancement and availability of powerful AI tools.
In late 2025, Anthropic, the AI research company behind the Claude AI assistant, said it caught hackers sponsored by the Chinese government using its chatbot to perform automated cyber attacks against around 30 global organisations.
The attackers tricked its tool into performing automated tasks under the guise of carrying out cyber security research. They gave the chatbot small automated tasks which, when strung together, formed a “highly sophisticated espionage campaign”, Anthropic said in a blog post in November 2025.
Anthropic researchers said humans chose the targets, including large tech companies, financial institutions, chemical manufacturing companies, and government agencies. They qualified the incident as the “first reported AI-orchestrated cyber espionage campaign”.
Criminals are also utilizing AI for social engineering and malware development. According to 2026 research by cybersecurity firm Expel, a group of hacker from North Korea had been using AI tools from OpenAI, Cursor and Anima to target crypto developers with fake job offers and malware, stealing up to US$12 million in cryptocurrency in a span of only three months.
Other cases have also emerged. In 2023, security researchers documented the use of generative AI (genAI) to craft highly convincing, personalized phishing emails in seconds, targeting thousands of employees simultaneously. This capability allowed for a 40% increase in successful phishing incidents.
AI-based attacks have proliferated over the past years. According to cybersecurity firm CrowdStrike, AI-enabled entities increased attacks by 89% in 2025 from a year earlier, with nearly half of organizations now identifying AI-automated attack chains as the most significant ransomware threat.
Establishing trusted AI frameworks and processes
According to KPMG, these developments raise fundamental questions regarding the trustworthiness and security of popular large language models (LLMs) and market-available solutions. These technologies are being rapidly integrated into organizations as trusted solutions, often without full consideration of the associated risks.
To ensure that AI use cases and solutions do not compromise an organization’s risk posture, KPMG advises establishing “trusted AI frameworks and processes”, sharing a practical implementation roadmap with key considerations.
First, AI solutions must be designed to reduce or eliminate bias against individuals, communities and groups. These systems must be transparent and ensure a clear understanding of operations throughout the AI lifecycle.
Human oversight must be integrated into the full AI lifecycle to manage risks and comply with applicable regulations.
These solutions must also be safeguarded against cybercriminals, disinformation and other adverse events, and must be designed and implemented to prevent harm to individuals, companies and assets.
Finally, AI tools must be designed to comply with applicable privacy and data protection laws and regulations. Furthermore, the data used must be obtained in compliance with applicable regulations and assessed for accuracy, integrity, and quality.
Leveraging AI for enhanced intelligent protection
While AI has intensified the cyber threat landscape, it has also equipped organizations with powerful new defensive tools and enabled a strategic shift from reactive defense to intelligent, adaptive protection.
By learning behavioral baselines and understanding context, AI transforms fragmented evidence into coherent narratives while prioritizing alerts by business impact. This enables security teams to detect critical threats earlier with greater accuracy, allowing them to respond with precision and contain risks before significant harm occurs.
For example, IBM provides a genAI-powered tool integrated into its managed Threat Detection and Response (TDR) Services to help security analysts identify, investigate, and respond to critical security threats more efficiently. The assistant reportedly reduced alert investigation times by 48% for one client and helps automate the escalation or closure of up to 85% of security alerts.
Similarly, the US Cybersecurity and Infrastructure Security Agency uses AI as a powerful assistant for its analysts, helping them spot cyber threats faster and more accurately.
Instead of manually sifting through endless streams of data, AI tools automatically scan for unusual patterns that might indicate a hacker, flag sensitive personal information to protect privacy, and assign “confidence scores” to help teams decide which alerts need immediate attention. Additionally, AI helps experts quickly understand complex malware by analyzing its code and generating summaries, allowing the agency to detect attacks on government networks and critical infrastructure sooner.
Featured image: Edited by Fintech News Switzerland, based on image by freepik via Magnific
