Artificial intelligence (AI) has gained significant relevance – and benefits companies in many ways. However, it can also pose a major threat, especially when used for cyberattacks. Metaphorically speaking, it is a double-edged sword that companies must leverage to their advantage and steer away from attackers.
This article explores the various facets of AI in relation to cybersecurity and shows how companies can benefit from it without exposing themselves to unnecessary risks.
How AI Intensifies the Threat Landscape
Since both attackers and defenders use AI, the result is a kind of stalemate. First, we look at how AI increases cyber threats: by making attacks more efficient and harder to detect, it creates new and higher demands on ITSM processes.
In our report The State of SMB IT for 2026, around three-quarters of respondents expect attackers to become significantly more powerful through AI. Additionally, 63 percent believe that AI-generated threats are now harder to detect.
The increased risks are particularly evident in the following points:
- Faster malware development increases the number of incidents.
- More realistic phishing and social engineering attacks increase the workload for service desks.
- Automated vulnerability discovery allows attackers to strike faster, reducing response windows.
- More effective credential attacks increase risks for identity and access processes.
Attackers therefore have enhanced methods in the AI era, making the threat landscape more diverse, sophisticated, and opaque. These risks should be taken seriously, as every cyberattack has the potential to cause severe disruptions and compromise sensitive data.
Decisive Action Is Required
Since AI is noticeably changing the dynamics of cybersecurity, companies are under increasing pressure to consistently modernize their security and ITSM structures to adequately address growing threats. It is crucial to classify new risks and effectively mitigate them.
Regulatory requirements such as NIS-2 and DORA support this transformation by requiring organizations to implement these structures. In the context of AI-driven attacks, the following parameters are essential prerequisites for resilient IT services:
- transparent processes
- clearly defined responsibilities
- proper documentation
- integrated response chains
It is no longer sufficient to react quickly in the event of an attack. Instead, comprehensive security incident management is required, offering early alerts, accelerated analysis, and structured coordination from the outset.
The Positive Impact of AI on IT Security
In addition to threats, AI also has numerous positive impacts on IT security when used by organizations rather than attackers. One example is the ability to quickly detect and handle incidents.
Many companies expect significant improvements in threat intelligence through faster detection and response times. The use of AI against AI-based attacks is also seen as a realistic perspective.
AI-supported security solutions are already widely used today, mostly in the form of integrated features or external services, as these are faster to implement and scale than in-house developments. At the same time, topics such as transparency and data sovereignty are gaining importance.
In practice, AI already delivers substantial benefits to companies:
- It enables faster detection of and response to security threats.
- It improves the efficiency of defense measures.
- Incidents can be analyzed faster and more effectively.
- Post-incident analyses are improved.
- Root cause analysis becomes faster and more reliable.
- Reporting becomes simpler and more consistent, improving compliance with reporting obligations.
Overall, security teams evaluate the use of AI positively: in our report The State of SMB IT for 2026, 85 percent of respondents see clear improvements in the speed and effectiveness of their cyber defense through AI.
Overall, AI is not only an effective tool for defense but also a noticeable relief in the face of increasing compliance requirements.
Those who consistently implement regulation strengthen their security posture and experience less additional effort than expected.
Jens Bothe
Vice President Information Security, OTRS AG
Best Practices for Companies
Since AI presents both opportunities and risks in a corporate context, a clear and practical approach is essential. It should not only be used securely but also become an integral part of resilient IT and service processes. This requires a combination of integrated technology, fast response processes, and a strong security culture.
The following best practices enable a holistic approach that addresses technical, procedural, and human factors alike:
#1 Leverage regulatory requirements
Frameworks such as NIS-2 provide good guidance for building robust security and governance structures. They also form an excellent basis for achieving operational goals.
#2 Define clear policies
The use of AI should be governed by binding rules, especially when processing personal or sensitive data. Without control, decentralized use can quickly lead to security gaps and attack surfaces.
#3 Raise employee awareness
Poor communication is the most common reason for major mistakes and failed projects. Teams should be trained on risks such as data leaks, shadow IT, and insecure AI tool usage – including refreshers and updates. A strong security culture encourages active participation in defense.
#4 Choose reliable providers
Companies should rely on established and transparent vendors with clear security and compliance standards, including strong encryption, server location clarity, and adherence to regulations.
#5 Integrate tools instead of fragmenting
Reducing tool sprawl and using integrated security and ITSM ecosystems is crucial. Basic measures like external email labeling and SPF, DKIM, and DMARC are essential but most effective when integrated.
#6 Accelerate reporting and response
Simple reporting mechanisms (e.g., a “Report” button) and direct routing to the SOC are key. Automated workflows, prioritization, and SIEM integration enable rapid countermeasures. AI further accelerates detection and response.
#7 Involve expert knowledge
Aligning AI, compliance, and IT security is complex. Engaging external experts can be highly beneficial. In any case, leveraging as much expertise as possible is recommended.
#8 Establish security assessments
Continuous testing, improvement, and updates are essential. Regular assessments help identify vulnerabilities in AI-supported processes early.
Conclusion
Artificial intelligence and IT security often have an ambivalent relationship: while AI intensifies threats, it also helps companies protect themselves more effectively. Companies that take the right steps benefit more from AI than they suffer from AI-driven attacks.
However, many organizations still lack clear awareness of AI-related risks. While AI adoption is widespread, governance and regulation are often neglected – partly due to a lack of transparency.
The challenge is to use AI securely and compliantly while also protecting against AI-driven cyberattacks. This is best achieved through holistic approaches that focus on tools, processes, and people alike.