The AI Arms Race in Cybersecurity: Trust Nothing, Verify Everything

The battle between cybercriminals and cybersecurity professionals is increasing daily. A cybersecurity report states that cybercrime could cost as much as $10.5 trillion yearly by 2025. Artificial intelligence has become the weapon in this arms race. As a Senior Site Reliability Engineer (SRE) at Microsoft with over 15 years of experience in cybersecurity, I have seen the evolution of cyber attacks. I have also witnessed the importance of AI in security coupled with a Master’s degree from Georgia Tech and a CISSP certification; this has given me practical experience in how AI aids cybersecurity.

**AI-Powered Cyber Threats
\ Cybercriminals are using AI to develop more sophisticated attacks via malware and phishing. These phishing campaigns use AI to convince users to reveal sensitive information such as passwords and bank details.  The AI uses deepfake technology to impersonate identities. For instance, a finance worker got tricked at a multinational firm into paying out $25 million to fraudsters using deepfake technology. The fraudsters posed as the company’s chief financial officer in a video conference call, according to Hong Kong police.

Threat intelligence and incident response teams are now dealing with faster, more targeted attacks that are increasingly difficult to detect using traditional security measures.

Cybercriminals are using AI chatbots to impersonate customer support. In this case, the customers are willing to share sensitive data like passwords and banking details without a second thought. Through this, hackers access customers’ banking information and steal from accounts.

In addition, AI is helping cybercriminals design malware that developers have not detected, making zero-day vulnerabilities more challenging.

In my role in Microsoft’s identity and security domain, I have seen how AI-driven decision-making models are deployed to counteract these evolving threats.

AI as a Defensive Force

On the defensive side, AI aids cybersecurity. AI security tools can analyze vast amounts of data, detect anomalies, and automate responses to potential threats. Zero Trust Architecture, a framework I advocate for in cloud security, relies heavily on AI. The AI tool continuously reviews user access and validates credentials. This helps to reduce attacks on user accounts and sensitive information. AI’s ability to detect compromise has made it an essential tool in DevSecOps and automation. Because of this, security and system reliability have greatly improved.

Artificial Intelligence tools can alert administrators and users of potential hacks and compromises. Microsoft has provided extensive AI tools with Identity and Access Management (IAM) for verification.

Despite this, cybersecurity professionals must proactively monitor and audit alerts generated by the identity and access management tool.

The Role of Zero Trust and Identity & Access Management (IAM)

Microsoft’s mantra for Zero Trust is “Never trust, always verify”. This requires continuously authenticating users, accounts, devices, and identities. Cybercriminals seek various forms to impersonate users, so authentication is crucial, especially within Microsoft’s identity domain.

Microsoft’s Identity and Access Management (IAM) verifies every identity, account, and sign-in in the zero trust model. This ensures identities and devices are authenticated before granting access. This is done using authentication methods like Multi-Factor Authentication (MFA) and Conditional access policies. The platform Microsoft uses for identity and access management is called Microsoft Entra. Microsoft also uses Purview and Compliance to manage security. Defender is used to protect devices, cloud accounts, and identities. Defenders now use AI-powered threat Intelligence and Incident Response, zero trust architecture, and automation to excel in detection and real-time response.

Microsoft Entra helps with threat intelligence and incident response. These help to mitigate attacks and security threats. With incident response, cybersecurity professionals can get alerts.

An area in which Microsoft excels is the AI Threat Intelligence Platform. In 2024, Microsoft announced its investment in AI Security by inviting experts to participate in the Zero Day Quest with promises of substantial cash rewards. This makes Microsoft a major investor in cybersecurity. Microsoft also analyzes trillions of cybersecurity signals and provides tools for organizations to use in threat hunting.

These technologies and initiatives help to build resilience and system reliability for professionals.

DevSecOps: Security at the Speed of Development

DevSecOps has integrated AI into cybersecurity, cloud security, and workflows. DevSecOps ensures that security is built into every phase of the software development lifecycle rather than being an afterthought. As a Microsoft Award recipient and the Best Consultant Award winner in 2016, I have seen organizations struggle with security bottlenecks. AI-powered DevSecOps automation removes these roadblocks, allowing companies to maintain speed and security.

AI-Powered Threat Intelligence & Incident Response

AI powers threat intelligence to detect cyber hacks. AI models use machine learning to analyze patterns and detect anomalies. With machine learning, AI predicts threats and incidents.

In my role, I have worked with AI in security systems that detect and respond to threats faster than traditional methods. This detection has helped security teams be proactive and quickly detect the root cause of issues. Microsoft’s threat intelligence system detects and mitigates the hacks, provides alerts, and blocks sign-in.

The Future: A Continuous Battle

As an Editorial Board Member of the ESP – International Journal of Advancements in Computational Technology and a Senior IEEE Member, I have had the opportunity to research and analyze AI advancements in security. Success in cybersecurity depends on a combination of AI, Zero Trust Architecture, IAM, DevSecOps automation, and skilled professionals.

Cybercriminals constantly change tactics, and cybersecurity professionals must stay ahead with AI-enhanced security strategies. One thing is certain, the AI arms race in cybersecurity is far from over. However, with AI, there is a 75% chance of staying ahead of cybercriminals.