2025 saw multiple British institutions from M&S to Harrods to Legal Aid facing significant and disruptive cyberattacks, not only requiring costly fixes, but also dominating news cycles for extensive time periods and affecting trust. In its Annual Review, the UK’s National Cyber Security Centre reported a 50% increase in “highly significant” cyberattacks this year, with CEO Richard Horne offering a “wake-up call” to businesses of all sizes and in all sectors: “every organisation must understand their exposure, build their defences, and have a plan for how they would continue to operate without their IT (and rebuild that IT at pace) were an attack to get through.”
For those of us outside the cybersecurity industry, awareness of our own IT approach is more essential than ever to safeguard our digital footprints before, during, and after potential crises.
As AI continues to reshape how most industries operate, cybersecurity is no exception and is also evolving at an unprecedented pace. The cybersecurity landscape is changing for both defenders and attackers, transforming how businesses safeguard themselves and how attacks are played out. Conventional rule-based security tools are quickly becoming obsolete. Manual processes can’t match AI’s speed and efficiency, leaving organisations facing a far graver threat than we have seen before. At the same time, in the State of AI Cybersecurity 2025 report, published by AI cybersecurity specialist Darktrace, 95% of cybersecurity professionals surveyed believe AI can improve the speed and efficiency of cyber defence. The very AI fuelling the increase in advanced cyber threats is also our best hope and greatest weapon in defending against attackers. This is the cybersecurity paradox of the AI revolution.
The guardian
If one looks from the side of the protector, AI replaces traditional policies – which rely on manually defined rules to respond to threats – by amplifying defenders with automated machine learning investigations that constantly look out for hidden anomalies.
These machine learning processes are helping systems to detect trends in data and adapt to new threats faster and more accurately than ever before. By constantly probing data across endpoints, servers, network traffic, and broader infrastructure, machine learning models can spot early indicators of intrusion long before a threat manifests.
Traditional processes look for similar anomalies, such as unusual login attempts, unexpected privilege escalation where a user or attacker gains unintended access through vulnerabilities or badly configured systems, abnormal traffic spikes, and data exfiltration patterns that report when there is an unauthorised transfer or theft of data. AI does this while continuously monitoring for deviations in a much more efficient and timely fashion. It can detect unknown threats without prior labelling, making it highly effective against zero-day threats (flaws that hackers exploit before a fix exists).
Machine learning models can also predict likely attack sequences. By enabling earlier threat detections, AI reduces potential damage, data loss, and downtime during attacks, thereby minimising the overall breach impact.
The intruder
On the other side of this paradox, you have the intruders. The same aspects of AI that defenders are benefiting from are being weaponised by attackers to a degree never before seen in the digital age. It’s not just breaching systems where capabilities have improved. The days of easily spotting phishing emails by grammar errors and poorly edited logos are coming to an end. Attackers are now able to create highly personalised phishing and social engineering campaigns on a larger scale using large language models to create relevant, fluent emails that slip past email security more easily than traditional methods.
To bypass human scepticism, intruders are also using generative models to create convincing audio and video deepfakes. This method has been around for years, but with most people having an online presence, in conjunction with new methods enabled by AI, deepfakes are becoming increasingly realistic and are being used for fraud, political manipulation, extortion, and impersonation, to name a few.
Automated exploitation discovery is also being accelerated using AI. Manual vulnerability research used to be a tedious, time-consuming challenge even for the most tech-savvy hackers. Generative coding techniques lower this barrier to entry, making malware far easier to develop. Machine learning methods, but more so the increased accessibility of these methods, are opening the door to those who rely less on their technical abilities, in turn presenting opportunities to a larger cohort of potential attackers.
Modern cybersecurity practices are up against an onslaught of faster attack cycles, more convincing deception, and an influx of attackers capable of using advanced technologies.
The arms race
Much like the pre-AI arms race, defenders and attackers are still participating in a continuous feedback loop where one gets a step ahead and the other implements countermeasures. The main difference now is the speed and automation with which this is done. Manual monitoring remains critical, but on its own, it is no longer sufficient. Organisations can’t stand by and try defending against modern methods without adjusting their own, as doing so will soon be much like trying to quench a forest fire with a garden hose.
Businesses are at a disadvantage in this battle when it comes to ethical and regulatory considerations. Attackers operate without restrictions, but cyber teams must ensure that AI systems aren’t breaking privacy and data protection policies. Companies that handle sensitive client information also have the challenge of making sure the correct due diligence is carried out when interacting with AI models and other third parties that provide these solutions. Attackers don’t have to worry about the likes of GDPR, whereas defenders must balance AI usage with responsible governance, transparency, and privacy.
Can we defend without AI?
Human expertise is, for now, irreplaceable. This, paired with automated models and a resilient design, can put organisations in a good position and is a solid foundation which can be built upon. Traditional tools and processes remain essential, but relying on this alone without integrating robust AI tools leaves gaps in defence – gaps which will only become more significant as time goes on.
As AI continues to evolve, it is important to ethically and intelligently plan how it best embeds within your organisation. AI-based tools and processes will define the next era of cybersecurity resilience. Those protectors who embrace AI have the opportunity to implement a stronger, faster, more intelligent line of defence than ever before.
Privacy Policy.
Revoke consent.
© Digitalis Media Ltd. Privacy Policy.
Digitalis
We firmly believe that the internet should be available and accessible to anyone, and are committed to providing a website that is accessible to the widest possible audience, regardless of circumstance and ability.
To fulfill this, we aim to adhere as strictly as possible to the World Wide Web Consortium’s (W3C) Web Content Accessibility Guidelines 2.1 (WCAG 2.1) at the AA level. These guidelines explain how to make web content accessible to people with a wide array of disabilities. Complying with those guidelines helps us ensure that the website is accessible to all people: blind people, people with motor impairments, visual impairment, cognitive disabilities, and more.
This website utilizes various technologies that are meant to make it as accessible as possible at all times. We utilize an accessibility interface that allows persons with specific disabilities to adjust the website’s UI (user interface) and design it to their personal needs.
Additionally, the website utilizes an AI-based application that runs in the background and optimizes its accessibility level constantly. This application remediates the website’s HTML, adapts Its functionality and behavior for screen-readers used by the blind users, and for keyboard functions used by individuals with motor impairments.
If you’ve found a malfunction or have ideas for improvement, we’ll be happy to hear from you. You can reach out to the website’s operators by using the following email webrequests@digitalis.com
Our website implements the ARIA attributes (Accessible Rich Internet Applications) technique, alongside various different behavioral changes, to ensure blind users visiting with screen-readers are able to read, comprehend, and enjoy the website’s functions. As soon as a user with a screen-reader enters your site, they immediately receive a prompt to enter the Screen-Reader Profile so they can browse and operate your site effectively. Here’s how our website covers some of the most important screen-reader requirements, alongside console screenshots of code examples:
Screen-reader optimization: we run a background process that learns the website’s components from top to bottom, to ensure ongoing compliance even when updating the website. In this process, we provide screen-readers with meaningful data using the ARIA set of attributes. For example, we provide accurate form labels; descriptions for actionable icons (social media icons, search icons, cart icons, etc.); validation guidance for form inputs; element roles such as buttons, menus, modal dialogues (popups), and others. Additionally, the background process scans all of the website’s images and provides an accurate and meaningful image-object-recognition-based description as an ALT (alternate text) tag for images that are not described. It will also extract texts that are embedded within the image, using an OCR (optical character recognition) technology. To turn on screen-reader adjustments at any time, users need only to press the Alt+1 keyboard combination. Screen-reader users also get automatic announcements to turn the Screen-reader mode on as soon as they enter the website.
These adjustments are compatible with all popular screen readers, including JAWS and NVDA.
Keyboard navigation optimization: The background process also adjusts the website’s HTML, and adds various behaviors using JavaScript code to make the website operable by the keyboard. This includes the ability to navigate the website using the Tab and Shift+Tab keys, operate dropdowns with the arrow keys, close them with Esc, trigger buttons and links using the Enter key, navigate between radio and checkbox elements using the arrow keys, and fill them in with the Spacebar or Enter key.Additionally, keyboard users will find quick-navigation and content-skip menus, available at any time by clicking Alt+1, or as the first elements of the site while navigating with the keyboard. The background process also handles triggered popups by moving the keyboard focus towards them as soon as they appear, and not allow the focus drift outside of it.
Users can also use shortcuts such as “M” (menus), “H” (headings), “F” (forms), “B” (buttons), and “G” (graphics) to jump to specific elements.
We aim to support the widest array of browsers and assistive technologies as possible, so our users can choose the best fitting tools for them, with as few limitations as possible. Therefore, we have worked very hard to be able to support all major systems that comprise over 95% of the user market share including Google Chrome, Mozilla Firefox, Apple Safari, Opera and Microsoft Edge, JAWS and NVDA (screen readers), both for Windows and for MAC users.
Despite our very best efforts to allow anybody to adjust the website to their needs, there may still be pages or sections that are not fully accessible, are in the process of becoming accessible, or are lacking an adequate technological solution to make them accessible. Still, we are continually improving our accessibility, adding, updating and improving its options and features, and developing and adopting new technologies. All this is meant to reach the optimal level of accessibility, following technological advancements. For any assistance, please reach out to webrequests@digitalis.com