AI-Driven Security Advancements and Risks in Enterprise and Threat Landscape
Major technology vendors and cybersecurity researchers are rapidly integrating artificial intelligence and automation into security operations, with Microsoft unveiling a comprehensive suite of AI-powered enhancements across its Defender ecosystem. These updates include proactive features such as Predictive Shielding for automatic attack disruption, a natural language Threat Hunting Agent, and expanded integration with third-party services like AWS and Okta. Microsoft is also addressing the growing challenge of non-human digital identities and agent sprawl, while expanding Security Copilot with dozens of new agents to automate tasks for security operations, identity, and IT teams. Meanwhile, the industry is seeing a surge in AI-driven detection engineering, with new and updated rules targeting advanced threats such as Windows defense evasion, credential access, phishing, and supply chain attacks.
However, the adoption of generative AI models introduces new risks, as demonstrated by research into the Chinese DeepSeek-R1 model, which was found to generate insecure code—especially when prompted with politically sensitive topics. This raises concerns about the security implications of using foreign AI models, particularly those subject to state influence or censorship. Additionally, the threat landscape is evolving with the emergence of LLM-generated malware, adaptive AI-driven malware detection, and the use of AI in both offensive and defensive cyber operations. Security teams are urged to remain vigilant as AI technologies reshape both the tools available to defenders and the tactics employed by adversaries.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Foresiet details GPT-5-powered autonomous threat hunting
On 2025-11-24, Foresiet published a technical deep dive on its OpenAI GPT-5-powered threat hunter. The post presented autonomous security and AI-driven threat hunting as an operational capability.
Microsoft announces security improvements using AI and automation
On 2025-11-24, SC Media reported on Microsoft's security enhancements centered on AI and automation. The report indicates a product or platform update aimed at strengthening defensive operations through automated security capabilities.
DeepSeek-R1 insecure-code findings are reported
On 2025-11-24, The Hacker News reported that the Chinese AI model DeepSeek-R1 generated insecure code when prompts referenced Tibet or Uyghurs. This marked a public disclosure of AI security concerns tied to politically sensitive prompt conditions.
Security Affairs publishes Malware Newsletter Round 72
On 2025-11-23, Security Affairs published Malware Newsletter Round 72, a roundup of malware research and reporting. The issue highlighted topics including JSON-based malware delivery, npm campaigns using cloaking, fake Google Play Android threats, signed-app abuse, RONINGLOADER, the Tsundere botnet, a Salesforce-related campaign, Sturnus banking malware, and LLM-generated malware capabilities.
Detection repositories add 53 new and 37 updated security rules
Between 2025-11-17 and 2025-11-24, nine major GitHub detection-rule repositories were updated with 53 new rules and 37 modified ones. The changes expanded coverage for defense evasion, credential access, phishing, BEC, cloud IAM abuse, privilege escalation, and malware- and APT-related activity, including detections for several 2025 CVEs.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
6 references tracked. Mallory keeps watching after this page renders.
Autonomous Security is Here: A Deep Dive into OpenAI’s GPT-5 Powered Threat Hunter
foresiet.com
Open sourceDetections Digest #20251124
detections-digest.rulecheck.io
Open sourceChinese DeepSeek-R1 AI Generates Insecure Code When Prompts Mention Tibet or Uyghurs
thehackernews.com
Open sourceWhat'd I Miss? InfoSec Weekend News Roundup for November 21 - November 23, 2025
sherpaintelligence.substack.com
Open sourceMicrosoft boosts security with AI, automation
scworld.com
Open sourceSECURITY AFFAIRS MALWARE NEWSLETTER ROUND 72
securityaffairs.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI-Driven Security Risks, Bypasses, and Exploits in Modern Cybersecurity
Security researchers and industry experts are raising alarms about the growing use of artificial intelligence (AI) in both offensive and defensive cybersecurity operations. Attackers are leveraging AI to bypass advanced security controls, as demonstrated by a researcher who used AI to defeat an "AI-powered" web application firewall, and by the emergence of new malware that exploits AI model files and browser vulnerabilities to evade detection and exfiltrate credentials. Meanwhile, defenders are grappling with the proliferation of unsanctioned AI tools in the workplace, the challenge of auditing AI decision-making, and the surge in AI-powered bug hunting, which has led to a dramatic increase in vulnerability discoveries and bug bounty payouts. The risks are compounded by the lack of clear AI usage policies, the potential for data leaks through generative AI tools, and the difficulty in monitoring or controlling how sensitive information is processed and stored by these systems. Industry reports highlight that a significant portion of employees use unauthorized AI applications, often exposing sensitive data without IT oversight, and that prompt injection and model manipulation are now common vulnerability types. The security community is also debating the extent to which ransomware and other attacks are truly "AI-driven," with some reports criticized for overstating the role of AI in current threat activity. As organizations rush to adopt AI for efficiency and innovation, experts urge the implementation of robust governance, continuous monitoring, and red-teaming to anticipate and mitigate the evolving risks posed by both sanctioned and shadow AI systems. The rapid evolution of AI in cybersecurity is forcing a reevaluation of traditional defense models, emphasizing the need for transparency, operational oversight, and adaptive security strategies.
Mar 21, 2026
AI Integration in Cybersecurity: New Risks, Vulnerabilities, and Defensive Capabilities
The rapid integration of artificial intelligence (AI) and large language models (LLMs) into cybersecurity operations and software development is fundamentally altering both the attack surface and defensive strategies. Security teams are leveraging AI to automate alert triage, summarize threat intelligence, and streamline incident response, while organizations like Microsoft are bundling AI-powered security assistants such as Security Copilot with enterprise products to democratize advanced threat detection and response. However, this shift introduces new risks, including prompt injection attacks, the challenge of validating AI-generated code, and the emergence of "vibe coding," where natural language prompts replace traditional software engineering rigor, potentially leading to insecure or unmaintainable code. Studies show that while LLMs can assist in patching known vulnerabilities, their effectiveness drops with unfamiliar or artificially altered code, highlighting limitations in current AI capabilities for secure software maintenance. The evolving AI attack surface is characterized by probabilistic model behavior, making vulnerabilities less predictable and harder to patch compared to traditional software flaws. Security experts warn that the speed and scale enabled by AI can benefit both defenders and attackers, with concerns about AI-enabled autonomous attacks and the need for new security models to address reasoning manipulation rather than just input validation. As organizations increase cybersecurity budgets and invest in AI-driven solutions, the industry faces a dual imperative: harnessing AI's potential to improve defense while developing robust controls and validation processes to mitigate the novel risks it introduces.
Mar 21, 2026
AI-Driven Cybersecurity Threats and Defenses in 2026
Artificial intelligence is rapidly transforming the cybersecurity landscape, with both attackers and defenders leveraging AI to gain an edge. According to Google's Cybersecurity Forecast 2026, AI is now central to cybercrime, enabling adversaries to automate phishing, clone voices for social engineering, and launch sophisticated prompt injection attacks against large language models (LLMs). The rise of AI agents—autonomous systems acting on behalf of users—introduces new identity and access management challenges, as traditional security controls designed for humans are no longer sufficient. Security operations are also evolving, with analysts increasingly relying on AI tools for faster incident response, though this shift brings new oversight and risk management concerns. The criminal underground is developing unrestricted AI models, further lowering the barrier for less advanced threat actors. The proliferation of AI-generated code and agentic workflows is reshaping software development and supply chain security, as highlighted by Endor Labs' 2025 State of Dependency Management and industry commentary. Studies show that a significant portion of AI-generated code is vulnerable, raising concerns about the security of modern applications. The Model Context Protocol (MCP) is emerging as a standard for enabling AI agents to interact with external tools, but introduces new attack surfaces that require a "Triple Gate Pattern" of defense across the AI, MCP, and API layers. Despite these risks, recent analyses reveal that startups and enterprises are prioritizing productivity and automation over security in their AI investments, often adopting a "build first, secure later" mentality. As AI becomes ubiquitous in both offensive and defensive cyber operations, organizations must adapt their security architectures and practices to address these evolving threats and opportunities.
Mar 21, 2026