* [Blog](https://www.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com/blog/corporate/)
* [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/)
* AI's Offensive \& Def...

# AI's Offensive \& Defensive Impacts

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fais-offensive-defensive-impacts%2F)  
[](https://twitter.com/share?text=AI%27s+Offensive+%26%23038%3B+Defensive+Impacts&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fais-offensive-defensive-impacts%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2F2024%2F05%2Fais-offensive-defensive-impacts%2F&title=AI%27s+Offensive+%26%23038%3B+Defensive+Impacts&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/2024/05/ais-offensive-defensive-impacts/&ts=markdown)  
\[\](mailto:?subject=AI's Offensive \& Defensive Impacts)  
Link copied  
By [Dena De Angelo](https://www.paloaltonetworks.com/blog/author/ddeangelo/?ts=markdown "Posts by Dena De Angelo")  
May 01, 2024  
5 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[AI](https://www.paloaltonetworks.com/blog/tag/ai/?ts=markdown)  
[AI's Impact in Cybersecurity](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown)  
[cyberattacks](https://www.paloaltonetworks.com/blog/tag/cyberattacks/?ts=markdown)  
![](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/audio-icon.svg)  
Sikorski's Strategy with AI  
*00:00* *00:00*  
Volume Slider  
10s 10s  
10s 10s  
Seek Slider

[*"AI's Impact in Cybersecurity"*](https://www.paloaltonetworks.com/blog/tag/ais-impact-in-cybersecurity/?ts=markdown)*is a blog series based on interviews with a variety of experts at Palo Alto Networks and Unit 42, with roles in AI research, product management, consulting, engineering and more. Our objective is to present different viewpoints and predictions on how artificial intelligence is impacting the current threat landscape, how Palo Alto Networks protects itself and its customers, as well as implications for the future of cybersecurity.
We recently chatted with Michael Sikorski, the CTO of Unit 42 who leads Threat Intelligence and Engineering for the division.*

As the hype around AI continues to ramp up, cybersecurity practitioners are trying to separate reality from fiction when it comes to how artificial intelligence will impact their field. Our discussion includes some candid predictions on AI's near and long-term implications for cyberattacks and defense.

## The Phishing Threat Becomes Much Stronger

In the near-term of the next 6-12 months, Sikorski believes the top way AI will be leveraged offensively is for supercharging social engineering attacks, like phishing and [business email compromise (BEC)](https://www.paloaltonetworks.com/unit42/assess/business-email-compromise?ts=markdown). As he bluntly states, "I think this will be short-lived and phishing will take the number one spot again due to AI."

![Chart of a business email compromise case study.](https://www.paloaltonetworks.com/blog/wp-content/uploads/2024/04/word-image-319692-1.png)

AI language models can study a target's entire email history and communication patterns to then craft perfectly authentic-sounding phishing messages. Sikorski explains:

*"They can build trust very quickly. You see emails going back and forth where they're talking about their dog or their family and the LLM could even replicate that, build the trust and then say, 'Oh yeah. Can you fill out that invoice? Just like you did 6 months ago, and they're more likely to engage, right? Because they're more easily fooled."*

Sikorski believes this scalable, automated phishing threat is already starting to happen and will only grow more prevalent in the short term as "their standard, go-to" approach.

## Adversaries Look to Generate Malware and Poison AI Training Data and Systems

As we look 12 months to a few years out, Sikorski expects malicious actors to evolve their AI offensive capabilities in two key areas:

1) Crafting malware using AI language models trained on existing malware code to stitch together new strains that can bypass detection. "We're trying to actually create malware using LLMs and then feeding it and throwing it at our products to see how well they do," he notes about the proactive defense work of Palo Alto Networks.

2) Attacking the AI/ML systems themselves through techniques like prompt injection and poisoning training datasets to manipulate the outputs. "I think we'll even see attacks going after training data poisoning. So I think the midterm is going to be *more* going after the LLMs because it's a new technology."

## AI Fuels Automated, Scalable Attack Campaigns

Sikorski's biggest concern looks 5-plus years into the future, when AI is allowing massively scalable, autonomous attack campaigns against thousands or millions of targets simultaneously, far beyond the human-level campaigns we've seen so far. He warns:

*"Imagine with AI, they have the ability to make decisions about who to target, how to move laterally, and grab the valuable data ... in an automated fashion. I think that's where this is going. Where the idea of having a fully automated red team, and then therefore also a fully automated attacker."*

Sikorski compares it to the [SolarWinds supply chain attack](https://start.paloaltonetworks.com/five-steps-against-next-big-cyberattack.html), noting "... even with their military, they still had limited resources and operators" and could only operationalize a subset of backdoors despite the widespread prevalence of the corrupted software.

*"Now imagine with AI, they have the ability to ... do all that in an automated fashion ... you can imagine, instead of just attacking hundreds of networks, they attack thousands and install their hooks for the future."*

## The Bright Side: AI-Enabled Defense at Scale

However, Sikorski does see an optimistic side for AI boosting defensive cybersecurity capabilities, as well. He thinks AI/ML advancements may even drive down the total number of exploitable vulnerabilities in software through better automated testing and remediation at scale during development. Sikorski reasons:

*"I think on the exploit and zero day generation, I think there's some argument to be had that software developers are also going to leverage this technology and try and fix the vulnerabilities before bad guys find them."*

> This is an arms race where defenders need to go all in to win the race.

For security operations, Sikorski believes AI/ML will help teams focus more bandwidth on proactive defense efforts, like threat hunting rather than reactive triage:

*"If we could automate away all of this stuff that SOCs know about ...then we can redirect our SOC into doing things like hunting. And that takes a lot more creativity to go and find new attacks that we don't know about."*

The key for security leaders, according to Sikorski, is closely tracking KPIs showing how much AI helps "drive down your costs" and "what percentage of the time are they finding new things?" He advises:

*"If that's going up over time, then that means your team is not just spending on triaging known attacks, triaging false positives all day long."*

As AI cyber offense and defense capabilities accelerate in parallel, the pragmatic voices of real-world practitioners, like Michael Sikorski, will be critical for cybersecurity teams to operationalize AI's potential benefits while staying clear-eyed on the emerging threats.

#### \*\*Ready for the next steps to adopt GenAI securely and confidently?

Get your\*\* [**Unit 42 AI Security Assessment**](https://www.paloaltonetworks.com/resources/datasheets/unit-42-ai-security-assessment?ts=markdown)**today!**

*** ** * ** ***

## Related Blogs

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI Provides an Rx for Cybersecurity in Healthcare](https://www.paloaltonetworks.com/blog/2024/07/ai-provides-an-rx-for-cybersecurity-in-healthcare/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI, Cybersecurity and the Rise of Large Language Models](https://www.paloaltonetworks.com/blog/2024/04/ai-cybersecurity-and-large-language-models/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Let AI Handle the Heavy Lifting in the Modern SOC](https://www.paloaltonetworks.com/blog/2024/03/ai-in-the-modern-soc/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### AI in Cybersecurity --- A CISO's Perspective](https://www.paloaltonetworks.com/blog/2024/03/ai-in-cybersecurity-a-cisos-perspective/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Who's the Boss? Teaming Up With AI in Security](https://www.paloaltonetworks.com/blog/2024/02/teaming-up-with-ai-in-security/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Harnessing the Power of AI in Cybersecurity --- Predictions and Solutions](https://www.paloaltonetworks.com/blog/2024/02/the-power-of-ai-in-cybersecurity/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language