This week, Gartner updated their forecasts and predicted a surge in AI-driven cyber spending to $212 billion in 2025, a 15.1% increase from 2024.
The rapid evolution of AI has opened new avenues for cybercriminals, with Gartner also forecasting that by 2027 at least 17% of cyberattacks will involve the technology. Based on estimates of the cost of cybercrime worldwide, this could equate to more than $2 trillion in losses. This growth is forcing businesses to continue to upgrade their security operations, driving massive investment in AI-powered defences and AI-specific services. The impact is already evident in the market, with cybersecurity firms like SentinelOne reporting substantial growth – a 33% revenue increase in 2024.
Businesses face a 3-way challenge: harnessing AI’s potential for defence, protecting new AI systems, all while guarding against its misuse by attackers. This balancing act is complicated by a persistent skills shortage in the cybersecurity sector, pushing companies towards AI-augmented solutions and managed security services. “The continued heightened threat environment, cloud movement and talent crunch are pushing [AI] security to the top of the priorities list,” notes Shailendra Upadhyay, senior researcher at Gartner.
As AI becomes more deeply embedded in digital and cybersecurity infrastructure, the challenges get more complicated. Enter AI-SPM, or “AI security posture management”. Security product leaders Orca and Wiz are pioneering the concept; both companies are developing comprehensive solutions to address the unique security challenges posed by the rapid adoption of AI technologies.
Orca’s AI-SPM offering provides visibility into over common 50 AI models and software packages, allowing organisations to maintain security across their entire AI stack without adding new point solutions. It includes features like AI and ML Bill of Materials (BOM) for inventory, compliance frameworks, sensitive data detection in AI training sets, and alerts for public access to AI resources.
Similarly, Wiz’s AI-SPM capabilities focus on discovering AI use, detecting misconfigurations, and uncovering potential attack paths to AI services. Their approach emphasises full-stack visibility into AI resources, enforcing secure configurations, and protecting sensitive training data. Wiz (who recently saw a deal to be acquired by google for $23 billion fall through) also offers an AI Security Dashboard to help developers proactively address security issues in AI pipelines.
Whilst we’ve yet to see the deluge of AI driven attacks some have predicted; several types of AI-augmented trends are emerging. AI-driven social engineering attacks are identifying high-value targets and creating hyper-personalised phishing campaigns. Deepfakes are being used to manipulate audio and video for more convincing impersonation attacks. Malicious models are being used to generate harmful content or attack vectors at scale and AI-enabled ransomware is becoming more adaptive and difficult to detect.
Takeaways: As the AI cybersecurity arms race intensifies, businesses must invest in both AI-powered security solutions and their human defences through training and expert services. We’re seeing a three-way competition unfold across AI-SPM, advanced AI-powered security tools, and increasingly sophisticated AI-driven attacks. This relentless cycle of innovation means companies must stay alert to developments to keep pace. The long-running growth in the cybersecurity sector shows no sign of slowing.