Cybersecurity has always been an arms race, but AI is changing the speed, cost, and shape of that race. Attackers are using AI to write better phishing emails, generate malware variants, search for vulnerabilities, and automate parts of exploitation. Defenders are using the same class of technology to triage alerts, reverse engineer malware, find bugs before criminals do, and patch vulnerable code faster. The result is not simply “AI makes hacking easier” or “AI makes security better.” The real story is more uncomfortable: AI is compressing the time between discovery, exploitation, detection, and response.
The clearest recent signal came from vulnerability research. Calif’s write-up on the first public macOS kernel memory corruption exploit on Apple M5 shows how AI-assisted research is moving closer to serious, low-level exploitation work. The important point is not that AI magically replaced elite security researchers. It did not. The point is that AI is becoming a force multiplier for people who already know what they are doing. It helps them inspect unfamiliar code, test ideas faster, generate exploit scaffolding, and move from theory to working proof-of-concept in less time. That is exactly what makes the arms race sharper: the best attackers and the best defenders both get faster.
The Offense Is Moving From Productivity to Autonomy
For the last two years, many AI security discussions focused on phishing. That was reasonable. Generative AI made it easier to create fluent, localized, personalized messages at scale. But the more serious shift is that attackers are now experimenting with AI inside the technical attack chain itself.
Google Threat Intelligence Group reported in November 2025 that adversaries had moved beyond using AI for productivity and were beginning to deploy AI-enabled malware in active operations. Google described malware families such as PROMPTFLUX and PROMPTSTEAL that use language models during execution to generate commands, alter behavior, or obfuscate code. PROMPTFLUX, for example, was designed to ask an LLM to rewrite its own source code to evade detection, while PROMPTSTEAL used an LLM to generate commands for collecting system information and documents.
That changes the defensive problem. Traditional malware is usually a fixed artifact. Security tools can hash it, classify it, reverse engineer it, and write detections for it. AI-assisted malware can become more adaptive. Even when early examples are experimental or imperfect, they point toward a future where malware changes itself during execution, chooses tools based on the local environment, and hides behind code that looks different each time.
Google also recently reported stopping what it described as its first known zero-day exploit developed with AI assistance. According to reporting on Google’s Threat Intelligence findings, the exploit targeted a two-factor authentication bypass in an open-source web administration tool, and Google saw clues suggesting AI involvement, including a hallucinated CVSS score and textbook-like structure in the exploit code. The lesson is not that every future zero-day will be discovered by AI. The lesson is that AI is becoming part of the exploit development workflow, including for actors planning mass exploitation.
The Defense Is Also Getting Stronger
The same technology that helps attackers search for weaknesses can help defenders find them first. DARPA’s AI Cyber Challenge is a strong example. In August 2025, DARPA announced that Team Atlanta had won the competition with a cyber reasoning system designed to autonomously find and patch vulnerabilities in open-source software used in critical infrastructure. That matters because open-source software is everywhere, and defenders have long struggled with the scale of reviewing, testing, and patching it manually.
Microsoft’s September 2025 analysis of an AI-obfuscated phishing campaign shows the defender side of the same race. Microsoft said the campaign likely used AI-generated code to hide a malicious payload inside an SVG file, using business-like language and synthetic structure to make the file look less suspicious. But Microsoft also detected and blocked it using AI-powered protection systems that analyzed infrastructure, behavior, and message context rather than relying only on static signatures.
This is the key defensive insight: AI can help attackers make malicious content look more legitimate, but it often leaves new patterns of its own. AI-generated code can be verbose, oddly structured, too polished, or semantically unnatural. Defensive systems that look across behavior, identity, infrastructure, timing, and content can sometimes detect what a human-written rule would miss.
The Real Acceleration Is in the Feedback Loop
The arms race is not just about better tools. It is about shorter feedback loops. An attacker can ask an AI system to rewrite an exploit, generate a new phishing lure, summarize a target’s technology stack, or explain why a payload failed. A defender can ask an AI system to summarize an alert, generate a YARA rule, correlate logs, explain suspicious code, or propose a patch. Both sides are iterating faster.
This creates a new security economy. In the old model, advanced exploitation required rare expertise, time, and patience. In the AI-assisted model, expertise still matters, but AI lowers the cost of trying more ideas. It increases the number of experiments an attacker can run and the number of vulnerabilities a defender can inspect. That does not make everyone elite. It does make the average operator more productive and the elite operator much more dangerous.
MIT Sloan’s Stuart Madnick framed this well in a 2025 discussion, describing AI in cybersecurity as an arms race because the same capability, such as vulnerability detection, is valuable for both defense and offense. A system that finds hidden flaws can protect software when used by defenders, but it can also expose targets when used by attackers.
Why This Feels Different From Previous Security Waves
Cybersecurity has seen automation before. Worms automated propagation. Botnets automated scale. Exploit kits automated compromise. EDR platforms automated detection. What makes AI different is that it automates parts of judgment, language, code understanding, and adaptation.
A phishing kit can send emails at scale, but an AI system can rewrite each email for the target. A scanner can find known vulnerabilities, but an AI system can help reason about unfamiliar code paths. A malware packer can alter a binary, but an AI-assisted tool can generate new code or commands based on what it sees on the machine. A SOC rule can catch a known pattern, but an AI defensive agent can summarize an incident, compare it to prior cases, and recommend next actions.
That does not mean AI is reliable enough to run security on autopilot. In fact, hallucinations, false positives, and brittle reasoning remain serious problems. The more accurate conclusion is that AI is becoming a layer inside many security workflows. It is not replacing the whole chain. It is accelerating the chain.
The New Advantage: Preparedness, Not Perfection
In this environment, the winning defenders will not be the ones who simply “use AI.” Attackers use AI too. The winners will be the organizations that redesign their security operations around faster cycles.
That means shortening the time from vulnerability disclosure to patch deployment. It means using AI to prioritize the vulnerabilities that are actually reachable in the organization’s environment. It means monitoring identity systems and SaaS integrations as carefully as endpoints, because attackers are increasingly targeting the connectors and autonomous capabilities that make AI systems useful. Google has already warned that adversaries are paying attention to AI systems’ external data connectors and autonomous skills.
It also means treating AI output as an input, not an authority. A model can suggest a patch, but humans and tests need to validate it. A model can summarize malware, but analysts need to verify the behavior. A model can triage alerts, but organizations need guardrails to prevent automation from amplifying mistakes.
The Strategic Shift
The biggest change AI brings to cybersecurity is not that machines will attack machines while humans watch from the sidelines. The bigger change is that human teams on both sides now have tireless assistants. The attacker’s assistant helps discover, disguise, and scale. The defender’s assistant helps detect, explain, prioritize, and repair.
That makes cybersecurity less like a wall and more like a race. The question is no longer only whether an organization can prevent every attack. It is whether it can learn, patch, and respond faster than attackers can adapt. AI is accelerating both sides, but it does not guarantee victory for either. It rewards the side with better data, better workflows, stronger human judgment, and the discipline to turn speed into action.
The arms race is real. The optimistic view is that defenders can use AI to secure software earlier, detect attacks faster, and reduce the burden on overwhelmed security teams. The pessimistic view is that attackers will use the same tools to industrialize vulnerability discovery and make malware more adaptive. Both views are true. That is why the next phase of cybersecurity will be defined less by who has AI, and more by who integrates it responsibly, deeply, and faster than the other side.