5 Biggest Challenges of AI in Cybersecurity
IBM’s 2025 Cost of a Data Breach Report found that 97% of organizations that experienced an artificial intelligence (AI)-related security incident lacked proper access controls on AI systems. The same report highlighted that 63% of organizations lacked governance policies to manage AI or prevent shadow AI.
Despite those statistics, AI is now deeply embedded in workflows across critical business functions. Employees are using public AI tools to work faster. Developers are using AI assistants to write and review code. IT are using AI in cybersecurity to detect anomalies, triage alerts and speed up response times.
At the same time, attackers are using the same advances to make phishing more convincing, reconnaissance faster and vulnerability exploitation more scalable.
It’s clear that AI is reshaping cybersecurity. The question now is how organizations adapt without adding unnecessary friction or losing the benefits AI can bring. Based on insights from our recent webinar on AI in cybersecurity, this article looks at the AI security risks leaders need to understand now, and the practical steps they can take to build a more resilient, AI-aware security strategy.
Mythos-class models
Anthropic’s Mythos is a highly capable model for cybersecurity research, with access limited through trusted programs because of its potential for both defensive and offensive use. Models in this class can reason across codebases, identify vulnerabilities, support exploit research and help security teams understand where systems are exposed. In the right hands, that gives defenders a powerful way to audit environments and prioritize remediation. In the wrong hands, it lowers the barrier for attackers to move faster and test more ideas.
But this should not be misread as an “unstoppable AI hacker” story. The biggest risks are still familiar: unpatched systems, weak identities, over-permissioned accounts, exposed services and poor visibility across the environment. Mythos-class models may help find new vulnerabilities, but many of the paths they expose are still paths that good security programs are already designed to close.
For CISOs, this shifts the conversation from whether AI is good or bad for cybersecurity to how the organization governs its use. Security leaders need to work closely with IT, engineering, legal, risk and business teams to answer practical questions: where can AI safely support defensive work, who is allowed to use it, what data can be shared with it, and how quickly can the organization act on the findings it produces?
Faster time to exploit
For many years, discovering a vulnerability typically required significant manual research. Attackers needed to understand the target environment, review code or system behavior, test assumptions and build a working exploit. That work has not disappeared, but advanced AI models can reduce the time it takes to move from research to discovery.
However, AI isn’t suddenly uncovering attack paths no one has ever imagined before. Instead, these models are accelerating familiar work, as they can analyze code, identify weak patterns, suggest likely exploit paths and help test hypotheses faster than a human researcher working alone. When the research phase gets shorter, the window between a vulnerability existing and someone finding a way to exploit it also gets shorter.
The same capability also works in defenders’ favor. Security teams can use AI to review code, audit configurations, examine infrastructure and prioritize remediation before attackers find the same weaknesses. Used well, AI lets security move earlier in the lifecycle rather than waiting to respond after something has gone wrong.
There will still be a period of catching up as many organizations are carrying decades of technical debt across legacy systems, old code, brittle integrations and over-permissioned environments. AI may expose that debt quickly, but it can also help teams work through it more systematically.
The identity layer
The last decade has seen real progress made with multi-factor authentication, single sign-on, privileged access management and conditional access. Human identities are not “solved”, but they are better protected than they were. The challenge is that this progress comes just as the definition of identity is expanding.
Non-human identities used to mainly refer to service accounts in Active Directory. Today, they include API keys, automation scripts, workloads, machine identities and AI agents acting on behalf of users. In some cases, those agents run under a user’s context and inherit their permissions. AI can now do far more than just answer answers questions; agents can execute tasks, change records, access files or trigger workflows. If that agent is over-permissioned or poorly governed, it can reach resources it should never have been able to access, which becomes a significant risk if it becomes compromised or even misinterprets instructions.
Organizations need to treat AI agents as part of the identity estate, not as an exception to it. That means applying least privilege, monitoring agent activity, reviewing delegated access and making sure agents can only perform the actions they genuinely need to perform.
Conditional access adds another layer of complexity. Ideally, organizations would apply consistent access policies across the whole workforce. In practice, personal devices, unmanaged endpoints and users who are unwilling or unable to enroll devices often lead to exceptions. Every exception increases the attack surface. As attackers can move faster, test more routes into the environment and exploit weak identity controls at scale, it’s crucial for security teams to close gaps where possible. The more identities an organization has, human and non-human, the more important it becomes to govern them consistently.
The attack chain
Exposure, identity and endpoint controls may sit in different parts of a security program, but to a threat actor they are all part of the same path. An exposed asset, a weak identity, an over-permissioned account and an unmanaged endpoint are all treated as steps in one attack chain.
That is why narrow visibility is so dangerous. If a threat actor gets into the network, they can spread quickly across systems. Once that happens, response can become a game of whack-a-mole: remove one foothold, only to find another persistence mechanism or compromised account somewhere else.
AI makes this harder because it increases the speed and scale of attacker decision-making, so security programs need to respond with the same level of connected thinking. It is not enough to say the organization has an XDR platform and is therefore protected. XDR is important, but it only works as part of a wider program that includes exposure management, identity security, endpoint protection, cloud visibility, data governance and response processes that work together.
The goal is not to collect every possible signal. SOC analysts already have more alarms and alerts than they can reasonably investigate. The goal is to identify the data that matters most, connect it across the environment and surface the issues that need action now.
AI-enabled attacks will not wait for quarterly reviews or manual triage queues. Defenders need processes, tooling and context that can keep pace. Increasingly, that means using AI to fight back against AI: not as a replacement for security teams, but to help them prioritize faster and respond earlier before an issue becomes a breach.
Shadow AI
Microsoft research found that 71% of UK employees have used unapproved consumer AI tools at work, with 51% using them every week. People are not usually trying to create risk, instead aiming for better productively. However, by not waiting for formal approval, sensitive data can quickly end up in tools the organization cannot see, secure or govern.
AI also means employees no longer need to be experienced developers to create applications or automate workflows. That democratization can be positive, but it also introduces risk. People can build tools without fully understanding what is happening under the hood: where data is stored, what permissions are being requested, which APIs are being called or whether generated code is secure.
This creates a new governance challenge. Organizations need to give employees safe, approved ways to use AI, while setting clear boundaries around data, access and application development.
Building security that can keep pace with AI
Organizations cannot address AI risk with a single control, platform or policy. AI affects how people work, how software is built, how attackers operate and how identities behave. The response needs to be just as connected.
Treat identity as the control plane
Identity is a good place to start because it increasingly acts as the control plane for security.
As AI agents acting on behalf of users become more common, organizations need a clear view of who and what has access to their systems. More importantly, they need to know whether that access is appropriate.
Right-size access through stronger governance
Governance matters because access can quickly become difficult to manage in a network made up of legacy systems, SaaS applications and new AI models.
Security teams need to right-size permissions and apply least privilege across both human and non-human identities. AI agents should not inherit broad permissions by default. Security teams should govern and review them like any other identity with access to business-critical systems.
Do not overlook human risk
Human risk remains a major factor. Strong password policies and MFA are important, but they do not remove risk completely.
Attackers can use AI-driven phishing, social engineering and deepfake-enabled fraud to pressure users into making poor decisions or handing over access. Security awareness still matters, but it needs to be supported by controls that assume people will sometimes make mistakes.
Move toward always-on IAM
Organizations need access processes that work continuously, not only during business hours or scheduled reviews.
Secure self-service, continuous verification, adaptive access policies and 24/7 access management can help reduce friction for users while maintaining control. The aim isn’t to slow AI adoption, but to make sure innovation happens inside a security model that keeps pace.
How Outpost24 helps
AI is already changing how both attackers and defenders operate. While the risks aren’t necessarily unfamiliar, the speed and scale at which vulnerabilities can be found and exploited means security teams must be prepared.
That starts with visibility over your attack surface and a prioritized list of vulnerabilities to remediate. Outpost24’s CyberFlex aligns applications security to an organization’s priorities, replacing annual pentests with a more flexible program. CyberFlex continuously discovers all applications so nothing is missed. Our experts then help you plan testing based on the risks facing your organization. Certified penetration testers then validate vulnerabilities and provide clear remediation guidance. This ensures your team prioritize the most exploitable risks to efficiently improve your security posture.
And if you’re deploying AI systems within your organization, testing is crucial for ensuring they are used safely. Outpost24’s AI Penetration Testing service helps you identity attack vectors like prompt injection, data leakage and agent manipulation that traditional tools cannot detect. Our testers evaluate how your AI systems behave under real-world adversarial conditions, providing actionable results for faster remediation.
Contact us today to see how our experts can help secure your organization against an AI-enabled threat landscape, or book a demo to see our solutions in action.