Cybersecurity: AI Redefines the Race Between Hackers and Defenders
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
The Rise of AI in Cybersecurity
For the past twenty years, cybersecurity has been built around the idea of detecting threats faster than attackers can strike. Companies have invested in advanced monitoring tools, detection platforms, and security operation centers to identify intrusions before they cause significant damage. However, this model relies on the assumption that time is a key factor in the battle between defense and attack.
With the rise of artificial intelligence, this balance is changing radically. In many scenarios, the main constraint is no longer technical expertise, but execution speed. Where a sophisticated intrusion previously required several days or weeks, certain steps can now be automated by software agents capable of exploring a computing environment and testing different approaches at a pace impossible for a human team. Cybersecurity is gradually entering a phase where attacks can progress at machine speed.
The Automation of Attacks
This transformation is not solely based on the power of artificial intelligence models, but primarily on their ability to automate tasks historically reserved for specialists. Generative models can produce code, analyze configurations, test exploitation hypotheses, and construct attack scenarios. Combined with agents capable of executing actions on real systems, they enable the orchestration of much faster offensive operations.
Several dimensions of an attack lend themselves particularly well to this automation. Reconnaissance, for example, can be performed by agents that automatically traverse an infrastructure, map exposed services, and identify dependencies between systems. The generation of exploits is facilitated by models capable of producing code that adapts known vulnerabilities to a specific context. Coordination among multiple agents allows for information sharing and exploration of different access paths to the same target. The result is a form of distributed and persistent attack, where the goal is no longer just to find a single flaw, but to systematically examine the entire attack surface of an organization.
An Expanding Attack Surface
This acceleration of attacks comes at a time when IT infrastructures are becoming increasingly complex. Companies are multiplying cloud applications, API interfaces, external services, and tools integrating artificial intelligence models. Each new technological layer introduces additional dependencies and, potentially, new entry points.
Thus, two dynamics are combining: attackers have more effective tools to explore systems, while organizations are expanding their attack surface. In this context, some historical practices are showing their limits. Penetration tests conducted once or twice a year provide a snapshot of the security of an information system. However, infrastructures are constantly evolving: new applications, new configurations, new user accounts. Between two audits, the environment can have changed significantly.
The Emergence of Continuous Offensive Security
In the face of this acceleration, one approach is gaining importance: continuous offensive security. The idea is to observe a system not only from the defender's perspective but also from the attacker's viewpoint. In practical terms, this involves continuously simulating intrusion scenarios to identify truly exploitable access paths.
Several startups are currently developing platforms aimed at automating this type of analysis. For example, the Dutch company Hadrian offers tools capable of automatically mapping an organization's external attack surface and testing exploitable vulnerabilities. In the UK, Mindgard focuses on red teaming artificial intelligence systems, particularly to test the robustness of models against adversarial attacks or manipulation attempts.
Other European players are working on behavioral detection or securing development pipelines. Darktrace has been developing anomaly detection systems based on machine learning for several years, while the Belgian startup Aikido Security focuses on securing code and development chains.
In the United States, several startups are also exploring the idea of automated offensive security. The company Hex Security is developing agents capable of conducting continuous penetration tests on enterprise environments. In a related field, HiddenLayer focuses on protecting artificial intelligence models themselves, a new area of cybersecurity linked to the widespread adoption of AI systems in enterprise applications.
Major security vendors are not absent from this evolution. Groups like CrowdStrike and Palo Alto Networks are gradually integrating automated analysis and attack simulation capabilities into their platforms.
From Detection to Understanding Risk
This new generation of tools is not just about detecting more vulnerabilities. It primarily aims to understand how these vulnerabilities can be exploited in a real environment. In a complex infrastructure, an isolated flaw does not necessarily represent a critical risk. In contrast, the combination of multiple vulnerabilities can allow an attacker to move from one system to another until reaching sensitive assets.
Attack path analysis precisely involves reconstructing these trajectories. The goal is not to produce an exhaustive list of flaws but to prioritize risks according to two essential criteria: their actual exploitability and their potential impact on the organization's operations.
For security teams, this prioritization becomes crucial. Organizations already have a considerable volume of alerts from their detection tools. The challenge is no longer just to spot anomalies but to determine which vulnerabilities should be addressed as a priority.
A Confrontation Between Autonomous Systems
If these technologies continue to advance, cybersecurity could evolve into an increasingly automated confrontation between offensive and defensive systems. Attackers will use agents capable of quickly testing a large number of intrusion scenarios. Defenders will also need to rely on systems capable of continuously analyzing their environments, identifying risky configurations, and correcting certain flaws before they can be exploited.
This evolution raises several questions: first, that of control—under what circumstances can autonomy be entrusted to automated systems, and when is human intervention still essential? Next, that of governance—companies will need to integrate these technologies into security processes capable of managing decisions made at a much faster pace.
One thing is becoming increasingly clear: in an environment where attacks can progress at machine speed, defense can no longer rely solely on static tools or one-off assessments. It too must learn to operate in real-time.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.