AI in Security: Force Multiplier or Attack Surface?

The Dual-Use Dilemma Redefining Modern Risk

Artificial Intelligence is no longer a futuristic enabler in security—it is already embedded in the operating fabric of modern enterprises, governments, and critical infrastructure. But here lies the paradox: The same AI that strengthens defense is simultaneously expanding the attack surface.

This is not evolution. This is a fundamental shift in the nature of risk itself.

AI as a Force Multiplier: Speed, Scale, Precision

At its best, AI is transforming security from reactive to predictive.

• Threat detection at machine speed

• Behavioral analytics identifying anomalies in real time

• 
  

  Automated response systems reducing human lag

AI today can identify vulnerabilities faster than human teams and operate continuously across vast digital environments. In fact, advanced AI systems are already uncovering critical software weaknesses at scale—something that would take human analysts exponentially longer.

For organizations, this means: More visibility. Faster decisions. Stronger resilience.

AI as an Attack Surface: Automation of Adversaries

However, the same capabilities are now in the hands of adversaries.

AI is enabling:

·       Hyper-personalized phishing using deepfakes and language models

·       Autonomous malware capable of learning and adapting

·       Real-time vulnerability discovery and exploitation

Recent reports indicate that AI-driven attacks are not only increasing—but accelerating in execution speed, with some breaches occurring in minutes or even seconds.

This is the critical inflection point: Attackers no longer need scale. AI gives them scale.

When AI Meets Critical Infrastructure

The 2025 St. Paul, Minnesota, cyberattack  a sophisticated ransomware attack began around July 25, 2025, forcing the city to shut down critical digital infrastructure, declare a state of emergency, and engage the Minnesota National Guard. The attack was claimed by a ransomware-as-a-service organization known as "Interlock," which stole approximately 43 gigabytes of data from city systems. City and government infrastructure, including Parks and Recreation, Public Works, and administrative systems were targeted . The scale and complexity required deployment of the National Guard . The attack demonstrated how modern cyber operations mimic coordinated warfare.

While not purely AI-driven, this incident reflects a broader trend—where AI-enhanced reconnaissance, automation, and decision-making are increasingly shaping such attacks.

The Rise of Autonomous AI Attacks

In a landmark development, AI safety firm Anthropic in November 2025 leveraged AI tools to conduct near-autonomous cyber operations, targeting multiple global institutions. The campaign targeted roughly 30 global institutions, primarily focusing on large tech companies, financial institutions, chemical manufacturing companies, and government agencies. The hackers tricked the AI by breaking down the attack into small, seemingly innocent technical tasks—a technique known as "context splitting"—and pretended to be cybersecurity professionals doing defensive testing. 80–90% of the attack lifecycle was automated, including reconnaissance, vulnerability scanning, data analysis, and exfiltration. Minimal human intervention was required

This is a watershed moment. We are no longer discussing AI-assisted attacks. We are entering the era of AI-orchestrated attacks.

AI in Physical Security: Force Multiplier or Vulnerability Gateway?

The dual-use nature of AI becomes even more pronounced in the domain of physical security, where digital intelligence directly influences real-world outcomes. On one hand, AI is rapidly transforming physical security into a highly responsive and predictive function:

·       Video analytics enabling real-time threat detection (intrusion, loitering, perimeter breaches)

·       Facial recognition and access control systems enhancing identity verification

·   Behavioral pattern analysis identifying suspicious movements before incidents occur

·    Integrated command centers enabling centralized, faster decision-making across sites

In this context, AI acts as a true force multiplier—reducing dependency on manual monitoring, minimizing response time, and significantly enhancing situational awareness.

However, the same systems can become high-value attack surfaces if not adequately secured.

Consider the risks:

·       Compromised CCTV or AI surveillance systems can be manipulated to create blind spots

·    Facial recognition spoofing or deepfake-enabled identity bypass can undermine access controls

·    Data poisoning attacks can distort AI models, causing false negatives or false positives

·     System integration vulnerabilities can allow attackers to pivot from digital breaches to physical intrusion

The implication is clear: An unsecured AI-enabled physical security system does not just fail—it can be turned against the organization. Every camera, every sensor, and every algorithm is both a shield—and a potential entry point.

The Strategic Reality: Dual-Use is the New Normal

AI is inherently dual-use—it cannot be categorized as purely defensive or offensive.

This convergence is creating a new battlespace: Where defense and offense evolve simultaneously—and at machine speed.

The Asymmetry of AI Risk: Startups vs. Large Enterprises

While large, network-dependent organizations often have the advantage of dedicated cyber resilience and AI testing functions—providing a degree of preparedness against AI-driven offensive threats—the same cannot be said for smaller enterprises and startups. Operating under tight budgets and driven by the urgency to scale and innovate, these organizations frequently adopt AI as a business growth accelerator without fully “sound-proofing” its risks. This creates a potential vulnerability. It is therefore imperative that such organizations undertake a rigorous assessment of their exposure to AI-enabled threats, ensuring that the very tools driving growth do not become gateways for compromise.

What This Means for Leadership : Leaders must ask:

·       Are we securing our AI—or just deploying it?

·       Do we understand how our AI systems can be exploited?

·       Can our response match machine-speed threats?

The Way Forward: Securing the Algorithmic Battlefield

To navigate this dual-use dilemma, organizations must:

1.      Adopt AI for defense—but assume adversaries are doing the same 

2.      Secure the AI stack itself (models, data, pipelines)

3.      Invest in human-AI collaboration, not replacement 

4.      Shift from prevention to resilience and rapid recovery 

In the emerging threat landscape, AI is not just a tool. It is a terrain. And in this terrain:

·       Every advantage is temporary

·       Every vulnerability is scalable

·       Every delay is exploitable

The question is no longer: “Should we use AI in security?”

The real question is: “Can we secure ourselves in a world where AI is used against us?”