16-07-2025
Why Outsmarting AI-Powered Threats Means Upskilling Your Team
Vishaal "V8" Hariprasad, CEO and cofounder of Resilience, a leading cyber risk solution company.
Global investment in artificial intelligence-based cybersecurity solutions is estimated to top a whopping $135 billion by 2030. But as AI accelerates innovation, it's also dramatically reshaping cybersecurity. Security teams are now fighting on two critical fronts: fending off a wave of AI-powered attacks, while simultaneously trying to navigate and secure the AI systems their own organizations increasingly rely on.
One striking example occurred last year when an employee at U.K. engineering firm Arup joined a video call with what appeared to be the company's CFO and other executives. The conversation ended with the employee wiring $25 million to those executives. Except none of the people on the call were real. They were AI-generated deepfakes created to convincingly mimic the voices and faces of trusted team members.
Security teams are no longer just fending off human-led intrusions. They're facing AI-enhanced adversaries capable of launching scalable phishing campaigns, crafting flawless social engineering lures and tampering with the AI systems embedded in business workflows. For CISOs and security leaders, the stakes are clear: Either your teams evolve with the technology or they fall behind attackers who already have. So what does real readiness look like in this new environment? It's not just about adding AI tools to the stack, but rewiring how security teams think, train and respond.
1. Don't Assume AI Defends Itself
One of the biggest mistakes you can make is believing AI-enabled tools are turnkey, 'set it and forget it' solutions. That's because these attitudes create a false sense of security, leaving exploitable blind spots available for attackers with better AI fluency.
While AI can be a powerful force multiplier in threat detection, these tools are ultimately only as effective as the humans behind them. For security teams, that means going beyond basic implementation and developing the skills to interrogate model behavior, understand edge-case vulnerabilities and assess risk across the full AI life cycle. Monitoring, tuning and testing are essential, but so is having the talent in place to know when and how to intervene.
Upskilling in this context looks less like learning to code and more like building cross-functional fluency and a working understanding of how AI systems are built, where they're brittle and how they might be misused in the wild.
2. Start With The Basics, Then Build
AI may be the newest threat vector, but attackers haven't abandoned the old playbook. Tactics like phishing, credential theft and lateral movement still work—AI just makes them faster, more scalable and harder to detect. That's why core defenses like threat modeling, input validation and incident response remain essential. What's changed is the need to apply them with greater scrutiny, especially around how AI systems are built, deployed and potentially exploited.
Encourage your team to study novel risks like deepfake-driven social engineering or LLM manipulation. New frameworks like MAESTRO can also offer an updated lens for understanding AI-specific threat models. And don't keep the conversation siloed in security. Loop in product, engineering and data science teams to surface potential vulnerabilities in AI applications across the business.
3. Be Hands-On
Reading about and staying current on the latest AI security trends is important, but the best defense stems from actively engaging with these threats. Create environments where defenders can safely simulate real-world scenarios, experiment with offensive and defensive AI techniques, and apply what they've learned.
Whether it's sandbox labs, red-team exercises or AI-specific capture-the-flag competitions, practical immersion beats theoretical instruction every time. Partnering with ethical hackers and AI researchers can also uncover risks your internal team might miss. This kind of immersion builds critical muscle memory and helps defenders better understand how adversaries think.
4. Test Regularly Against Metrics That Actually Matter
You can't improve what you don't measure, but it's also true that not all metrics are created equal. As AI becomes more deeply integrated into your security stack, it's crucial to evaluate whether it's genuinely enhancing your team's effectiveness. This means going beyond traditional KPIs and basic compliance checklists.
Think of it this way: Adopting AI tools should amplify your existing security posture, not replace it. While the methods may evolve, the core objective of an efficient and effective defense remains the same. Continue to rigorously track indicators like time to detect and respond to threats (whether AI-powered or traditional), the effectiveness of AI-in-the-loop tools, and how well teams perform during simulated incidents. These are the real-world signals that reveal whether your security team is truly evolving and adapting, or simply treading water. Don't let the allure of new AI capabilities overshadow the fundamental need to measure your team's overall response and effectiveness against all forms of cyber risk.
Upskilling For The Future
AI is fundamentally reshaping both how businesses operate and how they are targeted. The strongest defenders of the future will be the ones who understand how LLMs function, as well as how they fail. They'll be able to detect strange behaviors in high-volume systems and know how to adapt static playbooks into living, learning systems of defense.
Another important piece of the puzzle is ensuring defense doesn't happen in a silo. Defending against AI-powered threats demands integrated, agile teams that span traditional departmental structures. It's not just about individual titles, but about fostering collaboration across key roles and functions. Security teams should be working hand in hand with data science and engineering teams, alongside those responsible for product development and IT infrastructure. These diverse skill sets and perspectives must operate in lockstep in order to foster a culture of continuous learning and collaboration.
By taking a proactive, integrated approach to upskilling for the AI era, your organization becomes far more adaptable and resilient against the ever-evolving threat landscape. This enables systems that can not only repel new AI-powered attacks but also continue to operate and recover swiftly even when incidents occur. Organizations that prioritize this foundational investment in their people will be the ones best prepared to meet tomorrow's sophisticated AI threats head-on and emerge stronger.
Forbes Business Council is the foremost growth and networking organization for business owners and leaders. Do I qualify?
