A three-part exploration of how AI is reshaping cybersecurity, from the front line of defence to the boardroom
Part 1 – The double-edged sword: how AI is redefining cyber threats and defences
It’s now threaded through every layer of the threat landscape: attackers use it to accelerate their operations, while defenders rely on it to hold the line. The same technology powers both sides, and neither can afford to stop using it.
That’s the paradox. AI is simultaneously our most powerful ally and our biggest threat risk.
In security operations, AI has become the most practical use case of all. Threat detection is a challenge of scale – millions of data points, fleeting anomalies and a constant fight to prioritise what matters. AI handles that volume far better, enhancing both speed and accuracy, than any human team could.
Machine Learning models baseline behaviour, flag irregularities and surface context in seconds, whilst Large Language models now sit beside analysts, cross-referencing threat intelligence, suggesting next steps, even reminding teams how similar incidents were resolved before.
For a first-line analyst, that’s transformative. It’s like having an experienced mentor on hand every day. While fears that AI will replace people remain, We are experiencing first hand its use instead to raise capability, shorten learning curves and allow smaller teams to operate at a broader level.
We’re not hiring fewer analysts – we’re developing better ones, faster. Giving them access to tools that allow analysts of all levels to more accurately detect and mitigate threats at a greater scale than they have ever been able to before.
Of course, the same tools are available to attackers. AI’s accessibility has dropped the barrier to entry for cybercrime.
Attackers don’t need to code or understand the exploit they’re using. They can now generate malware variants, clone voices, or produce convincing phishing content with minimal effort. What once required technical skill now takes a prompt.
This has shifted the threat landscape in a subtle but important way. The nature of attacks hasn’t fundamentally changed – it’s still about access, data, and disruption – but the tempo has. Campaigns that once took days can now launch in hours. Bad actors can scale attempts infinitely, testing hundreds of approaches until one breaks through.
The result is a wave of repeatable, faster, lower-skill attacks that overwhelm traditional defences. It’s not “superintelligent” AI that is currently changing and accelerating cyber crime, it’s cheap, available AI in the wrong hands.
There’s also a perception problem. The industry narrative around AI in cyber swings between optimism and alarmism. Some see it as the silver bullet that will solve detection once and for all. Others see it as a Pandora’s box that will unleash uncontrollable risk.
The truth sits somewhere in the middle. AI can dramatically improve accuracy and efficiency, but it’s still limited by the data and logic that feed it. It doesn’t understand context or consequence unless this data is provided alongside ingestion. It can’t assess reputational risk or business impact with the same bespoke application that humans can.
If we let AI run unchecked, we risk replacing human error with machine-scale error. Ultimately supporting analysts to make the wrong decisions, faster. That’s why checks, redundancies and human oversight still matter. That balance is crucial. The goal isn’t limitless automation; it’s controlled augmentation.
The real challenge ahead isn’t technical – it’s ethical and operational. As AI systems grow more autonomous, we need to decide where accountability sits.
When a model isolates a live production system, who takes responsibility? When an AI-driven tool flags a false positive and blocks customer access, is it the vendor, the model trainer, or the analyst who approved it?
Trust in AI will become one of the defining issues in cybersecurity. This cannot be considered humanistic trust, but trust built on transparency in data and logging, auditability and a clear understanding of how decisions are made within the AI tool itself. Many vendors are already publishing their testing frameworks, process flows, and bias controls. Others are not. That difference will start to matter when customers and service providers choose who to rely on for their cyber defences.
The cyber arms race between human and machine intelligence is already underway. There’s no “pause” button. Threat actors won’t wait for regulators or ethics boards to catch up, and defensive teams can’t necessarily afford to either.
The lesson from the past year is clear: lean in, but do it with intent and control. Build AI into your cyber strategy, apply human guardrails and make transparency part of your design. The organisations that find that balance – fast adoption, ethical control, continuous learning – will be the ones that stay resilient.
Because AI isn’t replacing cybersecurity. It’s rewriting it. And those who hesitate won’t just fall behind, they’ll be critically exposed.
Chief Technology Officer (CTO)
Chelsea Chamberlin leads Roc’s Solution and Technology strategy, ensuring continual innovation and focussed partnerships which drive outcome based value for our customers. Chelsea’s background includes designing and delivering software and networking solutions within mission critical environments. Outside of work she is a green belt in Kick-boxing and mentor to young women paving careers in tech.
AI is arriving in universities at remarkable speed, but deciding how it should be used is proving far harder to match.
That was one of the clearest messages from the recent DIG25 roundtable hosted by Roc Technologies and the University of Reading – a conversation that surfaced not just what AI is doing in Higher Education, but what AI is demanding of it.
Every 5th November, Britain remembers Guy Fawkes – the man caught red-handed beneath Parliament with 36 barrels of gunpowder. Now, Guy Fawkes wasn’t a ‘modern-day’ hacker, but, if you squint, the Gunpowder Plot is a story about infiltration, hidden threats, and the thin line between luck and disaster – some may argue not too dissimilar to the playbook of today’s cyber adversaries.
Not all change is progress.
Over the past 18 months, parts of the IT industry have been quietly rewriting the commercial rulebook. Several major vendors have shifted from perpetual licences to multi-year subscriptions, often accompanied by steep price rises and rigid terms.
The Procurement Act 2023 marks a fundamental shift in UK public procurement, replacing broad principles with a new regime of prescriptive transparency. For contracting authorities managing parts of the UK’s £385 billion annual public spend, this legislation introduces a series of legally mandated, data-intensive reporting obligations.
From NHS ransomware attacks to the Royal Mail being frozen out of global operations, cyber threats are no longer theoretical – they’re national disruptions. As attacks grow more targeted, stealthy, and sophisticated, the UK Government is taking a bold step to plug the legislative gaps and put resilience on the boardroom agenda.
It may come as a surprise, but most cyberattacks don’t happen at 10 am on a Tuesday.
More often, they happen when your teams are offline: when your SOC is running on minimal staffing, when an alert gets buried under hundreds of others.
AI adoption in IT is not uniform. The most advanced tools often require significant investment in licensing, infrastructure and integration. As a result, access to AI capabilities is often dictated by budget, not just technical readiness and expertise.
If your data is exposed on the dark web, but you don’t know about it – can you still be held accountable?
Like many industries and sectors, AI and automation are already changing the structure of IT teams. Routine operational work that used to be handled by junior engineers is increasingly carried out by intelligent systems. That work hasn’t disappeared, it’s just being done without human involvement.