Artificial intelligence cybersecurity is one of the most decisive technology pairings for the digital security of businesses and public institutions today. On one hand, it gives security teams tools capable of detecting an attack in seconds rather than hours. On the other hand, it hands cybercriminals unprecedented means to automate and scale up their attacks. As a result, this dual nature, both shield and weapon, is fundamentally reshaping the rules of the game.
In this article on artificial intelligence cybersecurity, we take stock of the defensive uses, the new threats, and the recommendations issued by official authorities such as ANSSI and ENISA for navigating this transition.
Artificial Intelligence Cybersecurity in Service of Defense
The most visible contribution of AI to digital security concerns threat detection and incident response. Traditional systems based on known threat signatures are increasingly limited here, since attacks grow more sophisticated and adaptive every year. Machine learning models, by contrast, can spot abnormal behavior even when no prior signature exists.
Behavioral Detection and Real-Time Analysis
AI-powered security solutions continuously analyze massive volumes of network logs, connections, and user behavior. They can identify:
- unusual connections (atypical hours, suspicious locations, abnormal data volumes);
- lateral movement within a network that betrays an ongoing intrusion;
- phishing attempts through semantic and contextual analysis of emails;
- previously unknown malware via behavioral analysis of files executed in isolated environments (sandboxing).
This ability to detect the unknown, not just the already-identified, represents a paradigm shift for security teams.
Automated Response and Augmented Teams
AI is no longer limited to detection: it is increasingly involved in incident response as well. Today’s industry refers to “agentic” security teams. In this model, AI agents handle a significant share of the analysis, correlation, and alert triage work, while human analysts focus on validating strategic decisions and handling complex cases. Consequently, this shift drastically reduces the average time to detect and respond to an attack, a critical factor since every additional hour increases the cost and impact of an intrusion.
When Artificial Intelligence Becomes a Weapon for Attackers
The flip side is just as real. Official reports published in 2025 and 2026 converge on the same conclusion: artificial intelligence has fundamentally changed the scale of cybercriminals’ offensive capabilities.
AI-Generated Phishing at Industrial Scale
According to the ENISA Threat Landscape 2025 report, generative AI fundamentally transformed the cyber threat landscape starting in 2025. AI-assisted phishing campaigns now account for more than 80% of observed social engineering activity worldwide. Indeed, repurposed tools such as WormGPT, FraudGPT, and EscapeGPT make it possible to generate convincing fraudulent emails at industrial scale, translated and culturally adapted to any target. ENISA even points to a “Phishing-as-a-Service” model that makes sophisticated campaigns accessible to technically unskilled attackers.
Malicious Code, Deepfakes, and Model Poisoning
On February 4, 2026, ANSSI published a dedicated report titled “Generative artificial intelligence facing cyberattacks” (reference CERTFR-2026-CTI-001). The agency notes that, to date, it has not identified any fully autonomous AI-driven cyberattack against French targets. Nevertheless, it finds that generative AI is already widely used as a facilitator for:
- generating or improving malicious code;
- producing audio and video deepfakes used in CEO fraud and identity impersonation schemes;
- automating the analysis of stolen data from large-scale breaches;
- conducting influence and disinformation operations, a phenomenon ENISA refers to as “faketivism.”
AI systems themselves are also becoming targets: poisoning of training data, manipulation of configuration files used by coding assistants like GitHub Copilot, and the distribution of trojanized software packages in public repositories such as PyPI.
Regulating Artificial Intelligence Cybersecurity
In response to these findings, regulatory authorities have published concrete frameworks and recommendations for businesses and public institutions.
ANSSI’s Lines of Action
ANSSI has structured its strategy around a risk-based approach, building on existing cybersecurity rules while developing new ones specific to AI systems. The agency is actively supporting the secure rollout of generative AI within French public administrations and publishes technical recommendations for vendors building AI-powered security solutions.
The European AI Act
The European regulation on artificial intelligence, published in the Official Journal of the European Union on July 12, 2024, imposes stricter obligations on AI systems classified as high-risk. Furthermore, ANSSI’s most recent technical recommendations now explicitly align these requirements with those of the NIS2 cybersecurity directive. This creates a coherent framework for European organizations.
One notable detail for smaller organizations: a prioritized subset of measures has been designed specifically for organizations with fewer than 250 employees, which don’t always have the internal resources to deploy a complete AI security program.
Best Practices for Businesses and Freelancers
Whether you run an SME, a public administration, or work as an independent professional, a few basic precautions can significantly reduce the risks tied to AI use:
- Map AI usage across the organization, including “Shadow AI” (unsanctioned use of AI tools by employees);
- Systematically verify unusual requests for wire transfers, data sharing, or access changes, even if they appear to come from a familiar voice or face (deepfake risk);
- Segment sensitive AI systems from the rest of the information system, in line with ANSSI’s technical recommendations;
- Train staff to recognize new forms of phishing, now written without errors and perfectly contextualized thanks to generative AI;
- Monitor software dependencies (npm packages, PyPI, IDE extensions) to avoid integrating trojanized components;
- Patch promptly, as ENISA notes that exploitation of recently disclosed vulnerabilities remains one of the leading entry points for intrusions.
A Technological Race Between Attack and Defense
Artificial intelligence cybersecurity perfectly illustrates the dynamics of an ongoing technological race: every defensive advance triggers an offensive adaptation, and vice versa. Reports from ANSSI and ENISA converge on one essential point: AI has not yet enabled fully autonomous attacks. Still, it has already dramatically increased the speed, scale, and credibility of existing attacks, particularly phishing and impersonation fraud.
For organizations, the challenge isn’t choosing whether to adopt AI or reject it. Rather, it’s about integrating it responsibly, leaning on existing regulatory frameworks and the technical recommendations issued by national and European agencies. This combined mastery of opportunities and risks will determine, in the years ahead, how resilient businesses remain against constantly evolving threats.

