AI Hacking Era Unveiled: Malicious and Benevolent Factions Utilizing AI in a Cybersecurity Battlefield Competition

In the ever-evolving world of cybersecurity, Artificial Intelligence (AI) has become a buzzword, attracting significant attention from tech giants, venture capitalists, and researchers alike. The widespread interest in AI is driven by numerous factors, including exorbitant spending by leading tech companies, investment trends from the venture capital class, and geopolitical conflicts.

However, the perception of AI's impact on cybersecurity is not entirely positive. Heather Adkins, Google's vice president of security engineering, has stated that AI is merely "doing what we already know how to do," and she hasn't "seen anybody find something novel" with it.

Despite this, AI has proven to be a valuable tool in speeding up the discovery of vulnerabilities by Google's researchers. Furthermore, AI has been instrumental in automating cybersecurity research and vulnerability exploration, with researchers from Elastic, OpenAI, Anthropic, and CISPA working on AI tools and frameworks that leverage AI-driven threat detection, collaborative security testing, and advanced analysis techniques.

On the other hand, AI has also been used in nefarious activities, such as social engineering attacks. North Korean operatives, for instance, have been found using generative AI to create resumes, social media accounts, and other materials to trick Western tech companies into hiring them. Similarly, Russian hackers have started embedding AI in malware used against Ukraine to automatically search for sensitive files.

The use of AI in cybersecurity has not been without its challenges. AI's utility for summarizing documents is well-established, but it's not particularly good at distilling facts. This has led to a surge in AI-generated irrelevant reports, with about 20% of all security report submissions in 2025 being AI-generated and considered "slop."

Moreover, the use of AI in cybersecurity has given rise to a digital version of the classic game "Rock 'Em Sock 'Em Robots," with offensive- and defensive-minded AI pitted against each other. In early July 2025, approximately 5% of the AI-generated submissions were genuine vulnerabilities, a significant decrease compared to previous years.

Despite these challenges, AI continues to play a crucial role in the cybersecurity landscape. For instance, CrowdStrike is using AI to help people who think they've been hacked, while Tom's Hardware provides up-to-date news, analysis, and reviews on AI hacking and related topics. A startup called Xbow even climbed to the top of the HackerOne U.S. leaderboard in June with its AI.

However, the rise of Xbow to the top of the leaderboard should be viewed with caution, as it overlooks the sheer amount of "slop" produced by similar AI tools that promise to help security researchers find vulnerabilities. As the cybersecurity industry continues to embrace AI, it is essential to navigate its benefits and challenges carefully to ensure a secure digital future.

AI Hacking Era Unveiled: Malicious and Benevolent Factions Utilizing AI in a Cybersecurity Battlefield Competition