Increasing concerns about AI cybersecurity
As the final quarter of 2025 approaches, Artificial Intelligence (AI) remains a focal point in enterprise technology discussions. A global survey by McKinsey & Company indicates that 78% of organisations are now utilising AI in at least one business function. In the realm of cybersecurity, some experts express optimism that defensive AI could provide enterprises with an advantage against cyber attackers. Conversely, there is growing anxiety regarding the potential threats AI may introduce, both from external sources and within organisations. Recent articles delve into the concerns surrounding AI cybersecurity, including a significant vulnerability associated with ChatGPT and the drawbacks of AI-driven vulnerability detection. Experts also emphasise the necessity for the evolution of zero trust frameworks to effectively address the challenges posed by AI.
A September 2025 report from Lenovo highlights the pervasive unease among IT defenders regarding AI-enhanced cyberattacks. Only 31% of IT leaders reported feeling somewhat confident in their defensive capabilities, with a mere 10% expressing strong confidence. The report underscores how AI can adapt attacks to circumvent existing defence mechanisms. Additionally, 61% of IT leaders identified offensive AI as an escalating risk, while concerns about employees using public AI tools and the rapid adoption of AI agents have been labelled as a new form of insider threat. In another development, researchers at Radware uncovered a vulnerability named “ShadowLeak,” which allows hackers to stealthily exfiltrate emails from users integrating ChatGPT with their email accounts. This attack employs hidden HTML code to instruct the AI to extract data, leaving no trace on the victim’s network. OpenAI addressed this vulnerability in August, but details of the fix remain unclear. Furthermore, former U.S. cyber official Rob Joyce cautioned that AI-powered vulnerability detection could exacerbate cybersecurity issues, as the speed of vulnerability discovery often outpaces remediation efforts, particularly for legacy systems.
