The Impact of AI on Cyberattacks: Greater Reach, Speed, and Adaptability

More attacks, faster and carried out by more hostile actors… We analyze the impact of AI on cyberattacks

In 2025, cyberattacks in Spain increased by 26% compared to the previous year. There is no indication that they will decrease this year. In fact, the impact of AI on cyberattacks may increase the number of attacks in the coming years and reduce the time malicious actors need to carry out successful attacks.

Artificial Intelligence is not only changing the way businesses operate and people’s daily lives—both professionally and personally—but AI is also boosting the offensive capabilities of malicious actors.

A few weeks ago, Microsoft warned that cybercriminals were already using AI throughout the Cyber Kill Chain, enabling them to accelerate their operations, escalate their malicious activity, and overcome defensive barriers and mechanisms.

Meanwhile, in early March, it was revealed that malicious actors had abused Claude to write exploits and create tools that enabled them to automate the theft of more than 150GB of data from Mexican government systems, including the country’s tax authority.

In fact, there has been intense debate in recent weeks about how malicious actors will use cutting-edge AI models—the next wave of the AI revolution—to design and execute cyberattacks against companies. This has reached the point where the European Central Bank (ECB) has already asked financial institutions to prepare for such a scenario.

Therefore, the impact of AI on cyberattacks is not only a well-established reality today but may become even more decisive in the future.

Below, we will review the most relevant aspects of AI’s impact on cyberattacks.

Greater scope in vulnerability detection

Cybersecurity experts agree that the impact of AI on cyberattacks is particularly noticeable in terms of scale.

What does this mean? AI is increasing the ability to identify vulnerabilities, the speed at which they are detected, and, no less importantly, the possibility of chaining them together for joint exploitation. In other words, it increases the impact even of vulnerabilities initially considered low-severity.

This means that cyberattacks against companies could increase by exploiting unaddressed weaknesses in their assets, as the gap between detection and remediation widens.

Shorter attack timeframes

While scale is one of the key aspects of AI’s impact on cyberattacks, another key factor to consider is speed.

The malicious use of AI not only makes it possible to identify more vulnerabilities in companies’ digital assets but also accelerates this process. What used to take weeks can now be accomplished in hours.

Furthermore, AI is not only relevant to identifying weaknesses but also to exploiting them.

Malicious actors are already using the key technology of our era to develop exploits that allow them to actively exploit vulnerabilities present in corporate infrastructures.

Hence, it should come as no surprise that the average time to exploit a vulnerability from the moment it is discovered was more than 23 days last year, whereas by 2026, it will be just 1.5 days.

This requires that companies developing software and hardware be able to remediate emerging vulnerabilities in record time to prevent zero-day attacks.

More malicious actors are capable of carrying out successful attacks

The impact of AI on cyberattacks varies across the spectrum of malicious actors.

Thus, advanced persistent threat (APT) groups and other seasoned cybercriminals can use AI to accelerate their attacks, though there are currently no indications that sophisticated attacks are being carried out entirely with this technology.

As for junior cybercriminals, AI lowers the barriers to entry for more sophisticated attacks.

It is also important to note that AI’s impact on cyberattacks is significant, as it assists malicious actors across all phases of an attack, from reconnaissance to post-attack activities.

Furthermore, the increased complexity of attacks that can be launched using AI also leads to a higher probability of their success. That is, of their ability to bypass companies’ detection and response mechanisms and achieve their malicious objectives: data theft, disruption of a company’s services, access to intellectual property or financial information, etc.

Greater realism in identity spoofing and the creation of synthetic identities

Although the impact of AI on cyberattacks has not yet led to more sophisticated malicious techniques and tactics, there is a notable increase in the sophistication of social engineering.

In 2024, an employee at the British engineering firm Arup believed he was being video-called by a superior who ordered him to transfer 20 million pounds. However, the video call was AI-generated, and the employee sent the money to a criminal group.

This case served as a warning about the ability of malicious actors to create utterly convincing deepfakes of specific individuals in key company positions.

Since this fraud occurred, the use of AI to impersonate identities—and even generate synthetic identities—has not exactly declined; quite the opposite.

In fact, operations orchestrated by sophisticated criminal groups have been detected, involving the generation of synthetic identities to participate in remote-work hiring processes. In this way, they manage to infiltrate organizations by posing as employees.

The constant evolution of AI systems is enabling malicious actors to refine deepfakes, making them so realistic that they do not arouse suspicion among their victims. Added to this is the emergence of criminal Deepfake-as-a-Service models, which could lead to a surge in fraud attempts.

As a result, the impact of AI on cyberattacks is already evident in social engineering techniques and in the design of 100% realistic fraudulent operations.

Greater adaptability during the execution of attacks

The impact of AI on cyberattacks is also notable in another very important area: adaptability.

What do we mean by this? The ability of malicious actors to adapt their actions in real time to the response orchestrated by the defensive systems of the targeted infrastructures.

As we noted earlier, AI is already being used in the different phases of cyberattacks.

This is enabling malicious actors to increase their speed and offensive capabilities, not only in identifying vulnerabilities and creating exploits, but also in the actions they carry out once inside corporate systems. As a result, they can, for example, more effectively bypass detection and response mechanisms, thereby enabling lateral movement and persisting within the attacked infrastructure for extended periods without being detected.

In fact, by the end of 2025, malware had already been detected using LLM model APIs to generate malicious code or commands at runtime. This means that such malware can continually mutate, altering its behavior and thereby evading traditional defensive mechanisms.

We are therefore facing a scenario in which the impact of AI on cyberattacks is becoming increasingly significant. Consequently, companies’ defensive capabilities must adapt to this paradigm shift.

How to Address the Impact of AI on Cyberattacks

The impact of AI on cyberattacks is forcing corporate security professionals to adapt their cybersecurity strategies to ensure adequate protection and resilience against malicious actors who use AI to expand their reach, operate more quickly, and adapt in real time to defensive mechanisms.

Cybersecurity services play a key role in the design and implementation of strategies adapted to the impact of AI on cyberattacks, such as:

• Efficient vulnerability management that allows for the monitoring of all weaknesses affecting a company’s infrastructure and prioritizes their remediation in the shortest possible time to prevent supply chain attacks and the exploitation of zero-day vulnerabilities.
• Threat Intelligence. Threat intelligence is key to identifying a company’s exposure and attack surface, understanding how the threats it faces operate, and designing the most likely attack scenarios, taking into account malicious actors’ use of AI. In this way, protection of a company’s most exposed areas can be strengthened, and critical functions safeguarded to ensure business continuity.
• Threat Hunting. The impact of AI on cyberattacks is forcing companies to adopt an offensive, proactive security approach to stay one step ahead of malicious actors, who have significantly increased the speed at which they can design and execute attacks. Threat Hunting teams work on the basis of compromise hypotheses, enabling them to detect malicious activity even when no security events have been detected.
• MDR Services. Managed detection and response solutions enable proactive threat hunting, the discovery of new tactics, techniques, and procedures (TTPs), and the detection of evasive threats that use AI to circumvent traditional defense mechanisms. Furthermore, they are essential for responding immediately to any incident and restoring normal operations as quickly as possible.

In short, the impact of AI on cyberattacks is already significant in terms of scope, speed, the sophistication of social engineering techniques, adaptability, and the ability of malicious actors without extensive expertise to carry out attacks sophisticated enough to succeed.

Therefore, companies must have advanced cybersecurity services that enable them to optimize their defensive capabilities and continuously adapt them to how malicious actors use Artificial Intelligence to carry out their attacks.