How does AI improve threat detection over traditional methods?

Traditional security tools rely on known signatures and predefined rules, making them ineffective against novel attack techniques. AI models learn behavioural baselines from historical telemetry, detect statistical anomalies without prior definitions, and correlate weak signals across multiple data sources that would be invisible to human analysts. This shifts detection from matching known threats to identifying unusual patterns in context. However, this approach requires high-quality training data and careful tuning to manage false-positive rates.

Can AI cybersecurity systems be attacked themselves?

Yes. Adversarial machine learning research has demonstrated that AI-based intrusion detection systems can be evaded through carefully crafted inputs. Other attack vectors include model poisoning through manipulation of training data and model extraction attacks that attempt to replicate proprietary detection logic. Hardening security AI against these threats is an active research area, with techniques including adversarial training, ensemble diversification, and differential privacy. NIST's adversarial ML taxonomy, published in 2024, provides a standardised framework for understanding these threats.

What are the ethical concerns with AI in cybersecurity?

Key concerns include the potential for mass surveillance when behavioural baselines profile employee or user activity, biased detection models that disproportionately flag certain groups, and false positives that trigger automated containment disrupting legitimate operations. The offensive use of AI for automated vulnerability discovery and exploit generation raises additional concerns. Regulatory frameworks are beginning to address AI governance in security contexts, but the field largely operates without binding specific standards for AI deployment in cybersecurity tools.

How reliable is deepfake detection technology?

Deepfake detection remains an active arms race. Current systems can achieve high accuracy on established benchmarks like FaceForensics++, but performance degrades on new generation techniques that were not represented in training data. Detection systems that combine spatial and temporal analysis tend to outperform single-modal approaches. The fundamental challenge is that generative models improve continuously, meaning detection systems require ongoing updates to remain effective. No current system provides reliable detection against all forms of synthetic media.

Home›Research›Cybersecurity

AI in Cybersecurity Research

AI-driven threat detection, adversarial machine learning, vulnerability research, and deepfake forensics

Overview

The cybersecurity landscape has undergone a structural shift. Attack surfaces have expanded with cloud migration, remote work infrastructure, and the proliferation of IoT devices, while the volume and sophistication of threats have outpaced the capacity of human-led security operations. Artificial intelligence is now central to how organisations detect, respond to, and recover from cyber incidents, from automated threat hunting and anomaly detection to digital forensics and incident response.

This research domain tracks peer-reviewed publications, industry evaluations, and real-world deployments of AI in cybersecurity. Coverage includes AI-powered threat detection platforms, adversarial machine learning, AI-assisted vulnerability discovery, deepfake detection, and the emerging use of AI for offensive security operations. The field operates at the intersection of rapid technological change and significant ethical considerations around surveillance, bias, and the potential for AI to be weaponised.

Each entry is sourced to peer-reviewed publications, industry reports, or official documentation. We distinguish between controlled benchmark results and production deployment outcomes, and we note where evidence remains preliminary or where vendors have not disclosed evaluation methodology.

Key Developments

AI-Powered Threat Detection

Network Detection and Response platforms increasingly use machine learning to identify anomalous network behaviour indicative of security threats. Vendors including Darktrace, CrowdStrike, and Palo Alto Networks incorporate AI and ML capabilities into their commercial security products. ML models can analyse network traffic patterns to detect lateral movement, data exfiltration, and command-and-control communications that may evade traditional signature-based detection. The effectiveness of these systems varies across environments, and false positives remain a significant operational challenge for security teams evaluating alerts.

Adversarial Machine Learning

Research has demonstrated that adversarially crafted inputs can fool AI-based security systems, including intrusion detection and malware classification. Studies published at venues including the IEEE Symposium on Security and Privacy and USENIX Security have shown evasion attacks on ML-based intrusion detection systems. Adversarial training and robust model architectures are active areas of research aimed at hardening security ML models against such attacks. The US National Institute of Standards and Technology published a taxonomy and terminology of adversarial machine learning, NIST AI 100-2, in 2024, providing a standardised framework for describing these threats.

AI in Vulnerability Discovery

Researchers have explored using large language models and graph neural networks to identify software vulnerabilities in source code. Tools including CodeQL, developed by GitHub, and Coverity, developed by Synopsys, incorporate static analysis with machine learning components for vulnerability detection. ML-based approaches aim to identify zero-day vulnerabilities before they are exploited in the wild. The field is still maturing, and current systems exhibit significant false-positive and false-negative rates, limiting their standalone reliability compared to expert human code review.

Deepfake Detection and Media Integrity

The Deepfake Detection Challenge, organised by Meta, Microsoft, AWS, and academic partners in 2020, catalysed research in synthetic media detection by providing a large-scale benchmark dataset. The FaceForensics++ benchmark is widely used in the research community to evaluate deepfake detection model performance. Detection systems use a combination of spatial analysis to identify artefacts in individual frames and temporal analysis to detect inconsistencies across frames. The arms race between generation and detection technologies continues, with generative models improving in quality faster than detection methods can adapt.

AI-Generated Threats and Social Engineering

Large language models have lowered the barrier for generating convincing phishing emails and social engineering content, enabling more sophisticated and personalised attacks at scale. Deepfake audio and video have been used in documented fraud attempts and disinformation campaigns reported by security researchers and news outlets. Security researchers have documented AI-powered automated attacks targeting organisations. The cybersecurity industry is investing in AI-powered defensive tools to counter these emerging threats, though the offensive capabilities of AI are advancing rapidly as well.