AI tools are rapidly changing the cybersecurity landscape, enabling fraud attacks that are more difficult to detect, and the exploitation of vulnerabilities and stolen credentials in increasingly sophisticated breaches, says cybersecurity company ESET global security evangelist Tony Anscombe.

AI is compounding an already challenging threat landscape, says networking and cybersecurity company Cisco Middle East and Africa Cybersecurity MD Fady Younes.

AI adds layers of complexity to an already complicated security landscape, and companies find it challenging to both embrace and secure AI, the company says in its ‘2025 Cisco Cybersecurity Readiness Index: Cybersecurity Readiness Remains Flat as AI Transforms the Industry’ report.

Further, there is a growing disconnect between the general understanding of the threats posed by AI and what it takes to secure organisations against those threats, with 86% of business leaders with cybersecurity responsibilities reporting at least one AI-related incident in the past 12 months, according to the report.

“The speed at which AI is being weaponised by threat actors is outpacing traditional security approaches. Globally, we are seeing that fragmented defences and under-resourced teams can’t match the scale or sophistication of today’s attacks.

“Organisations must shift from incremental upgrades to integrated, AI-native strategies that can defend at machine speed; anything less is no longer sustainable,” says Younes.

In the past year, 54% of organisations fell victim to cyberattacks, and were hindered by complex security frameworks with siloed point solutions, the report shows.

Similarly, 60% of South African organisations that participated in the 2025 index say complex security infrastructures, including the deployment of more than ten separate security solutions, are impeding their ability to respond swiftly and effectively to threats.

AI tools are also increasingly being used in ransomware development. Ransomware group FunkSec gained notoriety by surpassing established groups with multiple victims claimed in December 2024, says cybersecurity company Kaspersky’s South Africa GM Chris Norton.

The group’s heavy reliance on AI-assisted tools sets it apart, with its ransomware featuring AI-generated code, complete with flawless comments, likely produced by large language models to enhance development and evade detection.

Unlike typical ransomware groups demanding millions, FunkSec adopts a high-volume, low-cost approach with unusually low ransom demands, further highlighting its innovative use of AI to streamline operations, he notes.

AI for Defence
In South Africa, 92% of organisations that participated in the Cisco Index say they use AI to better understand threats, 89% use it for threat detection, and more than 80% for response and recovery, underscoring AI’s vital role in strengthening cybersecurity strategies.

These findings align with global trends, which show that 85% of organisations are using AI in detection, 71% for threat response and 70% for incident recovery. Further, 89% of respondents say their companies are at least partly using AI technologies to develop a better understanding of threats.

However, the degree to which companies rely upon AI for these tasks is still growing, the report notes.

Collecting all the data from processes and devices, and analysing it to detect anomalies, unusual user behaviour or suspicious traffic, among others, requires AI tools, Anscombe notes.

Cyberattackers use a broad range of vectors, and effectively responding to cyberattacks requires behavioural and technical changes across a range of processes and systems.

Therefore, there is a need for automation and managed services to detect intrusions and attacks, he adds.

The 2025 Cisco Cybersecurity Readiness Index states that “automation is becoming a key component of security systems and protocols, but there is a trust and comfort gap between the current approach of partial automation and full automation”.

The report describes automation as a work in progress that is becoming a valuable tool in the arsenal of cybersecurity teams, with 97% of respondents reporting that their companies would be comfortable with some degree of security automation.

However, only 33% reported that their organisations would be comfortable with fully automating their systems, Cisco says.

As threats continue to evolve, so do the solutions deployed to counter them. Companies are embedding AI more deeply within these solutions as they take a cautious step towards further automation, it notes

Additionally, many businesses are recognising the significant role of AI fortification in their overall cybersecurity protocols, and are testing and refining where and how to best deploy it, the report states.

As cyberattacks become more sophisticated, businesses can no longer rely on manual processes. The latest security products are designed to automate detection, response and mitigation. These solutions use machine learning to detect unusual patterns in real time, says Norton.

For example, if a device suddenly attempts to access confidential data at odd hours, it can be automatically flagged or isolated.

Automated patch management is another area of growing importance, as many ransomware attacks begin with known, unpatched vulnerabilities. AI systems can prioritise and deploy critical patches without human delay, he explains.

Similarly, intelligent security platforms also support threat hunting, incident response and user behaviour analytics, enabling organisations to scale their defences without dramatically expanding their information technology teams.

Securing AI
While using AI to defend against cybersecurity threats is growing, threats to AI systems and secure data processes remain a blind spot for many companies, despite an abundance of active and increasingly sophisticated attacks, the Cisco report states.

Added to this is a general lack of employees’ understanding of the security risks involved in using and developing AI applications.

Unregulated AI deployments, or shadow AI, pose significant cybersecurity and data privacy risks, as it is difficult for security teams to monitor and control what they cannot see. Sixty percent of respondents stated they lack confidence in their ability to identify the use of unapproved AI tools in their environments, Cisco says in the report.

If companies use AI as part of a service to customers or if their employees use AI, then companies must ensure that these uses are covered by their cybersecurity policies, says Anscombe.

“In addition to having policies in place about the use of AI, even if they are not yet officially using AI systems, companies must ensure that their AI systems are also protected.

“A trained AI model becomes a significant asset for companies, and needs to be protected accordingly.

“Similarly, the data used to train AI models is important and companies must protect this data from being poisoned as part of an attack. This type of attack could also be an evolution of ransomware-type attacks,” he highlights.

Further, Cisco highlights that only 49% of the 2025 respondents believe that employees fully understand AI-related cybersecurity threats, which commonly take the form of model theft or unauthorised access, AI-enhanced social engineering or data-poisoning attempts.

Similarly, only 48% believe that their employees understand how malicious actors are using AI to enhance their attacks. Forty- five percent feel their company has the in-house resources and expertise to conduct comprehensive AI security assessments.

Meanwhile, 78% of cybersecurity practitioners are extensively using AI in policy assessment, with deployment to identify duplicate, overlapping or contradictory policies, while 78% are using it for policy recommendations, and 71% for policy enforcement.

Respondents are comfortable using AI to check and enforce existing systems while permitting it to make recommendations that can subsequently be evaluated, Cisco says in the report.

AI Skills
Information technology and AI skills shortages continue to challenge South African organisations, especially small businesses. A practical solution is to partner with managed service providers that specialise in cybersecurity, says Norton.

These providers bring much-needed skills and can implement enterprise-grade protections more affordably than in-house teams, he says.

The technical responses required to combat evolving cyberthreats may not be attainable by smaller businesses, and this is why they need a framework within which they can consider effective responses, including using services, if suitable, Anscombe advises.

Maintaining an effective cybersecurity team is complex and expensive, and small businesses will face problems of staff retention and may not be able to build a team that is large enough to address threats. One solution is to outsource elements of this function, he adds.

However, to protect themselves within increasingly complex operating environments, businesses should know what devices and systems they use and have a suitable framework in place to manage them.

“Businesses, including small businesses, must understand that there are significant threats out there and that there is no silver bullet. Therefore, businesses should adopt a framework approach to cybersecurity that covers not only the company’s cybersecurity posture but also how employees can use AI solutions,” says Anscombe.

To meet current cybersecurity demands, organisations must prioritise AI-powered solutions, streamline their security architecture, and build greater awareness of AI-driven threats, says Cisco South Africa GM Smangele Nkosi.

“It is crucial to focus on AI for faster detection, response and recovery while addressing talent shortages and mitigating risks from unmanaged devices and shadow AI,” she recommends.