Threat Analysis - The Weaponization of AI in 2025
A review of business threats
Note: This article was written for the context of enterprise security, or cybersecurity in a professional context. The weaponization of AI against individuals has been noted in other reports available from Practive Security.
Introduction
Several years ago while leading threat research and intelligence for one of the top Cybersecurity companies in the world, I began hearing leaders of Cybersecurity companies talk about the adoption of AI by threat actors and how doing so would give them an advantage that would defeat all existing defensive capabilities. AI was said to be for the adversary the proverbial silver bullet. The story went on that unless organizations adopted AI into their stack of cyber defenses, they would be unable to withstand the AI-powered adversary, who would breach everything and wipe them out completely. The story presented as something like an arms race.
This is in fact how CrowdStrike reports on the weaponization of AI (bold added for emphasis):
“AI has become a key technology in every enterprise IT toolbox — and it has also become a weapon in the arsenals of cybercriminals.
AI-powered cyberattacks leverage AI or machine learning (ML) algorithms and techniques to automate, accelerate, or enhance various phases of a cyberattack. This includes identifying vulnerabilities, deploying campaigns along identified attack vectors, advancing attack paths, establishing backdoors within systems, exfiltrating or tampering with data, and interfering with system operations.
Like all AI algorithms, the ones used by AI-powered cyberattacks can learn and evolve over time. This means that AI-enabled cyberattacks can adapt to avoid detection or create a pattern of attack that a security system can’t detect.”
Got it. AI is a new weapon that will increase the adversary’s capabilities across the board. They will use it to find new vulnerabilities, develop new attacks and TTPs, and use it to evade detection, and our old defenses will no longer work.
I have also heard Cybersecurity leaders discuss AI-powered attacks at moving to machine-speed which will far out pace human-driven responses, including developing on-the-fly evasion techniques so any countermeasures deployed by humans in response, will be instantly thwarted. Now, aside from the fact that Cybersecurity defense doesn’t actually work that way, the point of the story is that if we don’t match their AI with our own AI, they will always win via speed and dynamic innovation that humans just can’t keep up with.
When I first heard this narrative, I was surprised, because I had not seen any examples of leaps in adversary tools, techniques, procedures, or attack dynamics despite the fact that the various AI Agents and ChatBots were widely available. I assumed that what was being claimed was in fact happening, and that I was simply ignorant and had not yet come across those specific reports. So I asked peers in the intel community that I had access to at the time. Their surprise (and skepticism) was the same as mine, and they too were looking for such examples of weaponized AI and some indication of an emerging insurmountable shift in attacker capabilities. No one seemed to have examples, but the narrative played on.
That was several years ago, and was part of the catalyst for the 2025 AI Revolution which brought us widespread adoption of AI into all of life, along with the clamoring of Cybersecurity companies to claim that AI was now powering their solutions, so that customers had confidence they were sufficiently defended against this newly armed adversary. But it was also a major part of 2025 Cybersecurity product marketing; products enhanced with AI capabilities with urgency that customers must buy the new thing so they could be protected.
Yet the AI integrations in security products that were actually being delivered by cybersecurity companies in 2025, were more about post-attack analysis (data analytics and detention), and response workflows, and not about increased tooling or effectiveness in defensive capabilities or proactive security that can find holes before adversaries do.
In the AI Revolution of 2025, did we see any significant increase in breach reports or attacks suffered by companies? Did we see any significant spikes in 0 day vulnerabilities, or updates to tools like MITRE ATT&CK that highlight the use of AI in TTPs? At the dawn of 2026 and as Silicon Valley leaders are claiming we have reached the AI Singularity, surely by now we will have seen adversary adoption of AI, right? So how have they gained that feared advantage, and what has that advantage given them?
That is what we will examine in this intelligence product - the Weaponization of AI. Is it real, or is it hype, and what should organizations do in response?
