New Delhi [India], May 9 : Cybersecurity is entering an "AI versus AI" era, with companies increasingly deploying autonomous artificial intelligence systems to investigate, detect and respond to cyberattacks at machine speed as hackers themselves rapidly adopt AI-driven attack methods, according to a new World Economic Forum (WEF) white paper released in collaboration with KPMG.
The report, titled "Empowering Defenders: AI for Cybersecurity", said attackers are increasingly using AI "to increase the speed, scale and sophistication of threats", forcing cybersecurity systems to evolve beyond traditional human-led defences.
"Adversaries are increasingly operating at machine speed, using AI to conduct reconnaissance of targets and vulnerabilities, generate malware, exploit code, evade detection and launch attacks at scale," the report said.
The WEF report noted that what earlier required "weeks of effort can now be executed in minutes", lowering technical barriers for cybercriminals and significantly increasing the scale of attacks.
To counter this shift, organizations are increasingly deploying AI-driven systems capable of autonomously analysing threats, investigating suspicious activity and recommending or triggering response actions in real time.
Highlighting real-world deployments, the report cited IBM's "ATOM" system, which autonomously investigates, enriches and scores cybersecurity alerts using agentic AI. According to the report, the system now handles "about 95 per cent of daily investigations" while automating more than "850 analyst hours per month".
The report also pointed to Allianz's "hypothesis-based AI analysis system", which dynamically retrieves and analyses forensic data during investigations instead of collecting all endpoint data centrally. The system was developed to address the growing challenge of analysing massive volumes of cybersecurity data generated across enterprise systems.
Meanwhile, Google has deployed AI agents such as "Big Sleep" and "CodeMender" to identify unknown software vulnerabilities and automatically generate security patches. The report said CodeMender has already patched "more than 100 critical security issues".
The report added that AI adoption in cybersecurity is accelerating rapidly across industries, with 77 per cent of organizations already using AI in cybersecurity functions.
According to the report, organizations extensively using AI in security operations reduced average breach costs by "USD 1.9 million" and shortened breach timelines by approximately "80 days".
The WEF report identified AI as "the most significant driver of change in cybersecurity", citing findings from its Global Cybersecurity Outlook 2026 survey, where 94 per cent of respondents highlighted AI's growing impact on cyber defence.
However, the report cautioned against excessive dependence on AI-driven systems, warning that "heavy reliance on AI can undermine cyber resilience".
"Excessive trust in automated decisions creates a false sense of security and over time erodes the expertise needed to intervene when systems fail," the report said.
The report stressed that while AI is becoming central to cybersecurity operations, "human judgement and expertise remains essential" to prevent systemic vulnerabilities and operational failures.