{"id":4661,"date":"2025-12-02T23:41:43","date_gmt":"2025-12-03T07:41:43","guid":{"rendered":"https:\/\/cardonet.com\/news\/?p=4661"},"modified":"2025-12-02T23:41:45","modified_gmt":"2025-12-03T07:41:45","slug":"ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning","status":"publish","type":"post","link":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/","title":{"rendered":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning"},"content":{"rendered":"\n<p><strong>Can you defend against an attack that rewrites itself faster than your security team can respond?<\/strong><\/p>\n\n\n\n<p>Cardonet has been looking after clients\u2019 IT for more than 25 years. In that time the security threats have changed constantly, but this feels different.&nbsp;<\/p>\n\n\n\n<p>AI has moved from being a \u201cnice to have\u201d innovation to the engine behind a growing chunk of cybercrime and is now the main way defenders keep up.&nbsp;<\/p>\n\n\n\n<p>Recent analyses suggest roughly one in six cyber incidents now involve AI on the attacker\u2019s side, especially in phishing, fraud and social engineering. UK fraud and cyber loss data shows AI\u2011assisted scams are costing businesses tens of millions of pounds through deepfake\u2011driven investment fraud and sophisticated social engineering.<a><\/a><\/p>\n\n\n\n<p><em>If you own or run a business, this isn\u2019t abstract. It\u2019s about whether you can keep trading when a criminal uses your own data, your brand, even your voice against you, and whether your insurance will still pay out when that happens.<\/em><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"687\" src=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-1.jpg\" alt=\"AI cybersecurity threat detection with machine learning defense systems protecting your business networks\" class=\"wp-image-4662\" srcset=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-1.jpg 1024w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-1-300x201.jpg 300w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-1-768x515.jpg 768w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-1-280x187.jpg 280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How criminals are using AI today<\/strong><\/h2>\n\n\n\n<p>Let\u2019s start with how attackers are using AI right now, because this is what you\u2019re up against.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Smarter, faster phishing<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>A few years ago, most phishing emails were full of spelling mistakes and odd phrasing. Today that\u2019s the exception. Attackers feed public information about your business, your sector and your people into large language models and generate thousands of emails that read like a real supplier, a real colleague, a real customer.<a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Messages are tailored to specific roles and current projects.<\/li>\n\n\n\n<li>Tone of voice can be tuned to match the organisation they\u2019re impersonating.<\/li>\n\n\n\n<li>Replies are handled automatically, so the conversation feels natural.<\/li>\n<\/ul>\n\n\n\n<p><em>You don\u2019t need a big criminal gang to do this anymore. One person with the right tools can run a campaign that looks and feels like it\u2019s coming from a well\u2011resourced fraud operation.<\/em><a><\/a><em><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>Deepfakes and voice cloning<\/strong><\/h3>\n\n\n\n<p>The same thing is happening with audio and video. Recent UK data puts losses to investment scams in the first half of 2025 at close to \u00a3100 million, with AI deepfakes playing a significant part in making those scams so convincing. Global analysis shows deepfake volumes and associated fraud attempts rising sharply over the last two years.<a><\/a><\/p>\n\n\n\n<p>Patterns seen in real incidents include:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>A \u201cCEO\u201d or \u201cFD\u201d on a video or Teams call approving an urgent payment.<\/li>\n\n\n\n<li>A \u201csupplier\u201d on a video call asking to change bank details.<\/li>\n\n\n\n<li>Voice messages that sound exactly like your senior people, asking for exceptions to normal controls.<\/li>\n<\/ul>\n\n\n\n<p><em>Under pressure, people act. If your approval process assumes \u201cI saw them \/ I heard them\u201d equals \u201cit\u2019s safe\u201d, you are now exposed.<\/em><a><\/a><em><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>Malware that learns as it goes<\/strong><\/h3>\n\n\n\n<p>The third big shift is on the malware side. There are now malware families that use AI to change how they behave mid\u2011attack. Threat intelligence teams have documented samples that call out to AI services for new ways to obfuscate code, avoid detection or move sideways once they are inside a network.<a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<p>In simple terms:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Traditional antivirus looks for known bad patterns.<\/li>\n\n\n\n<li>AI\u2011driven malware keeps changing those patterns.<\/li>\n\n\n\n<li>Once inside, it can adjust what it does in response to what your tools are blocking.<\/li>\n<\/ul>\n\n\n\n<p><em>That\u2019s why \u201cwe\u2019ve got antivirus and a firewall\u201d is no longer a serious answer. It\u2019s like turning up to a Formula 1 race with a 1990s family saloon and hoping for the best.<\/em><em><\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>When AI is inside your own tools<\/strong><\/h2>\n\n\n\n<p>There\u2019s a second layer to this: attackers are starting to go after the AI models inside your own tools.<\/p>\n\n\n\n<p>Adversarial machine learning is a set of techniques where attackers deliberately craft inputs that cause AI systems to make the wrong decision \u2013 classifying something malicious as safe, or flagging something harmless as a threat. That can mean:<a><\/a><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Emails tweaked just enough to slip past AI spam filters.<\/li>\n\n\n\n<li>Network behaviours shaped to look \u201cnormal\u201d to an anomaly detector.<\/li>\n\n\n\n<li>Poisoned data slipped into training sets so future models are blind to certain patterns.<\/li>\n<\/ul>\n\n\n\n<p>Most mid\u2011market businesses don\u2019t have data science teams to reverse\u2011engineer why a model made a bad call. They only see the outcome: \u201cwe had the tech, and it still got through.\u201d<\/p>\n\n\n\n<p>That doesn\u2019t mean AI in security is a mistake. It means you have to treat your own AI stack as something that needs securing in its own right, not just a magic box that \u201cdoes security\u201d.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Your insurance costs are already feeling this<\/strong><\/h2>\n\n\n\n<p>Now to the part that directly hits your P&amp;L: cyber insurance.<\/p>\n\n\n\n<p>The UK numbers are stark. Trade body data shows cyber insurance payouts for UK businesses reached around \u00a3197 million in 2024 \u2013 roughly THREE-TIMES the level of the previous year \u2013 with malware and ransomware accounting for just over half of all claims. Put simply, more attacks, more damage, bigger cheques.<a><\/a><a><\/a><a><\/a><a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<p><strong>Premiums and deductibles<\/strong><\/p>\n\n\n\n<p>In some quarters you may see average cyber premiums dip slightly where competition heats up, but the long\u2011term direction is obvious: up. As expected losses increase, insurers price that in. Expect:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Higher base premiums at renewal over the medium term.<\/li>\n\n\n\n<li>Larger deductibles before the policy responds.<\/li>\n\n\n\n<li>Tighter sub\u2011limits for ransomware, funds transfer fraud and business interruption.<\/li>\n\n\n\n<li>Tighter minimum security requirements<\/li>\n<\/ul>\n\n\n\n<p><strong>Underwriters now routinely insist on a baseline of controls before they will quote.<\/strong> <\/p>\n\n\n\n<p>Common requirements include properly deployed endpoint detection and response, multi\u2011factor authentication on email and critical systems, and privileged access management for admin accounts. Questions around fraud controls, call\u2011back procedures and how you verify high\u2011risk changes are also becoming normal, particularly given the rise of deepfake\u2011enabled scams.<\/p>\n\n\n\n<p>If you can\u2019t show that you\u2019ve done the basics, you may find:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>You can\u2019t get cover at all at the limit you want.<\/strong><\/li>\n\n\n\n<li><strong>You get cover, but claims are challenged if something goes wrong.<\/strong><\/li>\n\n\n\n<li><strong>You are pushed into a more expensive, \u201chigh\u2011risk\u201d bracket.<\/strong><\/li>\n\n\n\n<li><strong>Exclusions and grey areas around AI<\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>There\u2019s also a quieter shift happening in policy wording.<\/strong> <\/p>\n\n\n\n<p>Some policies now include language around \u201cAI\u2011driven\u201d or \u201csynthetic\u201d attacks, and some legal commentators have flagged the risk of exclusions or narrow interpretations in those areas. Another subtle problem is where a policy defines a \u201chacker\u201d as an individual person, when in reality the actor is a semi\u2011autonomous tool being steered by a person in the background.<\/p>\n\n\n\n<p>In a major loss, that wording will get tested line by line. You don\u2019t want to be having that argument for the first time after the event.<strong><\/strong><\/p>\n\n\n\n<p>So the real question is this:<\/p>\n\n\n\n<p><em>Given how prevalent and expensive AI\u2011driven cyber fraud has become \u2013 and with insurance payouts and scrutiny rising \u2013 how will you cope when your premiums go up and your cover gets tighter?<\/em><em><\/em><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What good defensive AI looks like in practice<\/strong><\/h2>\n\n\n\n<figure class=\"wp-block-image size-large is-style-default\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"687\" src=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-1024x687.jpg\" alt=\"AI Attack Types vs Defenses\" class=\"wp-image-4663\" srcset=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-1024x687.jpg 1024w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-300x201.jpg 300w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-768x515.jpg 768w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-1536x1030.jpg 1536w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-2048x1374.jpg 2048w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-280x187.jpg 280w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-4-1170x785.jpg 1170w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p>The good news is you can use AI defensively to close a lot of these gaps. But it has to be done in a structured way. In our work with clients, a realistic AI\u2011driven security stack usually has four layers.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1. <strong>Strong identity and access as the foundation<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>Before you even talk about AI, get identity right:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Multi\u2011factor authentication on email, VPN and all remote access.<\/li>\n\n\n\n<li>Role\u2011based access so people only see what they need.<\/li>\n\n\n\n<li>Extra checks for finance and admin accounts, including out\u2011of\u2011band verification.<\/li>\n<\/ul>\n\n\n\n<p><em>This is what insurers expect now, and it\u2019s the cheapest way to blunt a lot of AI\u2011powered phishing and deepfake attempts, because even if someone is fooled, the attacker still struggles to log in.<\/em><a><\/a><a><\/a><em><\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2. <strong>AI\u2011assisted detection and response<\/strong><\/h3>\n\n\n\n<ol class=\"wp-block-list\">\n<li><\/li>\n<\/ol>\n\n\n\n<p>The second layer is where AI really starts earning its keep:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Analysing endpoint, identity, email and network telemetry in close to real time.<\/li>\n\n\n\n<li>Spotting unusual patterns \u2013 unfamiliar logins, odd data movement, strange process activity.<\/li>\n\n\n\n<li>Correlating events across systems so your team sees the whole story, not isolated alerts.<\/li>\n<\/ul>\n\n\n\n<p>Used well, AI here gives your team a realistic chance of spotting and containing an attack before it becomes a full\u2011blown incident. Think of it as giving your analysts a power tool, not replacing them.<a><\/a><a><\/a><a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3. <strong>AI Security Posture Management (AI\u2011SPM)<\/strong><\/h3>\n\n\n\n<p>If you\u2019re using AI or machine learning internally \u2013 for customer scoring, operations, or internal automation \u2013 you now have to think about the security posture of those systems:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Where do these models live \u2013 on\u2011prem, in specific cloud services, or embedded in vendor products?<\/li>\n\n\n\n<li>Who can change their configuration or training data?<\/li>\n\n\n\n<li>How do you monitor them for misuse, drift or unexpected behaviour?<\/li>\n<\/ul>\n\n\n\n<p>Specialist frameworks and tools have emerged to sit across this lifecycle and flag misconfigurations, exposed interfaces and unusual activity. Insurers and regulators are starting to ask about this, particularly in sectors where AI models touch sensitive data.<a><\/a><a><\/a><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4. <strong>People, process and testing<\/strong><\/h3>\n\n\n\n<p>None of this works without people and process:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Regular briefings on AI\u2011enhanced phishing, deepfake fraud and new scam patterns.<\/li>\n\n\n\n<li>Simple, enforced rules for verifying high\u2011risk requests (bank changes, large transfers, credential resets).<\/li>\n\n\n\n<li>Periodic testing: simulated phishing, table\u2011top exercises and, where appropriate, red\u2011team scenarios that include AI\u2011based attack methods.<\/li>\n<\/ul>\n\n\n\n<p>If your people know that \u201cI saw them on a call\u201d is not enough to bypass controls, you drastically reduce the odds of a single deepfake ruining your month.<a><\/a><a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>Where the UK government and regulators are heading<\/strong><\/h2>\n\n\n\n<p>It\u2019s not just insurers and criminals paying attention.<\/p>\n\n\n\n<p>The UK government\u2019s own assessment of generative AI is clear: across the current period to 2025, AI is expected to amplify existing cyber risks rather than create entirely new categories, but it will significantly increase the speed and scale of some attacks. That\u2019s already visible in the volume of phishing, the pace of fraud campaigns, and the way exploits are packaged and industrialised.<a><\/a><\/p>\n\n\n\n<p>In response, the proposed Cyber Security and Resilience Bill is designed to tighten expectations on operators of essential services and important digital providers, and to put more onus on boards to understand and manage cyber risk, including AI\u2011related risk. At the same time, the NCSC\u2019s latest reviews talk about record numbers of nationally significant incidents with ransomware and state\u2011linked activity heavily involved.<a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<p>For a mid\u2011market business, the message is straightforward: the environment you operate in is being treated as structurally higher\u2011risk. Your customers, insurers, regulators and suppliers will all gradually increase what they expect from you.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>What this means for you, practically<\/strong><\/h2>\n\n\n\n<p>So what should you actually do?<\/p>\n\n\n\n<p>If we were sitting down together, these are the questions I\u2019d be asking.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n<li>Where would an AI\u2011enhanced attack hurt you most?<\/li>\n\n\n\n<li>Payments and finance?<\/li>\n\n\n\n<li>Customer data and trust?<\/li>\n\n\n\n<li>Operational technology and uptime?<\/li>\n<\/ol>\n\n\n\n<p>You don\u2019t have to fix everything at once. You do need a clear view of your critical points of failure so investment goes where it matters most.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>What are you already doing that just needs tightening?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Most organisations already have some building blocks: MFA on email, a modern endpoint solution, some level of awareness training. The quickest wins usually come from:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Turning \u201coptional\u201d security features on and enforcing them.<\/li>\n\n\n\n<li>Closing the gap between policy and what really happens under pressure.<\/li>\n\n\n\n<li>Improving monitoring so you see issues earlier and in context.<\/li>\n\n\n\n<li>How can AI support your existing team, not replace it?<\/li>\n<\/ul>\n\n\n\n<p>If you\u2019re like most of our clients, the question isn\u2019t \u201chow do we add more tools?\u201d but \u201chow do we give this team better signal and less noise?\u201d That\u2019s where AI\u2011backed detection, correlation and sensible automation add real value.<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>How can I minimise insurance costs\/maximise coverage down the line?<\/strong><\/li>\n<\/ul>\n\n\n\n<p>Before renewal, it\u2019s worth sitting down with your broker and asking three direct questions:<strong><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Which controls will underwriters expect to see this year?<\/li>\n\n\n\n<li>Where are the likely exclusions and grey areas around AI and fraud?<\/li>\n\n\n\n<li>What evidence will we need to present if we make a claim?<\/li>\n<\/ul>\n\n\n\n<p>Then work backwards. That conversation should drive a lot of your 2025\u201326 cyber and AI security roadmap.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"687\" src=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-2_.jpg\" alt=\"AI Cyber Attacks - What you should do next. \" class=\"wp-image-4664\" srcset=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-2_.jpg 1024w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-2_-300x201.jpg 300w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-2_-768x515.jpg 768w, https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/20251115_Sagi_Cybersecurity_All_ai-vs-ai-criminals-defenders-weaponize-machine-learning_IMAGE-2_-280x187.jpg 280w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>How Cardonet can help<\/strong><\/h2>\n\n\n\n<p>This is where our team comes in.<\/p>\n\n\n\n<p>We work with businesses across sectors \u2013 professional services, hospitality, creative industries, education and more \u2013 who are all asking the same thing: \u201cHow do we keep people productive and the business moving, without leaving the door wide open to AI\u2011driven attacks?\u201d<\/p>\n\n\n\n<p>In practical terms, that usually means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Assessing your current security posture with AI in mind: where you\u2019re strong, where you\u2019re exposed, and what your insurers and regulators will see.<\/li>\n\n\n\n<li>Designing a realistic roadmap: which controls to implement in which order, aligned to your budget, risk and sector.<\/li>\n\n\n\n<li>Implementing the right mix of identity, endpoint, network, cloud and AI\u2011focused controls \u2013 making sure they genuinely work together.<\/li>\n\n\n\n<li>Training your people so they know how to respond to AI\u2011enabled threats, not just old\u2011fashioned phishing.<\/li>\n\n\n\n<li>Helping you evidence all of this to boards, auditors, insurers and customers.<\/li>\n<\/ul>\n\n\n\n<p>You don\u2019t need a Hollywood\u2011style \u201cAI cyber lab\u201d. You need a clear view of your risks, the right foundations in place, and a partner who will tell you plainly where you stand and what to do about it.<\/p>\n\n\n\n<p>If you\u2019d like that level of clarity, talk to us. We\u2019ll walk you through where AI changes your threat profile, what it means for your insurance, and how to get from where you are now to a position where you can say: \u201cWe\u2019re not bulletproof, but we\u2019re not a soft target either.\u201d<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>FAQs<\/strong><\/h2>\n\n\n\n<p><strong>How worried should I really be about AI\u2011driven attacks if I\u2019m an SME, not a big bank?<br><\/strong>You should be concerned, but not paralysed. The data shows AI isn\u2019t just being used against big enterprises \u2013 smaller firms are being hit with AI\u2011assisted phishing, fraud and account takeover because criminals know mid\u2011market controls are often weaker. The good news is that a handful of well\u2011chosen controls \u2013 strong identity, basic AI\u2011assisted detection, and tighter processes around payments \u2013 removes a lot of easy opportunities and makes you a harder target than the business down the road.<a><\/a><\/p>\n\n\n\n<p><strong>What are the first practical controls I should put in place for AI\u2011enhanced phishing and deepfakes?<br><\/strong>Start with three basics: multi\u2011factor authentication on email and remote access, clear verification rules for money movements and bank detail changes, and regular awareness sessions that specifically cover deepfakes, voice cloning and realistic AI\u2011generated emails. Then add monitoring that can spot unusual logins and data movement, so you\u2019re not relying on someone \u201chaving a bad feeling\u201d as your main line of defence.<a><\/a><a><\/a><a><\/a><a><\/a><a><\/a><a><\/a><\/p>\n\n\n\n<p><strong>How is AI changing what insurers expect from me at renewal \u2013 and what happens if I fall short?<br><\/strong>Insurers are seeing claims rise sharply and are reacting by asking harder questions about your controls, including how you manage phishing, ransomware and fraud risks that are now AI\u2011enabled. If you can\u2019t show basics like MFA, endpoint protection, privileged access controls and sensible fraud procedures, you\u2019ll either pay more, get lower limits, or find claims scrutinized much more aggressively when something goes wrong.<\/p>\n\n\n\n<p><strong>Can AI\u2011powered security tools actually help a small or mid\u2011sized team, or will they just create more noise?<br><\/strong>Used badly, they absolutely can create more noise. Used properly, they reduce noise by correlating events across email, identity, endpoints and cloud services so your team sees a smaller number of better\u2011quality alerts. The aim is not to replace your people but to give them better signal so they can focus on real incidents instead of chasing hundreds of low\u2011value warnings.<a><\/a><\/p>\n\n\n\n<p><strong>If I suspect an AI\u2011driven attack \u2013 a deepfake call, odd payment request or strange system behaviour \u2013 what should my team do in the first hour?<br><\/strong>First, don\u2019t panic and don\u2019t act alone. Pause any requested payments or changes, verify the request using a separate, trusted channel, and capture evidence (emails, call logs, screenshots) before anything is deleted. In parallel, isolate any affected accounts or devices, reset credentials where necessary, and escalate to your IT\/security partner so they can review logs and contain any intrusion before it spreads.<a><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Can you defend against an attack that rewrites itself faster than your security team can respond? Cardonet has been looking after clients\u2019 IT for more than 25 years. In that time the security threats have changed constantly, but this feels different.&nbsp; AI has moved from being a \u201cnice to have\u201d innovation to the engine behind<\/p>\n","protected":false},"author":2,"featured_media":4666,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[520],"tags":[952,954,955,682],"class_list":["post-4661","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cyber-security","tag-ai-cyber-security","tag-ai-threat-detection","tag-cyber-insurance-costs","tag-cyber-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.4 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - News<\/title>\n<meta name=\"description\" content=\"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - Cyber Security\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - News\" \/>\n<meta property=\"og:description\" content=\"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - Cyber Security\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/\" \/>\n<meta property=\"og:site_name\" content=\"News\" \/>\n<meta property=\"article:published_time\" content=\"2025-12-03T07:41:43+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-12-03T07:41:45+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"334\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Sagi\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sagi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"1 minute\" \/>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - News","description":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - Cyber Security","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/","og_locale":"en_US","og_type":"article","og_title":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - News","og_description":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - Cyber Security","og_url":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/","og_site_name":"News","article_published_time":"2025-12-03T07:41:43+00:00","article_modified_time":"2025-12-03T07:41:45+00:00","og_image":[{"width":600,"height":334,"url":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png","type":"image\/png"}],"author":"Sagi","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sagi","Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#article","isPartOf":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/"},"author":{"name":"Sagi","@id":"https:\/\/cardonet.com\/news\/#\/schema\/person\/402defdb075c0a6c1317a1b8fdf85481"},"headline":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning","datePublished":"2025-12-03T07:41:43+00:00","dateModified":"2025-12-03T07:41:45+00:00","mainEntityOfPage":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/"},"wordCount":2679,"commentCount":0,"publisher":{"@id":"https:\/\/cardonet.com\/news\/#organization"},"image":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png","keywords":["AI Cyber Security","AI Threat Detection","Cyber Insurance Costs","Cyber Security"],"articleSection":["Cyber Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/","url":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/","name":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - News","isPartOf":{"@id":"https:\/\/cardonet.com\/news\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#primaryimage"},"image":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#primaryimage"},"thumbnailUrl":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png","datePublished":"2025-12-03T07:41:43+00:00","dateModified":"2025-12-03T07:41:45+00:00","description":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning - Cyber Security","breadcrumb":{"@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#primaryimage","url":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png","contentUrl":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2025\/12\/ai-vs-ai-when-cyber-criminals-and-defenders-both-weaponize-machine-learning-cardonet.png","width":600,"height":334,"caption":"AI vs AI - When Cyber Criminals and Defenders both weaponize machine learning"},{"@type":"BreadcrumbList","@id":"https:\/\/cardonet.com\/news\/ai-vs-ai-when-criminals-and-defenders-both-weaponize-machine-learning\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"News Home","item":"https:\/\/cardonet.com\/news\/"},{"@type":"ListItem","position":2,"name":"AI vs AI: When Criminals and Defenders Both Weaponize Machine Learning"}]},{"@type":"WebSite","@id":"https:\/\/cardonet.com\/news\/#website","url":"https:\/\/cardonet.com\/news\/","name":"News","description":"IT Services from Cardonet","publisher":{"@id":"https:\/\/cardonet.com\/news\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cardonet.com\/news\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cardonet.com\/news\/#organization","name":"Cardonet","url":"https:\/\/cardonet.com\/news\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cardonet.com\/news\/#\/schema\/logo\/image\/","url":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2018\/06\/it-support-london-cardonet.png","contentUrl":"https:\/\/cardonet.com\/news\/wp-content\/uploads\/2018\/06\/it-support-london-cardonet.png","width":1920,"height":1080,"caption":"Cardonet"},"image":{"@id":"https:\/\/cardonet.com\/news\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/cardonet.com\/news\/#\/schema\/person\/402defdb075c0a6c1317a1b8fdf85481","name":"Sagi","sameAs":["http:\/\/www.cardonet.co.uk"]}]}},"_links":{"self":[{"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/posts\/4661","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/comments?post=4661"}],"version-history":[{"count":1,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/posts\/4661\/revisions"}],"predecessor-version":[{"id":4667,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/posts\/4661\/revisions\/4667"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/media\/4666"}],"wp:attachment":[{"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/media?parent=4661"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/categories?post=4661"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cardonet.com\/news\/wp-json\/wp\/v2\/tags?post=4661"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}