AI in Cybersecurity: Emerging Risks, Power Asymmetry & Governance Challenges
Introduction
With cybercrime expected to cost the world $10.5 trillion annually by 2025 (Cybersecurity Ventures), AI is transforming both defence and attack capabilities. Advanced AI tools can now detect vulnerabilities at unprecedented speed, but also risk amplifying threats if misused.
“Technology magnifies intent—both for protection and exploitation.”
Key Data Snapshot
| Indicator | Data |
|---|---|
| Global cybercrime cost | $10.5 trillion/year (2025 est.) |
| Vulnerabilities patched | <1% of AI-discovered flaws |
| AI capability | Multi-stage attacks in minutes (vs days for humans) |
| Risk trend | Attack timelines shrinking drastically |
Background & Context
-
AI is increasingly used in cybersecurity for vulnerability detection.
-
Advanced models can:
- Identify hidden flaws in software systems
- Simulate attacks and exploit chains
-
However, restricted-access AI systems face:
- Security breaches
- Risk of falling into unauthorised or malicious hands
Key Concept: AI in Cybersecurity
Traditional vs AI-based Cybersecurity
| Aspect | Traditional Systems | AI-driven Systems |
|---|---|---|
| Approach | Pattern-based scanning | Behavioural & adaptive reasoning |
| Speed | Slow (days/weeks) | Extremely fast (minutes) |
| Capability | Known vulnerabilities | Unknown & complex vulnerabilities |
| Limitation | Limited scalability | Risk of misuse |
Case Study: AI Vulnerability Detection Model
-
AI model capable of:
- Interacting with software dynamically
- Testing inputs and refining attack paths
-
Found:
- Thousands of high-severity vulnerabilities
- Weaknesses in major systems (OS, browsers)
Key Concern
-
Unauthorized access by a small group exposed:
- Weak safeguards
- Risk of exploitation
Analytical Insights
1. Power Asymmetry: Attackers vs Defenders
- Attackers:
• Need to exploit only ONE vulnerability
• Face minimal constraints
- Defenders:
• Must secure the ENTIRE system
• Face operational, financial, and coordination constraints
→ Result: Structural imbalance in cybersecurity
--------------------------------------------------
2. Shrinking Time Window
- Earlier:
• Vulnerability → Exploitation took months
- Now:
• Happens in minutes using AI
→ Result: Traditional patching cycles become ineffective
--------------------------------------------------
3. “Visibility ≠ Security”
- AI can discover thousands of vulnerabilities rapidly
- Organisations lack capacity to fix all
→ Result: Prioritisation becomes critical and risky
--------------------------------------------------
4. Democratization of Threat
- Smaller and cheaper AI models replicate advanced capabilities
- Wider access to offensive tools
→ Result:
• Lower entry barriers for attackers
• Increased frequency and sophistication of cyberattacks
Implications
1. Critical Infrastructure Risk
- Banking, healthcare, power grids vulnerable.
2. Governance Challenges
- Can private companies act as gatekeepers of powerful AI tools?
3. Economic & National Security Threat
- Increased cyber warfare risks.
- Potential systemic disruptions.
Challenges
- Weak access controls in AI systems.
- Lack of global AI governance frameworks.
- Rapid evolution of threats vs slow policy response.
- Ethical concerns in AI deployment.
Way Forward
- Strengthen AI governance & regulation frameworks.
- Invest in real-time patching systems.
- Promote zero-trust architecture in cybersecurity.
- Encourage public-private collaboration.
- Develop AI ethics and accountability standards.
Conclusion
AI has fundamentally altered the cybersecurity landscape, creating a paradox where tools designed for protection can also enable large-scale threats. The challenge lies in balancing innovation with robust safeguards and governance mechanisms. As cyber risks grow exponentially, India and the world must adopt a proactive, adaptive, and collaborative cybersecurity strategy to ensure resilience in the digital age.
Attribution
Original content sources and authors
Syllabus classification
How this article maps to GS papers
Main syllabus
GS3Cyber SecurityQuick Q&A
What is Mythos and how does it differ from traditional cybersecurity tools?
This interactive and reasoning-based capability allows Mythos to uncover previously undetected, deep architectural flaws that may have persisted for years despite multiple security audits. Additionally, it can chain together multiple vulnerabilities into complex exploits, simulating real-world cyberattacks. This significantly enhances its effectiveness compared to static scanners, which often fail to detect such interconnected weaknesses.
For example, in controlled evaluations, Mythos successfully executed multi-stage attacks on vulnerable systems—tasks that would take human experts days to accomplish. This highlights a major shift in cybersecurity: from reactive detection to proactive, intelligent exploration. However, this also raises concerns, as such powerful capabilities can be misused if access is not tightly controlled.
Why does the Mythos incident raise concerns about AI governance and technological gatekeeping?
This raises the question: Can any single entity be trusted to securely manage technologies with far-reaching societal implications? The incident reveals that even well-resourced organisations may struggle to enforce robust safeguards. Moreover, the existence of similar capabilities in smaller, open-source models suggests that restricting access may not effectively prevent misuse.
For instance, previous incidents such as data leaks from major tech firms show that centralised control does not guarantee security. Instead, it may create high-value targets for attackers. Thus, the Mythos case highlights the need for decentralised oversight, regulatory frameworks, and international cooperation to ensure responsible AI deployment while mitigating systemic risks.
How does AI like Mythos create an asymmetry between attackers and defenders in cybersecurity?
Defenders must ensure system stability, avoid downtime, and coordinate across multiple teams before implementing fixes. In contrast, attackers require only a single exploitable vulnerability to succeed. Mythos amplifies this imbalance by generating a continuous pipeline of high-severity vulnerabilities, many of which remain unpatched due to resource and time constraints.
For example, Microsoft has highlighted that the window between vulnerability discovery and exploitation has shrunk dramatically—from months to minutes. This compresses response timelines and increases the cost of errors. As a result, organisations must rethink traditional cybersecurity strategies, prioritising rapid response, automated patching, and real-time threat intelligence to keep pace with AI-driven threats.
What are the key reasons behind the growing vulnerability pipeline despite advanced detection tools like Mythos?
Second, patch deployment is inherently complex. It involves testing for compatibility, avoiding system disruptions, and scheduling downtime—especially in critical sectors like banking, healthcare, and energy. These constraints slow down the remediation process, leading to a backlog of known but unpatched vulnerabilities.
Third, prioritisation challenges exacerbate the issue. Not all vulnerabilities are equally critical, but determining which ones pose the greatest risk requires sophisticated risk assessment frameworks. For instance, a flaw in a hospital system may have more immediate consequences than one in a less critical application. This mismatch between detection speed and remediation capacity is the primary driver of the expanding vulnerability pipeline.
Critically analyse the risks and benefits of AI alliances like Project Glasswing in cybersecurity.
However, these alliances also present significant risks. Restricted access to powerful tools may create an uneven playing field, where only a select group benefits from advanced capabilities जबकि others remain vulnerable. Additionally, centralising sensitive technologies increases the risk of large-scale breaches, as seen in the Mythos incident.
Another concern is the potential for reduced transparency and accountability. When decision-making is concentrated within a small group, it may exclude broader stakeholder perspectives, including governments and civil society. Thus, while AI alliances can enhance collective security, they must be complemented by regulatory oversight, transparency mechanisms, and inclusive governance to ensure that benefits are equitably distributed and risks are minimised.
Provide examples of how AI-driven cybersecurity tools could impact critical infrastructure sectors.
For example, in the banking sector, AI could uncover vulnerabilities in transaction processing systems, enabling fraudulent activities or large-scale financial disruptions. In healthcare, exploiting software flaws in hospital systems could compromise patient data or disrupt life-saving equipment. Similarly, in the energy sector, vulnerabilities in power grid management systems could lead to widespread outages.
On the positive side, these tools can also enhance security by enabling proactive vulnerability detection and faster response mechanisms. For instance, governments and enterprises can use AI to audit their systems and strengthen defences before attacks occur. Thus, the impact of AI in cybersecurity is dual-edged—it can either reinforce resilience or amplify risks, depending on how it is governed and deployed.
In a scenario where unauthorised actors gain access to an AI tool like Mythos, how should governments and organisations respond?
Next, there should be a focus on risk communication and transparency. Informing stakeholders, including affected organisations and the public, helps build trust and enables collective action. Simultaneously, organisations must prioritise patching critical vulnerabilities identified by the compromised tool, even if it requires temporary operational disruptions.
In the long term, this scenario highlights the need for stronger cybersecurity frameworks, including zero-trust architectures, continuous monitoring, and stricter access controls. For example, adopting multi-factor authentication and limiting third-party access can reduce the risk of similar breaches. Ultimately, resilience depends not just on technological solutions but also on governance, preparedness, and collaboration across sectors.
Practice questions
1 question for mains preparation