Key Takeaways
- AI is fundamentally reshaping cybersecurity, giving attackers an immediate advantage because they need to succeed only once while defenders must be flawless at all times.
- In the longer term, AI can become a powerful defensive tool if organizations invest in AI‑supported security practices, build systemic resilience, and adopt defense‑in‑depth strategies.
- Effective coordination, robust public‑private partnerships, and appropriate incentive structures (including sustained investment) are essential to shorten the window where attackers hold the edge.
- Individuals should continue practicing basic cyber hygiene—avoiding suspicious links, protecting passwords, and using multi‑factor authentication—while organizations harden defenses with measures such as passkeys and two‑factor authentication.
- Rapid, continuous expert assessments are needed to keep pace with the unprecedented diffusion of generative AI, especially because even specialists often cannot fully explain how these models work.
- AI is integral to national security and defense; protecting critical infrastructure, enabling warfighters, and countering adversarial AI use are all areas where AI capabilities are being actively pursued, exemplified by ongoing projects at Arizona State University’s work on hospital cybersecurity, military training, and space‑based communications.
Overview of AI’s Dual Role in Cybersecurity
Artificial intelligence is changing the cybersecurity landscape in a way that benefits both attackers and defenders. Nadya Bliss, executive director of the Advanced Capabilities for National Security Institute at Arizona State University, describes AI as a two‑edged sword. While malicious actors can now launch sophisticated attacks without deep expertise, defenders can also harness AI to detect threats faster and automate responses. The central challenge is that attackers need only a single successful breach, whereas defenders must maintain flawless protection across every vector.
Short‑Term Advantage for Attackers
In the near term, the report argues that AI tilts the balance toward attackers. The ease with which generative models can craft convincing phishing lures, automate vulnerability discovery, or evade detection lowers the barrier to entry for cybercrime. Bliss emphasizes that this shift cannot be ignored; society must address the emerging risks to protect digital systems before the threat landscape becomes even more hostile.
Long‑Term Hope for Defenders
Despite the short‑term advantage for offenders, Bliss expresses optimism that the longer‑term outlook favors defenders. By integrating AI into security operations—such as continuous monitoring, anomaly detection, and automated patching—organizations can shift from reactive to proactive postures. Achieving this outcome, however, hinges on deliberate investment in AI‑enabled defenses and the cultivation of a resilient cybersecurity ecosystem.
Advice for Individuals and Households
For the average person managing bank accounts, passports, and medical information online, Bliss recommends sticking to proven hygiene practices: avoid clicking on unsolicited links, never share passwords or sensitive data over the phone, and enable multi‑factor authentication wherever possible. She notes that many high‑profile institutions, such as banks, have already strengthened defenses with tools like passkeys and two‑factor authentication, but individual vigilance remains a critical layer of protection.
The Time Gap Between Vulnerability and Countermeasures
Bliss identifies the “margin of time” as a crucial metric—the period during which attackers enjoy an advantage before defenders’ AI‑based countermeasures catch up. The report advocates compressing this gap through effective coordination, robust public‑private partnerships, and clear incentive structures that encourage sustained investment in defensive AI. Without such measures, the window of vulnerability could persist, leaving systems exposed.
AI as Both Problem and Solution
Echoing a broader technological pattern, Bliss likens today’s AI moment to the 1990s‑early‑2000s internet boom, when capability outpaced safeguards. AI itself is neither inherently good nor bad; its impact depends on how society builds guardrails. She stresses that merely limiting the release of powerful models (e.g., restricting access to Anthropic’s Claude Mythos) is insufficient. Instead, developing systemic resilience and a defense‑in‑depth strategy is essential to reap AI’s benefits while mitigating misuse.
Case Study: Anthropic’s Claude Mythos Model
The rapid expert consultation coincided with the debut of Anthropic’s Claude Mythos, a frontier generative model whose capabilities sparked both excitement and concern. Bliss cites Mythos as an illustrative example of how cutting‑edge AI can be deployed rapidly, underscoring the need for simultaneous risk assessment and capability evaluation. The model’s initial restricted release highlighted awareness of its potential dangers, but the authors argue that lasting safety requires broader institutional safeguards rather than isolated access controls.
Scariest Development and Sources of Relief
Reflecting on her early career in the late 1990s, Bliss recalls a palpable sense that the nascent internet was riddled with vulnerabilities—a feeling that proved prescient as data breaches and social‑media harms emerged. Today, she sees parallels in the rapid diffusion of AI, which could recreate similar blind spots if security is an afterthought. Her relief comes from observing that society has learned from past mistakes: improved infrastructure, policy frameworks, and incentive mechanisms now protect users on social media and interconnected systems. Applying those lessons to AI, she believes, can prevent a repeat of earlier oversights.
Need for Continuous Expert Assessments
Given the unprecedented scale at which generative AI is permeating every sector—healthcare, banking, travel, entertainment, and the arts—Bliss argues for a regimen of rapid, ongoing expert consultations. Because even specialists often cannot fully explain how these models work, a gap exists between technical understanding and widespread usability. Continuous reassessment across domains would help societies anticipate risks, adapt guardrails, and ensure that AI’s integration remains safe and beneficial.
Implications for National Security and Defense
AI is now a cornerstone of national security strategy. The Pentagon’s aggressive pursuit of AI adoption aims both to empower warfighters and to shield them from adversaries employing AI for offensive operations. Bliss highlights that AI’s role spans protecting critical infrastructure—energy, health care, water supplies—to maintaining operational capability in contested environments. At Arizona State University, researchers are actively applying AI to bolster hospital cybersecurity, enhance military training performance, and accelerate communications between space‑based assets, demonstrating how academic‑defense partnerships can translate AI advances into tangible security gains.