• AI is driving the economy and cybersecurity—both among attackers and defenders.
• AI is amplifying cyber threats by automating attacker workflows, enabling agentic decision‑making, scaling highly personalized social engineering, and producing malware that evades defenses.
• Security teams are deploying AI to fight back with behavioral monitoring to spot LOTL attacks, incident‑prediction models, agentic threat analysis, automated incident summaries, and more.

In the first quarter of 2025, investment in all things artificial intelligence (AI) contributed more to Gross Domestic Product (GDP) growth in the United States than even consumer spending, historically the country’s primary GDP driver. Now economists who first thought they were looking at a rare unicorn moment seem to have accepted a new truth: AI is driving everything, at least for the time being.

AI’s impacts aren’t just economic. The ability of AI to automate tasks (and even accomplish them on a user’s behalf) has established it as a cybersecurity accelerator both for attackers and defenders. Here’s a look at what it means.

New tools for attackers

Malware kits and other packaged tools made cybercrime accessible to an ever-widening population of attackers—an audience that now extends well beyond the APTs and organized groups traditionally linked with sophisticated attacks. The core abilities of AI—helping to process prodigious volumes of data, streamlining and automating otherwise time-consuming manual tasks, and now taking decision-making out of the hands of attackers via agentic AI—are making attacks more efficient even as they become more sophisticated, agile, and dangerous. It’s no surprise that security executives recently told Gartner that their top two concerns are AI-powered malicious attacks and misinformation campaigns. 

They’re worried because of what they see attackers already doing with AI-driven tools.

• They’re saving time. Early agentic AI is helping attackers eliminate manual steps from setting up attack infrastructure and develop ways to decide in real time how to interact with websites and backend systems.
• They’re scaling their ability to mount social engineering attacks. AI is making it harder to detect spear phishing, including deepfake voice and text that improve success rates by achieving uncanny levels of personalization. But it’s also making the process of mounting specific attacks easier.
• They’re automating reconnaissance and exploit discovery. AI allows attackers to scan vast networks for vulnerabilities in a timeframe that simply was impossible before AI entered the picture. This accelerates the ability to identify a target’s weak points.
• They’re outsmarting defenses. AI-enabled polymorphic malware rewrites itself to evade detection—and even to slip from the grasp of remediation efforts.  

New ways to find and stop threats

Just as AI is accelerating attack efforts, it’s also helping defenders find and stop threats that are escalating in volume, scale, and sophistication. Security teams could use the help. A recent study found cybersecurity resources aren’t keeping pace with threat levels, with budget growth slowing from 17% in 2022 to just 4% in 2025. 

The good news is that AI enhancements to existing defenses are helping teams do more in less time, alleviating much of the manual work associated with identifying and investigating threats–and even stopping threats before they can do damage.

Here are a few of the AI-enabled defenses that security teams can deploy today.

Stopping LOTL attacks. Living off the land (LOTL) attacks can be especially difficult to sniff out since they use legitimate operating system tools as cover for nefarious activity and leave few traces behind. But what if security teams had a way to detect unusual use of those otherwise legitimate tools? Enter Adaptive Protection, an AI-enabled feature of Symantec Endpoint Security Complete (SES-C). Adaptive Protection monitors an organization’s typical use of software and utilities, and then automatically flags behavior that falls outside that normal use.

Predicting and stopping an attacker’s next moves. Attackers chain together various techniques, tactics, and procedures (TTPs) to evade detection and infiltrate an environment. But a new capability is changing all that. Incident Prediction, another exclusive feature of SES-C, leverages AI to identify and disrupt LOTL and other attacks before damage can occur. Trained on a catalog of more than 500,000 attack chains, Incident Prediction predicts attackers' behaviors, prevents their next move in the attack chain, and quickly returns the organization to its pre-attack state.

Automatically initiating threat analysis. Attackers aren’t the only ones using agentic AI. SymantecAI, another feature of SESC, musters numerous AI agents to respond to queries by engaging virtually all of Symantec and Carbon Black’s threat intelligence and other data to analyze threats. The assistant can automatically activate internal threat analysis tools to get answers and surface insights that help security professionals decide what to do next.

Saving analysts hours, even days of time. SES-C also features incident summaries that use AI to sift through all the various events associated with an incident to produce a summary that analysts can consume in as quickly as a few seconds. The summaries include a well-written, easily understood narrative of the incident, followed by an array of details that reveal insights on an attack as it may be unfolding and guiding analysts on a course of action.

Speeding remediation. Process trees are great, but they don’t show the relationships between entities involved in an attack chain. Threat Tracer, a new feature of Carbon Black Enterprise EDR, relies on a foundation of machine learning-curated alerts to produce a dynamic visual map of attacks that can accelerate remediation.

Reducing false positives. A new enhancement to Carbon Black Cloud taps Google Gemini models to determine if a false positive (FP) is really an FP. This saves considerable time that would otherwise go toward sifting out FPs from true positives.

Providing answers even novices can understand. AI-enabled natural language processing (NLP) lets users ask questions using any wording they choose and get accurate, properly constructed Lucene query expressions in return. Now less experienced analysts can participate and contribute during investigations.

The point of no return

Clearly, AI isn’t going anywhere. For security teams, conversations around AI will increasingly focus on not whether to add it to their stack, but on when and how. Explore more details on how you can use AI to battle the latest threats.