Recent research highlights a 219% increase in mentions of malicious AI tools on the dark web. Threat actors are using AI to enhance phishing campaigns, automate vulnerability discovery, and accelerate account takeover attempts. Yet, despite these clear signals, fewer than half of security leaders strongly agree that AI will significantly increase the complexity and scale of cyber-attacks.
This disconnect is concerning. AI introduces a new category of risk, from shadow IT created by the use of unauthorised generative AI platforms, to potential vulnerabilities within custom-built large language models. These risks come on top of existing challenges around cloud environments, remote working, and third-party supplier ecosystems, all of which continue to grow the enterprise attack surface.
Managing this environment effectively requires more than traditional perimeter defences. It calls for continuous, proactive cyber risk exposure management with real-time asset discovery, vulnerability identification, and intelligent prioritisation of security actions.
Today, however, just two-fifths of organisations use dedicated tools to manage their cyber risk exposure proactively….
