BLOG

AI in cybersecurity: where are we today as a market?

Michał Malanowicz
Michał Malanowicz
22/05/2026
null

TL;DR: AI has fundamentally transformed cybersecurity, primarily through the automation of attacks, lowering the entry barrier for cybercriminals, and dramatically accelerating offensive operations. AI models are now capable of automatically analyzing environments, identifying vulnerabilities, and generating attack scenarios or malicious code. At the same time, AI is becoming increasingly integrated into development environments, improving productivity while also introducing new risks related to vulnerabilities and loss of control over data.

Another growing concern is so-called shadow AI and the transfer of sensitive information to external models. As a result, organizations are beginning to implement additional control layers such as SASE, Secure Browsers, and modern DLP solutions that monitor and control communication with AI models.

The market is still maturing when it comes to these types of security controls, especially in Poland, but the direction is already clear: AI security is becoming a new foundation of cybersecurity architecture.

How Artificial Intelligence Has Changed the Cybersecurity Landscape

The commercialization of artificial intelligence in the cybersecurity space has been a rapid breakthrough that impacted multiple areas simultaneously. The most visible change concerns the speed and scale of automation. Tasks that previously required hours or even days can now be executed almost instantly. Ready-made mechanisms have emerged that are capable of rapidly analyzing entire environments, automatically identifying vulnerabilities, and preparing multiple scenarios for compromising security systems.

The economics of cyberattacks have also changed significantly. The barrier to entry has been dramatically lowered, while the scale of operations has increased enormously. Attackers no longer need to select targets carefully — they can now operate at scale without requiring advanced expertise.

In this article, we examine how artificial intelligence has fundamentally changed the cybersecurity landscape, how it is currently being used by both attackers and defenders, what new categories of risk it introduces, and how organizations can protect themselves — both from a process perspective and through specific technologies.

Three Key Areas of AI Usage in Cybersecurity

Offensive Use of AI – Attack Automation

The first major area is the offensive domain, where AI is used to automate vulnerability discovery and exploitation. Models can continuously analyze code, configurations, and entire environments, then generate attack scenarios. The key shift is that this process is no longer manual. This is currently the fastest-growing area, where the number of emerging threats is increasing at the highest pace.

Typical use cases include:

  • Automated scanning and identification of vulnerabilities in IT systems,
  • Generation of malicious code and exploits tailored to identified weaknesses,
  • Conducting attacks with a speed and precision impossible to achieve without AI — increasing operational velocity by several orders of magnitude.

AI in Development Environments

Development environments are increasingly integrating AI models that support developers in their daily work, automate parts of CI/CD pipelines, and accelerate software development. While this significantly improves efficiency and productivity, it also introduces new risks. Code generated or co-created by AI may contain vulnerabilities, and the data used by models is not always fully controlled. Maintaining AI-generated code can also become problematic, leading to additional bugs and security gaps over time.

Data Protection

Organizations are beginning to realize that using AI models, especially cloud-based ones, creates a very specific challenge: losing control over what data is actually being sent to the Internet and what happens to that data afterward. In practice, information submitted to AI models may be processed outside the organization, transferred to the provider’s infrastructure, and in some cases even used for further model training or processing.

In response to these risks, a new control layer is emerging between the user and the AI model. Intermediary mechanisms, typically implemented as proxy layers at the network edge, intercept prompts before they leave the organization. They analyze content, detect sensitive data, and decide whether a request can be forwarded or should be blocked. In more advanced solutions, data is sanitized (cleaned and/or anonymized) before being sent, while responses from the model are enriched again with real organizational data.

These mechanisms are increasingly integrated with DLP policies, enabling organizations to bring data governance to an entirely new level. DLP is no longer just a tool for monitoring data leaks — it is becoming an active mechanism controlling what information can be used in interactions with AI.

What Technologies Actually Support Security in the AI Era?

SASE as Control Over What Actually Happens Inside the Organization

The role of SASE solutions extends far beyond traditional "network security." In practice, when it comes to AI protection, these platforms provide visibility and control over which applications and AI models are being used, as well as what data is being transmitted to the Internet and how.

A key component of SASE is complete control over data flows and the ability to enforce security policies. Organizations can decide which AI models are allowed, which are blocked, and which require additional inspection. More importantly, it becomes possible to intercept the interaction itself — exactly what users send to models and what they receive in response. This is now absolutely critical if an organization allows the use of external AI models. Without this layer, organizations effectively lose control over where their data is going.

However, it is important to state clearly: SASE alone is not a perfect solution and often requires support from additional tools. SASE provides operational control and significantly reduces risk, but it does not eliminate it entirely.

Secure Browser

One of the most underestimated — yet increasingly important — elements of organizational cybersecurity is the secure enterprise browser.

A secure browser is designed as a managed, isolated environment for web browsing in business use cases. It enforces security policies, manages user activity, and isolates browser sessions to protect sensitive data.

By isolating user activity from the endpoint device itself, Prisma Browser from Palo Alto eliminates risks associated with untrusted devices while providing full visibility into application activity — without requiring traffic decryption. The browser also offers protection against zero-day threats, ransomware, and phishing attacks, making it an ideal solution for hybrid work and Bring Your Own Device (BYOD) environments.

This approach also enables full control over information flow between the corporate environment and the point where users actually interact with AI models.

Based on conversations with clients, there is a very clear gap between awareness of AI-related risks and actual purchasing decisions. Organizations increasingly understand that AI is changing how attackers operate and that traditional approaches to cybersecurity are no longer sufficient. However, adoption of solutions such as SASE or Secure Browsers is still far from mainstream.

It is worth noting that in markets such as the United States and Western Europe, platforms like Netskope and Prisma Access are already being deployed as standard components of cybersecurity architecture.

In Poland, the market is still a few steps behind this trend. That does not mean it will not arrive — only that it will arrive later. At the same time, a very interesting market direction is emerging. Alongside expensive, advanced platforms, more affordable alternatives are beginning to address the same problem in a more accessible way. One example is modern DLP solutions such as FortiDLP, which introduce mechanisms for detecting shadow AI and blocking the transmission of sensitive data to AI models, but with a much lower entry barrier.

This may become a turning point. If cost stops being the main obstacle, adoption rates could increase very rapidly — especially since the problem itself will only continue to escalate.

At the end of the day, organizations should ask themselves one question: do you actually have control over how AI is being used inside your organization and what data is being shared with it? If the answer is uncertain, this is exactly the moment to start addressing the issue.

Contact us to discuss AI-related risks, your environment, and how to approach this topic in a way that makes both business and technological sense.

Text autor:
Michał Malanowicz
Michał Malanowicz , CTO , 4Prime IT Security
An IT expert with over 20 years of experience, including 10 years in cybersecurity. As an engineer, manager, and entrepreneur, he combines technical expertise with a practical approach to team and project management. He specializes in designing and implementing innovative solutions that effectively enhance the security and efficiency of IT systems. With strong analytical skills and a strategic mindset, he helps clients achieve their business goals by delivering effective, tailored technology solutions.

Read more

null

AI

Phishing, deepfakes, and attack automation: how AI is reshaping the threat landscape

AI kontra krytyczne myślenie

SOC

AI vs. critical thinking in cybersecurity. Reflections from a SOC specialist

Ustawa NIS2 czeka na podpis Prezydenta – co się zmienia?

NIS2

NIS2 signed by the President — What’s Changing?

The attack on your company could have started a month ago.

Check how you can secure your organization today.