AI brings double-sided security challenge

Intro

Many organizations embrace AI to enhance cybersecurity—but at the same time, worry that it opens the door to new threats. Recent research by Trend Micro reinforces this tension: 81 % of companies use AI defensive tools, yet 94 % fear it also increases their attack surface.

So, how can you use AI without compromising security? We explore the key risks and share actionable insights—drawing also on software best practices from APPelit and audit experience at AltF7.

Why AI is a double challenge

AI can rapidly scan for vulnerabilities, detect anomalies, and automate defenses. But attackers are using AI too—launching advanced phishing, finding exploits in frameworks, and intensifying social engineering.

At Pwn2Own Berlin, researchers uncovered seven zero-day vulnerabilities in major AI frameworks like Nvidia Triton and Redis, using single flaws to gain full compromise. This shows AI is not just a shield—it can also be a weapon.

What are the biggest risks?

Companies, especially in the UK, highlight these AI-linked threats:

• AI-driven phishing and deceiving users (54 %)

• Exposure of sensitive data via AI processes (41 %)

• Shadow IT growth, where employees bypass controls (38 %)

Combined with an expanding AI attack surface, these concerns make proactive security essential.

How to embrace AI securely

1. Incorporate security from design

AI must be protected from day one. From data ingestion to model deployment, security should be built in—just like APPelit integrates secure coding practices in custom software.

2. Test frameworks and dependencies

Run penetration tests, fuzzing, or red-teaming on AI modules. Identify zero-day vulnerabilities before attackers do.

3. Monitor usage and controls

Detect unusual behaviors such as bulk data downloads or unauthorized model access. AI can help—but demands its own security and logging.

4. Train teams and users

Educate staff on AI-manipulated content and phishing. Threat awareness must evolve alongside capability.

5. Audit AI systems

AltF7 performs independent assessments of AI assets—combining technical testing with risk context and governance review.

The role of Altf7

At AltF7, our audits go beyond plugging tools. We assess your entire AI lifecycle—from data sourcing to deployment and response readiness. And in partnership with developers like APPelit, we ensure embedded AI security isn't an afterthought, but a built-in feature of systems.

Cybersecurity is not a one-time project or a technical afterthought. It's a strategic responsibility—and business leaders must act accordingly.

Curious where your organization stands? Book a board-focused audit with AltF7 or schedule a strategy session with our security experts.