AI, Threats and Defense: The Future of Cybersecurity

Generative AI is bringing about a revolution, but it is also accelerating the evolution of cyber threats. Can organizational security teams respond quickly enough to the new challenges? How much risk do organizations take by delaying the implementation of security solutions with predictive analytics? We discussed these pressing issues, the concept of the “human firewall,” and how much Fortinet invests in education and the integration of AI into its entire cybersecurity framework, with Tomislav Tucibat, Country Manager for the Adriatic region at Fortinet.

How are traditional cyber threats such as phishing, malware, and disinformation evolving with the use of generative AI?

Threat actors primarily use AI to enhance the efficiency and scale of existing techniques like social engineering and malware deployment. The technology is also lowering the barrier to entry for cybercriminals, enabling both novice and skilled threat actors to execute successful (and lucrative) attacks. A serious long-term concern is the speed with which these actors share successful methods and tools. Techniques developed by one bad actor are often adopted by others in a matter of weeks. Organisations are being driven to move faster than their security teams can keep up with.

How prepared is the global community to defend against AI-driven attacks?

The evolution of cyber-defense includes emphasising AI-powered threat hunting, hyper-automated incident response capabilities, and the potential rethinking of security architectures. Beyond making strategic and tactical adjustments to defenses, public-private partnerships are critical to our collective success. International cooperation is no longer optional; it’s the only path to effective defense. These discussions must also inform policy changes, requiring the proactive development of new frameworks and standardized, globally accepted norms about AI use and misuse.

AI will continue to impact every aspect of cybersecurity. Regardless of its resources or expertise, no single entity can successfully navigate this shift alone. At Fortinet, we continue to contribute to the Center for Long-Term Cybersecurity’s (CLTC) AI-enabled cybercrime effort and other similar initiatives. We support defenders across industries and borders as we navigate the changing threat landscape and work together to outpace adversaries.

Success will depend not just on technology, but on cooperation, flexibility, and continuous adaptation.

Is there enough awareness of the limitations of legacy security systems? To what extent are organizations in this region ready to adopt AI-powered defense solutions with predictive analytics?

Organisations are aware of the limitations of legacy security systems, however, due to the headline-grabbing hype AI generates, it is hard to pinpoint what is and what is not an imminent threat. We must separate the signal from the noise concerning AI-enabled cybercrime. One thing that is clear, however, is that AI is accelerating the speed and scale of cyberattacks and organisations cannot risk hesitating and waiting to adopt AI-powered defense solutions with predictive analytics.

As both the weakest link and a critical line of defense, how should we approach the human factor in cybersecurity?

Fortinet has long promoted the concept of a human firewall, a team within an organisation that actively follows security best practices to identify and prevent suspicious or malicious activities, as well as data breaches that could bypass traditional computer security systems.

This firewall differs from a technical firewall that digitally blocks the malicious traffic that could compromise the system. A good human firewall works as a human layer of protection where employees are educated enough to secure the network. Thus, the human firewall is empowered through security awareness, education, incentives, technologies, and more.

To improve security awareness and close the skills gap in the cybersecurity industry, Fortinet offers free training to schools, veterans and individuals. It is on track to train one million people by the end of 2026.

Attackers are increasingly targeting “soft spots” within complex enterprise systems. What are the emerging attack surfaces, and which industries are most at risk? What are the potential consequences for those industries?

Reconnaissance is surging. Cybercriminals are deploying automated scanning at a global scale. Active scanning in cyberspace reached unprecedented levels in 2024, rising by 16.7% worldwide. FortiGuard Labs observed billions of scan attempts each month, equating to 36,000 scans per second, revealing an intensified focus on mapping exposed services, such as SIP and RDP, and OT/IoT protocols like Modbus TCP. Tools like SIPVicious and commercial scanning tools are weaponized to identify soft targets before patches can be applied, signaling a significant “left-of-boom” shift in adversary strategy.

Attackers are targeting widely used protocols in key sectors, such as telecommunications, industry, OT, industrial control systems (ICS), and financial services. Attacks on individual organisations can have devastating financial and reputational effects; at the same time, attacks on critical infrastructure can have far-reaching consequences for communities and societies. To effectively protect an organisation, defenders must understand what attackers are searching for and how their scans translate into real-world risks.

Given the complexity of IT environments in large enterprises, how does Fortinet’s Security Fabric architecture support integration and automation in cybersecurity?

Fortinet’s own approach integrates AI across the entire cybersecurity lifecycle, not as a bolt-on feature, but as a foundational capability. Rather than isolate AI in individual tools, its FortiAI roadmap embeds intelligence across the entire cybersecurity stack. AI is part of the Fortinet security fabric platform, where its components are aware of each other. They share data. They make decisions together. At Fortinet, AI are not just isolated tools, but an intelligent, coordinated system. FortiAI applies AI to the three key pillars of cybersecurity: threat intelligence, security enforcement, and security operations. Each pillar has its own AI-driven focus, which together form the backbone of Fortinet’s integrated security fabric.

How are organizations leveraging FortiDLP, FortiSIEM, and FortiSOAR to gain a competitive advantage?

FortiSIEM and FortiSOAR use AI and automation to provide critical threat detection, investigation, and response capabilities and the full range of essential security operations functions across the multivendor IT/OT security infrastructures of today’s enterprise. Meanwhile, FortiDLP is an endpoint data loss prevention solution that protects data while addressing compliance requirements. FortiDLP is cloud native and can be deployed in minutes to give your organization immediate visibility into business data flows and usage across your organization. Unlike legacy solutions, FortiDLP doesn’t require exhaustive data discovery and pre-built policies.

How does Shadow AI impact compliance with GDPR, HIPAA, or other regulatory frameworks when data is sent to external AI services? What risks does this create for organizations, and who should be accountable for managing AI-related risks within an enterprise?

The ‘shadow AI’ effect – the use of unvetted AI tools by employees – may expose organisations to data leakage, model poisoning and compliance failures. Sensitive data may be fed into external models without adequate governance, creating major privacy and security risks. Clear policies and guidance on AI tools and use are crucial to keep employees and organisational data safe. In addition, Fortinet’s FortiAI is able to detect hidden threats, including shadow AI, stops evasive attacks, and enforces secure AI usage through real-time controls and policies.

What is the future of the AI vs AI battle in cybersecurity?

As security professionals chart their defensive strategies, it’s vital that we anticipate how AI will reshape cybercriminal tactics in the coming years. Equally important is recognising the fundamental pivots and likely challenges that this evolution presents for the entire industry. Beyond using AI to mine for fresh vulnerabilities, cybercriminals could easily use AI to develop new attack vectors. Even though this isn’t occurring today, it’s a concept that will inevitably become reality. Finally, while a group of autonomous agent swarms conducting entire cyberattacks doesn’t seem plausible today, it’s crucial that the cybersecurity community monitors how threat actors are incrementally adopting automation to support their attacks.

As we anticipate how attackers might leverage AI in the future, it’s clear that countering more advanced AI-driven threats requires an evolution in defense. AI technologies can help us defend not just against AI-based attacks, but against any type of attack. AI gives us better visibility, deeper insights, faster reaction times and smarter automation. AI can analyse vast amounts of threat data in real time, detect subtle anomalies that would go unnoticed by humans and even respond autonomously to incidents.

What is your key piece of advice for organizations in this region looking to protect their business strategically? What would a recommended roadmap for AI-driven cyber resilience look like?

Cyberthreats no longer wait for vulnerabilities to be patched—they strike rapidly before most organisations can respond. It is important to work with a security partner that does not offer AI as a bolt-on, but has it embedded across the entire cybersecurity stack. This way, organisations can defend themselves from new and emerging threats in real-time.