Presentation Material
Abstract
AI is no longer just a tool—it’s becoming an essential teammate in cybersecurity. But how real is this transformation? And what does it mean for security teams? In this presentation, we’ll cut through the hype to explore AI’s tangible impact today—how it accelerates threat detection, automates responses, and augments human defenders. We’ll also look at what’s next: the rise of autonomous AI security agents capable of hunting threats, patching vulnerabilities, and defending systems in real-time—without human intervention. Imagine a future where cybersecurity is no longer a reactive process but a self-healing, AI-driven ecosystem. How will this reshape security operations? What new skills will engineers need? Join us as we explore how AI is revolutionising cybersecurity and redefining the future of digital defense.
Presented at STACKx Cybersecurity 2025, organized by GovTech Singapore, on 15 April 2025.
AI Generated Summary
The talk examines the practical application of artificial intelligence in cybersecurity, separating current capabilities from common hype. It analyzes AI’s role from three perspectives: adversaries, defenders (including security vendors and researchers), and security operations center (SOC) practitioners.
Adversaries primarily leverage generative AI for social engineering, creating highly contextual and professional phishing emails and deepfakes. They also utilize malicious, unrestricted large language models (LLMs) like WormGPT and Zanthrox to automate malware generation and campaign planning. A key threat is the potential for “polluted” training data, where AI recommends non-existent or compromised code libraries.
Defenders employ AI as a force multiplier for vulnerability research and penetration testing. Tools like Pentest GPT and Reaper automate reconnaissance, permutation testing, and exploit discovery, significantly accelerating processes previously reliant on scarce expert talent. The emergence of cybersecurity-specific LLMs, such as Trend Micro’s Cyberron and Google’s SecGemini, provides contextual knowledge on threats and vulnerabilities, aiding in analysis and remediation guidance.
Within SOCs, AI addresses chronic issues like alert fatigue and personnel shortages by automating triage, incident response, and compliance reporting. A highlighted use case is automatic data classification and movement tracking for data loss prevention. Real-world adoption shows AI handling a high percentage of routine incidents, allowing human analysts to focus on escalations.
Key takeaways include: AI is unlikely to replace skilled jobs soon but will automate “grunt work,” potentially collapsing junior SOC tiers. It introduces new costs and threats, such as AI-powered attacks and data poisoning, requiring supervised deployment. The future is envisioned as a marketplace of specialized AI agents for tasks like red teaming and audit generation. Artificial General Intelligence (AGI) remains years away, with current AI focused on pattern mimicry rather than autonomous decision-making.