Rethinking AI as a privacy protector — Using good AI to defend against bad

Privacy professionals often focus on the privacy risks associated with using artificial intelligence tools within organizations. However, as cybercriminals increasingly use AI to execute sophisticated cyberattacks, perhaps the perspective should shift to view good AI as a necessary technical and organizational measure to protect privacy. 

This poses the question: If cybercriminals are using AI to sharpen their swords to execute sophisticated cyberattacks, can privacy professionals justify technical and organizational measures as adequate for the current day threat landscape if they are not using sophisticated AI cybersecurity countermeasures as a shield to protect data?

The threat landscape

According to the FBI Internet Crime Report 2024, the cost of cybercrime rose to USD16.6 billion in 2024 — a notable 33% increase from the previous year, and a warning that cybercrime continues to be on the rise. 

When you consider this alongside Anthropic's Threat Intelligence Report, which describes how cybercriminals are using generative AI to automate sophisticated threat campaigns, it paints a bleak picture. The Anthropic Report notes cybercriminals are weaponizing AI by embedding it into their operations and using it at all stages of a threat campaign, including data exfiltration, data analysis and the creation of false identities.

Unfortunately, AI lowers the barriers to entry for cybercriminals, meaning individuals who once lacked technical expertise can now use generative AI to scale sophisticated attacks and achieve far greater impact. This rise in scale and sophistication increases the strain on the defenses of those being targeted.