When AI Meets Cybersecurity: Threat and Shield

AI has transitioned from experimental to mainstream. Its ability to process and act on vast data at speed enables both unparalleled protection and unprecedented threats. Yet, tackling these risks hinges not only on technology but on people. And today’s cybersecurity talent shortage critically undermines our capacity to adapt.

1. AI as a Threat Multiplier

AI amplifies cyber risks with alarming efficiency:

• Personalized phishing: AI can craft hyper-personalized scams in minutes. Stephanie Carruthers from IBM X‑Force Red said, “attackers can potentially save almost two days of work by using generative AI models,” compared to the 16 hours it takes a human expert to create a phishing email.
• IBM experiments found AI-generated emails scored a 11% click-through rate, closely trailing human-crafted emails at 14%.
• A controlled Harvard‑led experiment revealed AI‑automated spear‑phishing emails reached a 54% click‑through rate, on par with human experts (and 350% better than generic control messages).

As attackers scale with AI, defenders must contend with increasingly convincing threats and a dearth of skilled professionals to counter them.

2. AI as a Cybersecurity Enhancer… But Only with Skilled Hands

The same capabilities that make AI dangerous can also be harnessed to defend systems. Modern cybersecurity platforms increasingly integrate AI for:

• Anomaly detection
• Automated incident response
• Threat intelligence aggregation
• Pre-deployment vulnerability scanning

However, the skills to deploy them effectively are in short supply:

• The global cybersecurity workforce gap reached an estimated 4.8 million unfilled roles in 2025. That’s a 19% increase year-over-year. (Programs.com)
• In the U.S. alone, over 500,000 cybersecurity positions remain unfilled, with just 1.3 million professionals currently employed.
• In 2025, organizations with staff shortages suffered $1.76 million higher average data breach costs compared to well-staffed peers.
• Critical skills gaps include:
  • AI and Machine Learning Security (34%)
  • Cloud Security (30%)
  • Zero Trust Implementation (27%)
• ISC² reports AI security skills have jumped into the top five most sought-after capabilities.

Yet, only 24% of hiring managers currently prioritize AI/ML skills, even as 37% of non-hiring managers see them as essential for career progression.

3. The Energy and Sustainability Factor

AI-driven defenses demand heavy computational and energy resources:

• Data center electricity use is set to double by 2026, with AI as a major driver.
• Security teams must now balance urgency and efficiency of AI tools with energy constraints and environmental goals.

In short: sustainability is a strategic consideration.

4. Strategic Integration: Bridging Skill, AI, and Sustainability Gaps

Organizations must act decisively with human-centered, AI-informed strategy:

1. Invest in training and equitable hiring:
   • ISC² reports widespread budget cuts and layoffs: 37% of teams faced budget cuts; 25% saw layoffs in 2024. This is hindering skills development.
   • WSJ readers criticize unrealistic job requirements and lack of clear career pathways, calling for on-the-job training, better inclusion, and internal promotion strategies.
2. Target AI security skills with focus:
   • A third of cybersecurity professionals say their companies lack expertise in AI security. Some firms like Mastercard are combining internal training with coding-focused recruitment to build this capacity.
3. Embed sustainability goals:
   • Trade off compute power with green AI practices: efficient models, renewables-powered infrastructure, and environmental oversight.
4. Modernize hiring pathways:
   • ISC² emphasizes apprenticeships, internships, and skills-based recruitment. Many strong candidates emerge from non-STEM backgrounds like retail, gaming, even construction—and bring transferable soft skills.
5. Practice realistic definition of skills:
   • Avoid requiring advanced certifications for junior roles. Focus on aptitude and culture fit instead.

Conclusion

AI is irrevocably changing cybersecurity by accelerating threats and modernizing defenses. But technology alone can’t keep pace. The talent shortage, especially around AI security, remains our greatest vulnerability. Only organizations that simultaneously invest in people, policy, and energy-conscious infrastructure can hope to lead in both resilience and innovation.

Editor’s Note: The opinions expressed here by the authors are their own, not those of Impakter.com — In the Cover Photo:  Gerd Altmann