developments , HackerOne research found that 48 % of security professionals now consider AI the most significant security risk to their organisation .
However , while AI may be reshaping the activities of bad actors , it is also revolutionising how security teams deploy their advanced skills to battle cybercriminals . AI enables advanced behavioural analytics to flag potential attacks for faster incident response ; automates threat detection in real-time ; spots phishing attempts ; identifies vulnerabilities ; and can process large volumes of threat intelligence data to identify emerging threats and attack patterns . AI can also automate routine tasks , such as speeding up the reading of source code .
AI also plays a significant role in collaborative security . Vulnerabilities usually demand detailed technical guidance and clear instruction for remediation . AI can translate complicated industry jargon into clear , actionable steps , ensuring teams work together more effectively . All of these faster tasks and processes add up to more free time security teams can spend focused on strategically important tasks .
Recent AI developments are enabling criminals with minimal or no knowledge to plan and enact attacks at scale .
How effective are current response strategies , and what should organisations prioritise after an attack ?
In 2024 , the UK introduced the Cyber Security and Resilience Bill which aims to make reporting ransomware incidents mandatory , expand the scope of cyber-regulatory requirements , strengthen regulators ’ powers , and possibly ban ransomware payments completely . This bill would align the UK ’ s regulatory policy more with the EU ’ s NISC2 Directive .
The reporting of ransomware incidents remains a crucial intermediate step , so law enforcement can better track their movements to connect the dots between similarities of attacks , targets and vectors . Ultimately , over time , these bills could make tracking ransomware groups and individual perpetrators easier .
In the meantime , we are witnessing policymakers and global law enforcement agencies starting to work together with hackers and security experts to combat cybercrime . Governments are also starting to use vulnerability reward programs to incentivise responsible disclosure of vulnerability to reduce their threat landscape .
How does the rise of cryptocurrency payments impact ransomware and can this be disrupted ?
Cryptocurrencies such as Bitcoin use blockchain technology to track transactions , making it challenging to identify criminals . Ransomware operators obscure funds through multistep processes , ‘ chainhopping ’ between cryptocurrencies , and using mixing services or privacy coins like Monero . Adding to this , ransomware operators now refrain from sharing wallet addresses in their ransom demands , making it even more difficult to trace the flow of funds .
However , law enforcement agencies are able to employ blockchain analysis tools ( such as coinfirm , ciphertrace and chainalysis ) to better track these cryptocurrency ransom payments . This is achieved through analysing transaction histories , identifying patterns and following the flow of funds across various wallets . Agencies worldwide are now operating in close collaboration to track down international ransomware gangs through coordinated investigations and shared intelligence .
What ’ s the future of ransomware and how can collaboration improve global defences ?
In 2025 , AI ’ s deepening role in business operations and the cyberthreat landscape is set to heighten the arms race between security teams and cybercriminals . Over half ( 58 %) of security researchers predict that AI will increasingly drive this competitive escalation , as both defenders and attackers leverage AI to outmanoeuvre each other . Already , cybercriminals are harnessing AI-driven tools – like chatbots , voice cloning and Generative AI – for sophisticated attacks , including phishing , impersonation and widespread misinformation campaigns .
As new emerging technologies like AI come into play , models like RaaS will become supercharged with additional features and an even greater variety of offerings . For example , a dashboard that offers analytics or insights into which targets or industries are most vulnerable to a specific form of attack and malware . These new developments make it infinitely more challenging for defenders to keep up and underscore the need for regular , continuous adversarial testing .
Shobhit Guatam is Staff Solutions Architect EMEA at HackerOne . He has over 14 years of experience with extensive expertise in application , cloud and infrastructure security . Guatam has a proven ability to identify and mitigate risks through architecture reviews , pentesting and security audits .
WWW . INTELLIGENTCISO . COM 39