Artificial intelligence is rapidly becoming the center of gravity in cybersecurity—both as a force multiplier for defenders and as a powerful new weapon for criminals. Industry reports, including Experian’s latest annual forecast, describe a shift toward attacks that are faster, more believable, and harder to spot, even as security teams lean more heavily on automation to keep up.
Inside security operations teams, the same scene keeps playing out: more alerts, more ambiguity, and more messages that look “right” until they don’t. An email that appears to come from leadership reads flawlessly. A fake voice message sounds like an internal instruction. An urgent request lands at exactly the wrong moment. AI was supposed to save time; in practice, it can also burn it—because it raises the bar for attackers and forces organizations to re-check what used to be assumed: whether a message is authentic, whether a person is who they claim to be, and whether a piece of evidence can be trusted.
Experian puts AI at the top of its 2026 cyber risk list
In the 13th edition of its annual Data Breach Industry Forecast, Experian places AI front and center among the risks gaining momentum. The technology is evolving at a dizzying pace, and cybercriminals are often among the first to adopt tools like AI to get past defenses and exploit vulnerabilities, according to Michael Bruemmer, vice president of Global Data Breach Resolution at Experian.
The report doesn’t just predict more technical sophistication—it argues that the nature of attacks is changing. “We are entering a new era where cyberattacks are no longer just about stealing data, but about manipulating reality,” said Jim Steven, head of crisis and data response services at Experian Global Data Breach Resolution in the United Kingdom. The operational implication is stark: when an attack targets perception, the usual indicators—logs, traces, messages—can themselves become suspect.
Experian also says that among its clients, the countries most affected are the United States, the United Kingdom, and Canada. The message: AI-driven threats aren’t confined to lab scenarios. They’re showing up in already high-pressure environments where incident response and crisis management are full-time work.
Experian points to public sentiment as well. A study the company conducted among consumers in the U.S. and the U.K. found many respondents say they feel the impact of sophisticated attacks and worry threats will worsen. That erosion of trust isn’t just a reputational issue—when people doubt messages, proof, and identities, they can become easier to manipulate.
Europe’s warning: AI makes attacks faster, more convincing, and harder to detect
Across Europe, the cybersecurity tone is sharpening as AI tools become widely accessible. Analyses cited in specialized press describe a mechanical effect: AI can make attacks faster, more credible, and more difficult to detect. That three-part advantage reflects what AI gives attackers at scale—industrialization, personalization, and signal-blurring.
Speed comes first. A phishing campaign no longer needs long drafting and translation cycles; content can be generated, adapted, and tested quickly. Credibility follows: language becomes smoother, phrasing can be tuned to an industry, a country, or an internal corporate style. The usual noise of scams—obvious errors and inconsistencies—can fade. Detection gets harder because the line between legitimate and malicious messages shifts; what used to be a clue can become a decoy.
In that environment, cybersecurity starts to resemble investigative work. Teams aren’t only hunting technical signatures—they’re evaluating scenarios: who is speaking, to whom, in what context, and for what purpose. AI pushes defense to combine technical controls with organizational discipline, putting identity verification, validation of sensitive requests, and separation of duties back at the center of security.
The European alert isn’t that AI is only an accelerator for crime. It’s a reminder of a long-running reality in tech: the most powerful tools get used on both sides. The problem for defenders is tempo. When attacks become more agile, response can’t rely on piling on more layers—it has to reorganize.
A survey of 2,750+ leaders finds AI is widening the cybersecurity talent gap
The pressure isn’t only coming from attackers. It’s also coming from the labor market. A survey of more than 2,750 IT and cybersecurity decision-makers across 32 countries and regions, including France, highlights a growing problem: AI is expanding the skill set organizations need at the same time many are already struggling to hire and train.
The field-level paradox is familiar. AI promises to automate work like alert triage, event correlation, and anomaly detection. But using those tools safely requires people who understand what the machine is doing, what it isn’t doing, and how it can be fooled. A poorly configured assistant system can speed up a bad decision. A model trained on biased data can produce the wrong priorities. Skill doesn’t disappear—it changes shape.
The shift also reaches beyond technical roles. Security becomes a matter of internal communication, risk management, and process. When attacks convincingly mimic normal workplace exchanges, the boundary between cybersecurity and fraud narrows. Companies have to align security, IT, legal, compliance, human resources, and sometimes crisis communications. By making scenarios more realistic, AI forces tighter coordination.
The result is a durable strain: organizations need to level up while attackers are leveling up, too. The difference increasingly comes down to how quickly teams can learn and standardize good practices—not just how many tools they buy.
AI is also reshaping defense—faster detection, more automation, and new roles
The outlook isn’t purely bleak. Multiple analyses describe a security industry retooling around AI. The technology is moving into the core of modern defense by accelerating threat detection and improving the ability to process event volumes that exceed human capacity. In security operations centers, AI is used to prioritize, cluster, propose hypotheses, and sometimes trigger automated responses under supervision.
That evolution changes what skills matter. Training-focused publications emphasize a blend: strong technical fundamentals (networks, systems, application security), an understanding of data and model logic, and stronger cross-functional abilities like analysis, critical thinking, and communication. AI can generate recommendations, but it doesn’t replace judgment when the stakes are high—cutting access, isolating a server, blocking a transaction, or escalating to leadership.
Another shift is underway: cybersecurity is increasingly framed not only as protection but as resilience. If attacks become more credible, the question isn’t just how to prevent them—it’s how to limit impact, detect earlier, restore faster, and document what happened. Experian’s idea of “manipulating reality” lands here: when evidence can be altered, traceability and data governance become defensive lines.
What comes next depends on practical trade-offs. Organizations investing in AI for defense also have to invest in control—usage rules, oversight, human validation, and continuous training. Otherwise, they risk becoming dependent on systems they don’t fully understand. In a landscape where AI accelerates both sides, cybersecurity becomes a constant balancing act between automation and accountability.
Sources
- L'IA attire tous les regards en tant que menace majeure pour la cybersécurité en 2026
- L'Europe alerte : Les cybermenaces explosent avec l'essor de l'IA
- L'IA creuse le déficit de compétences en cybersécurité
- L'IA révolutionne la cybersécurité : les compétences qu'il faut avoir
- L'intelligence artificielle transforme la cybersécurité, mais le fossé …
