AI Is Now Both the Weapon and the Shield in Cybersecurity

Drawing on insights from a Solutions Review Solution Spotlight with Radware, the Solutions Review editorial team explores how AI has become both a shield and a weapon in cybersecurity.

The cybersecurity industry has spent decades building walls, and AI just handed attackers a bulldozer. That’s not hyperbole—it’s an operational reality that security practitioners are navigating right now. The same technology that’s making enterprise software smarter, faster, and more productive is simultaneously lowering the barrier to sophisticated cyber-attacks to near zero. Tools that once required darknet connections, criminal networks, and serious technical expertise are now available on GitHub, priced like Netflix subscriptions, and capable of generating hundreds of thousands of attack requests per second from nothing more than a mobile phone.

This shift was the focus of a recent Solutions Review Solution Spotlight featuring Michael Morgenstern, Partner at DayBlink Consulting, and Eva Abergel, a Senior Solution Expert at Radware. What emerged was a candid, technically specific discussion of where AI-powered attacks stand today—and what defenders actually need to do about them.

AI-Powered Cyberattacks: What’s Actually Happening and How to Defend Against It

The uncomfortable truth surfacing across enterprise security conversations is this: The vast majority of organizations acknowledge AI is essential to their security posture, but only about a quarter have any meaningful governance or responsible AI management in place. That gap between recognition and action is exactly the space attackers are exploiting right now.

How AI Has Already Changed the Attack Toolkit

Not long ago, launching a sophisticated cyber-attack required specialized knowledge, underground connections, and purpose-built infrastructure. That era is over. The tools that research teams at companies like Radware are finding—and that their clients are actively being hit with—are publicly available, commercially packaged, and terrifyingly capable.

One example of this shift is an attack framework discovered on GitHub that combines 56 attack methods into a single script. It runs simultaneous multi-vector attacks to complicate mitigation, and it includes pre-built bypasses for common defenses. When a security provider updates their protection, the script gets updated too. It’s a living, iterative offensive platform—and it doesn’t require a data center to run. The same tool activates a network of remote servers, enabling attackers to generate hundreds of thousands of requests per second from a single mobile device. This was already in circulation more than a year ago. What exists today is almost certainly more capable.

Why AI-Powered DDoS Attacks Are Getting Harder to Stop

DDoS isn’t a new threat, but dismissing it as an old problem is a mistake. The scale is accelerating at a pace the industry hasn’t seen before. The current record stands at 7.3 terabytes per second—and Eva expects records to be broken multiple times within a single year rather than every few years. AI agents are beginning to enter the picture, capable of coordinating attack infrastructure autonomously, adapting to defensive responses in real-time, and making already massive volumetric attacks significantly more efficient.

The fundamental challenge with DDoS defense is that the only guaranteed mitigation—taking yourself fully offline—is obviously not viable for any business that depends on availability. Rate limiting offers a partial answer, but it comes with an unavoidable trade-off: some legitimate users get caught in the filter. For a bank, an e-commerce platform, or a financial services firm losing close to $2 million per minute of downtime, neither option is acceptable. The only path forward is behavioral modeling and understanding what legitimate traffic actually looks like, so that anomalous traffic can be identified and separated with enough precision to protect the business without blocking customers.

The AI Attack Tools Defenders Are Underestimating

Beyond volumetric attacks, two specific tool categories deserve more attention than they currently receive in enterprise security discussions.

The first is AI-powered CAPTCHA solving. Many organizations still treat CAPTCHA as a meaningful bot defense. It isn’t anymore. Tools like the one demonstrated in the Radware spotlight solve CAPTCHAs at 100 percent accuracy, faster than any human, available as a subscription service for around $100 per month with unlimited usage. The old model of farms of human workers manually solving CAPTCHAs has been fully replaced by AI. Any security architecture that relies on CAPTCHA as a meaningful layer of defense needs to be reconsidered.

The second is OTP bypass bots—tools specifically designed to defeat two-factor authentication. Here’s how the attack works: the attacker obtains leaked credentials, including phone numbers and passwords. They trigger a 2FA code to the victim’s phone, then simultaneously deploy an AI voice bot that calls the victim, impersonates an automated bank security system, and asks them to confirm the code they just received. The victim—thinking they’re engaging with a legitimate automated security check—reads back their code. The attacker is in. Eva noted that even as someone deeply embedded in cybersecurity, she could see herself falling for this particular attack. That’s the point. Social engineering is now sophisticated enough to fool security professionals.

Four Pillars of AI-Driven Cyber Defense

The defense strategy Radware advocates for is organized around four requirements that, together, give organizations a realistic chance of staying ahead.

The first is AI-powered protection itself. Bringing traditional, static defenses to an AI-augmented threat environment is exactly what it sounds like—a mismatch. Defenders need the same technology advantages as attackers, full stop.

The second is behavioral modeling. The insight at the core of this approach is that legitimate traffic behavior remains consistent even when attack methods change. New threats emerge constantly, but normal behavior provides a stable baseline. Build algorithms that model what good looks like, and deviations become detectable even when the specific attack vector is new.

The third is platform integration. Attackers don’t respect the organizational boundaries between network security, application security, and DDoS protection. They probe every layer simultaneously, looking for the weakest entry point. Siloed defenses with no cross-layer correlation leave gaps that integrated attackers will find. When security platforms share data and make correlated decisions, the picture of what constitutes an attack becomes far clearer.

The fourth is consistency of protection across environments. On-premises infrastructure, private cloud, and public cloud deployments all need equivalent protection. Attackers will find the least protected surface and enter there. Consistent, environment-agnostic coverage closes that door.

One final point worth taking seriously: if your current protections haven’t changed in three years, they are not adequate for today’s threat landscape. The attacks have evolved dramatically. The defenses need to match that pace—and every organization should have a documented, pre-prepared incident response plan ready before an attack arrives, not during one.