The Cloud Native Computing Foundation have published an analysis of modern cybersecurity practices, finding that attacks using Artificial Intelligence are now a significant threat. The report highlights the criticality for organisations to adopt multi-layered defence strategies as artificial intelligence transforms both the threat landscape and the protective measures available to businesses.
The report explains that AI-powered attacks have evolved past traditional phishing attempts into sophisticated and targeted campaigns that exploit human trust. In 2023, Darktrace reported a 135% increase in social engineering attacks, with hackers using cracking tools like wormGPT and FraudGPT to create highly personalised and deceptive attack campaigns against organisations that avoid conventional security filters.
Cybersecurity is no longer just an IT concern, but rather a boardroom priority. With AI-driven cyber threats no longer limited to generic phishing emails or outdated malware, today’s attacks are smarter, more precise, and alarmingly convincing.
The analysis emphasises that relying on a single security tool isn’t enough any more. Those organisations fighting these threats successfully need integrated systems which combine firewalls, encryption, and advanced threat detection. A post by Talion shows AI also being used to fight threats; finding that in the United States, 73% of companies have implemented AI to some extent, with 54% adopting generative AI, creating both opportunities and vulnerabilities that require constant monitoring.
Intrusion Detection Systems form a cornerstone of modern cybersecurity architecture, according to the CNCF report. Cloud-native solutions such as AWS GuardDuty, Microsoft Defender for Cloud, and Google Cloud IDS provide real-time monitoring capabilities for organisations operating in cloud environments. Organisations with fully remote or hybrid workforces are using Cloud Access Security Brokers (CASBs), which provide visibility into user activity and protect against OAuth application exploits.
The report warns companies not to rely too much on traditional signature-based detection methods. The 2017 BadRabbit ransomware attack showed how sophisticated threats can bypass systems that only recognise known attack patterns, with the report citing a case where what appeared to be a Flash Player update actually triggered some ransomware that encrypted files and demanded a Bitcoin ransom.
Security is about layering, not luck.
The report advocates for hybrid approaches combining signature-based and anomaly-based detection, by advocating for IDS (Intrusion Detection System) and IPS (Intrusion Prevention System) use. It explains how signature-based systems are effective at identifying documented threats and work well for organisations with predictable traffic patterns. In contrast, anomaly-based systems help detect unusual behaviour patterns, and thus are particularly valuable for organisations in sectors that handle sensitive data. A report by IDS and IPS provider CyberMaxx agreed with this, finding that traditional security tools are effective when properly configured and integrated with other technologies.
Intrusion Prevention Systems complement detection capabilities by actively blocking threats rather than simply alerting security teams. According to the CNCF report, healthcare technology provider Omada Health uses Threat Stack’s Cloud Security Platform to combine real-time intrusion detection with proactive threat prevention. This integration saved their security team over two hours of analysis time per day, and helped them with regulatory compliance.
The report highlights that endpoint security has become a significant issue since the COVID-19 pandemic, with many more potential attack vectors emerging, particularly with the shift to remote work. Cloud-native solutions for this use machine learning to analyse files, network traffic, and user behaviour without requiring constant signature updates or on-premise infrastructure. During the 2017 WannaCry ransomware outbreak, which exploited a Windows vulnerability affecting businesses globally, CrowdStrike Falcon’s machine learning capabilities identified unusual behaviour patterns, isolated infected endpoints, and prevented further spread.
The financial costs of cyber incidents have escalated substantially. A Harvard report on cybersecurity and artificial intelligence found that ransomware breaches cost an average of $4.91 million to fix, with any ransom payments on top of that. Business email compromises, accounting for 10% of data breaches, cost nearly $4.9 million to remediate, with annual aggregate costs potentially reaching tens of billions of dollars. Stolen credentials, responsible for 16% of data breaches, cost an average of just over $4.8 million.
User Behaviour Analytics addresses insider threats by establishing baselines of regular employee activity and then detecting deviations from these, such as unusual access times or locations. The CNCF report quotes successful detection from tools such as Splunk UBA and DarkTrace in identifying behavioural anomalies that potentially pose threats.
The Talion report acknowledges concerns about AI in cybersecurity, including vulnerability to AI-powered attacks and ethical considerations around data handling and surveillance. It advocates for balance, advising that organisations combine AI-driven automation with human expertise to avoid complacency and the false sense of security that can result from fully automated systems.
The Harvard report suggests that AI deployment across operational workflows focused on attack prevention can substantially reduce breach costs. Organisations using AI extensively averaged $2.2 million less in breach costs compared with those not deploying such technologies, representing a 46% cost saving.
The CNCF report concludes by stating that effective cybersecurity requires thoughtful investment in technology, training, and infrastructure to address emerging and increasingly AI-powered threats.
