AI is becoming the most urgent cybersecurity threat as attackers use it to move faster and strike at scale.

AI-powered intrusions can now compress weeks of activity into days, leaving traditional security responses struggling to keep up.

AI as a Force Multiplier for Attackers
Attackers can automate reconnaissance, chain exploits, and move laterally across networks in ways no human team could match.

Errors in their AI are minor, allowing quick retries and continuous testing, while defenders face heavy risks if their AI misses an alert or misjudges a threat.

The Asymmetry of AI in Cybersecurity
Offensive AI moves rapidly and iteratively with little oversight, but defensive AI must follow strict governance, validation, and human review.

This creates a growing gap where attackers can outpace defenders unless organizations maintain real-time, machine-readable views of their external exposures.

The IPv6 Blind Spot
The shift from IPv4 to IPv6 is creating new vulnerabilities. IPv6 vastly expands the address space, making traditional scanning and mapping tools ineffective.

Organizations that do not continuously monitor both IPv4 and IPv6 assets will have unseen exposure that attackers can exploit.

Defenders need continuous, automated visibility across all network layers and rapid updates to exposure maps to keep pace with AI-driven attacks and prevent severe breaches.

AI-driven attacks are reshaping the speed and scale of threats, forcing organizations to rethink defense strategies and visibility practices.

Security teams are debating how big a threat AI really is in cyber-attacks.

Some experts say warnings about AI are just hype pushed by companies that want to sell new tools.

They argue that old attack methods still work and that teams should stick to basic defenses.

AI in Attacks Today
Other experts say AI is already part of real attacks. They see AI used to make malware better, help write attack code faster, and create more convincing tricks to fool people. A big cyber group found samples of malware that use AI while they run.

Two research reports show that attackers are doing more than just use AI to save time. They are trying new ways to blend AI tools into normal attack steps and change how bad tools behave in real time. One report says that, over the next year, attackers may build their own AI helpers for attacks.

How Leaders Should Think About It
Some security leaders say dismissing AI risk can leave teams unready. They say defenders need faster, smarter tools because attackers can test and retry ideas very quickly with AI. Others warn that managers will face hard budget choices about how much to invest in new defenses.

Still Keep the Basics Strong
Even with new AI threats, experts stress that basic security steps still stop most attacks. Good practices, solid defenses, and careful review of tools will still matter, even as teams watch how AI tools change the threat picture.

Security teams must balance old defenses with plans for how AI may change attacks in the near future.

In this episode of the Microsoft Threat Intelligence Podcast, host⁠ ⁠⁠⁠Sherrod DeGrippo⁠ is joined by Matt Duncan, Vice President of Security Operations and Intelligence at the North American Electric Reliability Corporation’s E-ISAC, to explore the cyber threats targeting the North American power grid.

Matt breaks down why the grid remains resilient despite increasing pressure from nation-states, cybercriminals, and hacktivists, how AI is lowering the barrier of entry for attackers, and why OT systems and interconnected devices present unique risks.

He also highlights real success stories, the value of large-scale grid exercises, and how strong collaboration and a focus on foundational security practices help defenders keep power flowing safely and reliably.

Phishing attacks are evolving, and security leaders must rethink how they protect their organizations.

Attackers are targeting not just passwords, but also user accounts, privileges, and personal identity information.

The Shift in Phishing Tactics
Modern phishing goes beyond simple email scams. Attackers aim to get access to accounts with elevated privileges.

Once inside, they can move through systems more easily and reach sensitive data. Even employees with normal access can be used to compromise critical systems if attackers find weak points.

Identity and Access Controls Matter
Strong identity management is crucial. Organizations should enforce multi-factor authentication and monitor account privileges closely.

Controlling who can do what inside systems reduces the impact if an account is compromised.

Human Awareness Still Key
Training employees to spot suspicious messages and behaviors remains vital. Automated tools help, but humans are often the first line of defense.

Combining education with strong technical controls strengthens the organization’s overall posture.

Continuous Improvement
Cybersecurity teams should regularly review and update access policies, audit accounts, and refine detection tools.

Phishing attacks are constantly changing, so defenses must evolve as well.

Protecting both passwords and the broader identity landscape is essential to keeping organizations secure.

Russian-linked hackers targeted Aeroflot, the national airline of Russia, with attacks tied to the ongoing conflict in Ukraine.

The breach appears to be politically motivated and aimed at disrupting operations.

Attack Details
Hackers gained access to internal systems, including some customer and flight information.

While no evidence suggests financial theft, the attack caused interruptions in airline services and raised concerns about operational security.

Broader Implications
Experts warn that critical national services, like airlines, are increasingly targets in geopolitical conflicts.

Cyberattacks can affect not only company operations but also passenger safety and international travel reliability.

Preventive Measures
Aeroflot and other airlines are urged to strengthen network monitoring, implement strict access controls, and coordinate with national cybersecurity agencies to defend against politically motivated attacks.

The incident highlights how state-linked cyber threats can extend beyond government systems and disrupt vital civilian infrastructure.

A group of attackers pretended to be real employees to break into a company network.

They passed human resources checks and onboarding steps to gain trusted access and then used that access to steal data and run harmful tools.

Fake Workers Get Inside
The attackers posed as remote workers. They used small remote-control devices called PiKVM to connect to employer laptops as if they were there in person.

This let them bypass normal security checks and pull data from the network.

How Microsoft Helped
Microsoft’s security team (DART) found the breach and worked quickly to stop it. They traced the attack to a known group and shut down the fake accounts.

They also used many tools to see how far the attackers moved in the system and removed their access.

Ways to Protect Your Team
To reduce risk from attacks like this, companies should check job candidates more carefully and watch for unusual devices on the network.

Strong monitoring of accounts and strict rights for users can help catch bad behavior early. Tools that check login logs and detect risky actions can give defenders an edge.

This case shows that attackers may not always break in from the outside; they may first pretend to belong inside the company.