For many years, cyber security was framed as a technical problem. It was something IT teams handled in the background, largely disconnected from revenue, growth, or financial strategy. That framing is no longer valid.
Artificial intelligence has fundamentally changed the economics of cyber risk. According to the Stanford HAI AI Index Report 2025, global private investment in AI reached $252.3 billion in 2024. At the same time, the cost of using AI collapsed. The inference cost of GPT-3.5, level models dropped by more than 280x in less than two years.
This combination (massive capital inflow and near-zero usage cost) has consequences far beyond productivity gains. It has reshaped the balance between attackers and defenders.
Attackers now operate at machine scale. They can probe systems continuously, personalize attacks automatically, and adapt in real time. Defenders, however, are still constrained by human workflows, fragmented tools, and slow decision loops.
How About One of The Most Critical Sector: Finance
Nowhere is this imbalance more dangerous than in finance.
Financial institutions concentrate value, identity, trust, and liquidity. In an AI-driven threat landscape, cyber risk is no longer occasional or perimeter-based. It is continuous, systemic, and directly economic.
When the marginal cost of attack approaches zero, security models based on friction and manual response become mathematically unsustainable.
The early phase of AI adoption in cyber security focused on efficiency. Attackers used large language models to write better phishing emails. Defenders used them to summarize alerts or assist analysts. Both sides became faster, but the underlying structure remained the same.
That phase is over.
AI-driven cyber operations
We are now seeing the rise of live, AI-driven cyber operations, where artificial intelligence is embedded directly into the execution of attacks. Instead of running static code, new malware interacts with external AI models during runtime, deciding what to do next based on the environment it encounters.
This approach is often described as Just-in-Time AI.
Tools observed in the wild can now rewrite their own code, change obfuscation techniques on each execution, or query an LLM in real time to decide which system commands to run. The result is malware that behaves less like a fixed program and more like an adaptive agent.
This shift breaks many of the assumptions modern security tools rely on. Signatures, static indicators, and predefined rules lose effectiveness when behavior is generated dynamically.
Attackers have also learned to apply social engineering not only to humans, but to AI systems themselves. By presenting themselves as students, researchers, or competition participants, they have bypassed model safeguards and extracted sensitive technical guidance.
AI systems, like people, respond to context and framing.
At the same time, the underground cybercrime market has matured. AI-powered phishing, malware development, and reconnaissance tools are now sold via subscription models. This dramatically lowers the skill barrier required to launch sophisticated attacks.
Capability has been democratized. Intent is now the main differentiator.
As analyzed by Andreessen Horowitz, this evolution forces a hard conclusion: security models designed for static threats cannot defend against adaptive, reasoning systems.
A simple analogy applies.
Traditional malware is a thief carrying a fixed set of keys.
AI-driven malware carries a 3D printer, and produces the key at the door.
As threats evolve, the security industry has responded by creating more categories: SIEM, SOAR, EDR, XDR, CNAPP, and many others. Each category addresses a real problem, but together they often add complexity without clarity.
As Defender We Need AI-Related Skill to Defend Ourselves
AI-powered attackers operate across the entire kill chain at machine speed. They correlate signals, adapt tactics mid-execution, and exploit weak points faster than human teams can respond. Defenders who rely on isolated alerts or post-compromise investigation are structurally late.
AI-native defense changes this dynamic.
Instead of analyzing events in isolation, AI-native systems reason across context. They connect small anomalies an unusual login, a strange DNS request, a minor privilege change, into a coherent picture of attacker intent.
Large language models and modern correlation engines are particularly strong at this kind of synthesis.
In this environment, speed becomes the primary security metric.
Security effectiveness is no longer measured by how many alerts are generated, but by how early and how decisively the kill chain is broken. Reducing dwell time from hours to minutes, or minutes to seconds, has direct financial impact.
In an AI-native world, defenses that do not measurably accelerate kill-chain disruption will not scale.
Technology alone, however, is not enough.
The limiting factor is increasingly people, trust, and organizational readiness.
Experienced Workforce Still Needed
AI adoption is reshaping the workforce. Demand for AI-related skills is growing faster than traditional hiring pipelines can supply. At the same time, AI tools significantly increase the productivity of less-experienced workers, narrowing skill gaps while raising the value of judgment and context.
This reality challenges long-standing assumptions about cyber security education and hiring.
The future does not belong to an “either/or” model, either academic training or hands-on experience. It belongs to a both/and approach, where strong theoretical foundations are paired with real operational exposure.
Work-based learning, skills-based hiring frameworks, and continuous upskilling are no longer optional. They are economic necessities.
Trust is the parallel challenge.
Financial systems rely on confidence, that identities are real, transactions are valid, and decisions are sound. AI complicates all three. Deepfakes, automated social engineering, and AI-assisted fraud blur the line between legitimate and malicious activity.
In this context, cyber security becomes inseparable from institutional trust.
This responsibility cannot sit solely with technical teams. It belongs at the executive and board level. Cyber risk is now a core component of operational resilience and financial governance.
The key question is no longer whether AI will be used in attacks. It already is.
The real question is whether organizations can adapt their defenses, talent models, and decision-making speed fast enough.
In the AI era, speed is the new capital.
Those who break the kill chain earlier, and do so consistently, will define the next generation of secure, resilient financial systems.