By Brett Kelsey, Chief AI Officer, Athena Agentic. Draft for review, June 2026. Evidence base: government, standards body and non-profit sources only; no vendor-sponsored research is used for primary claims.
Artificial intelligence has changed the cyber threat on both sides of the wire. It has made attackers faster, cheaper and more convincing, and it has created an entirely new class of target: the AI systems that organisations are now rushing to deploy. This briefing maps that landscape from independent and government evidence, separates the proven from the hyped, and sets out why defence built at human speed can no longer keep pace.
The United Kingdom's National Cyber Security Centre assesses that AI will almost certainly increase the volume and heighten the impact of cyber attacks over the next two years, with the clearest uplift in reconnaissance and social engineering.
The losses are already being counted. The FBI's Internet Crime Complaint Center recorded 16.6 billion US dollars in reported losses in 2024, a 33 percent increase on the prior year, with business email compromise alone accounting for roughly 2.8 billion dollars.
The threat is no longer only against conventional systems; it is increasingly against the AI systems themselves, through prompt injection, data poisoning and model supply chain compromise.
And the defender's problem is arithmetic. When attacks rise in volume and speed at the same time, a security operation that triages and responds at human pace falls behind by design.
The NCSC's assessment is deliberately measured, and that is what makes it useful. It does not claim AI invents new categories of attack; it concludes that AI makes existing attacks more effective, more efficient and harder to detect, and that every kind of threat actor, skilled and unskilled, state and criminal, is already using it to some degree. The sharpest near-term effect is on social engineering: generative models remove the grammar and spelling errors that once gave phishing away, and let an attacker produce fluent, targeted lures at scale.
ENISA, the European Union Agency for Cybersecurity, records the same pattern in its 2024 Threat Landscape, drawn from more than 11,000 incidents, noting that threat actors are using AI tools to craft more convincing phishing and to generate malicious code.
The most vivid proof is a single case. In 2024, criminals used AI-generated deepfakes of a chief financial officer and colleagues on a video call to deceive a finance employee at the engineering firm Arup into making fifteen transfers totalling twenty five million dollars. The technique was not exotic; the inputs were ordinary recordings of real executives from online meetings. That is what harder to detect looks like in practice.
As enterprises embed AI in their operations, the models become targets. The OWASP Top 10 for LLM Applications 2025 catalogues the methods: prompt injection, in which hidden instructions hijack a model's behaviour; data and model poisoning, in which training data or model weights are corrupted; and supply chain compromise of the components a model is built from. These are not theoretical; they are ranked by likelihood and impact by an independent body.
This is the discipline of adversarial machine learning, and standards bodies are formalising it. NIST has published a taxonomy of adversarial machine learning attacks and mitigations, giving defenders shared language for evasion, poisoning and model extraction. A security programme that secures the network but not the model it now depends on has a blind spot exactly where the new value sits.
Put the two fronts together and the problem is one of pace. The NCSC warns that organisations will have to contend with an increased volume of attacks, an expanded attack surface and the unpredictable proliferation of AI-enabled capability through 2027 and beyond. ENISA's data already shows the volume: availability attacks and ransomware dominate a landscape measured in tens of thousands of incidents and disclosed vulnerabilities.
A security operations centre that depends on analysts to read, triage and respond to every alert was already strained before AI lowered the cost of attack. When the adversary automates, a defender that does not is choosing to fall behind. This is not an argument that people matter less; it is an argument that people should spend their judgement where judgement is needed, not on the volume a machine can clear.
The independent guidance converges on a small number of moves. The NCSC and ENISA both stress resilience: assume a higher volume of more convincing attacks and build to absorb it. NIST's AI Risk Management Framework gives a structure, Govern, Map, Measure and Manage, for treating AI risk as a managed discipline rather than an afterthought. And in April 2024 the NSA and CISA, with allied agencies, published Deploying AI Systems Securely, best practice guidance for operating AI systems with their confidentiality, integrity and availability intact.
The common thread is that AI security is now a first-class part of cyber security, not a separate research topic, and that it has to be put into operation rather than left on a shelf.
If the attacker's advantage is volume and speed, the defender's answer has to operate at the same scale. The evidence above does not endorse any product, but it does point to a direction: autonomous systems that detect, triage and contain at machine speed, with human analysts supervising by exception rather than processing every alert by hand. The governing principle, set by every standards body cited here, is that autonomy must stay inside human-defined authority, with its actions recorded and reversible. Speed without that control is just a faster way to be wrong.
The evolving AI threat landscape is not a single new weapon; it is a change in the economics of attack and a new surface to defend. Attacks grow cheaper, faster and more convincing, and the AI systems meant to help become targets in their own right. The organisations that navigate it well will be the ones that treat AI security as core, build for resilience against volume, and let machines carry the load that machines can carry, so that people can do the part only people can.
This briefing draws only on government bodies, recognised standards organisations, non-profit research and reported, confirmed incidents. Reported-loss figures, such as those from the FBI, understate true totals because most crime goes unreported. Single incidents illustrate a technique; they are not base rates. No vendor-sponsored research is used for primary claims, and no Athena-specific performance claims appear. Prepared by Brett Kelsey, Chief AI Officer, Athena Agentic, June 2026. It is a draft for review and does not constitute legal, financial or investment advice.