AI's Expanding Role in Cybersecurity: Opportunity, Risk, and the New Reality for Businesses

Yuliya Pearson, Chief Strategy Officer

Published: June 8, 2026

Cybersecurity professional monitoring server infrastructure and network systems in a secure data center environment

Artificial intelligence has taken over many conversations about the future of business, but none has grown more urgent than the one now centered on cybersecurity.

When Anthropic unveiled Claude Mythos Preview earlier this year, the rollout did not follow the usual path of other public product releases. The model's ability to find and exploit software vulnerabilities was powerful enough to warrant restricted access through Project Glasswing, limiting early use to a vetted group of organizations focused on defensive security.

That kind of restraint points to how fast AI capabilities have moved past the systems many companies have relied on to protect themselves. InCorp, a business services firm working with companies across all 50 states, has watched that tension move from IT departments to the center of how businesses think about risk.

And for organizations of every size, cybersecurity has become a business priority with little room for delay, especially as AI begins to change how risk moves through the systems companies depend on.

"What businesses are realizing very quickly is that AI has changed the speed of cyber risk. Companies no longer have days or weeks to respond to vulnerabilities. In many cases, they have minutes. That changes cybersecurity from an IT discussion into an operational business priority." — Clay Plowman, Executive Vice President at InCorp Services Inc.

AI-powered cyber threat landscape showing automated phishing attacks, vulnerability scanning, and real-time security monitoring

How AI Is Changing the Cyber Threat Landscape

Security experts have spent years pressing executives to understand that the same technology strengthening defenses is also being turned against them.

Defenders use AI to monitor systems and flag unusual behavior in real time, responding to threats at a speed that human teams alone cannot sustain. However, cybercriminals have adopted those same tools, running operations that once required entire teams from a far smaller setup.

That smaller setup changes the economics of cybercrime, because attackers no longer need the same level of time, staffing, or skill to test a company's defenses. And with less effort required, automated attacks and AI-generated phishing campaigns move faster than traditional security cycles were built to handle.

"AI has lowered the barrier to entry for cybercrime. Activities that once required specialized teams can now be executed with smaller operations using automation and AI-assisted tooling. Businesses should assume attackers are becoming faster, cheaper, and more scalable." — Clay Plowman, Executive Vice President at InCorp Services Inc.

That speed helps explain why the World Economic Forum's Global Cybersecurity Outlook 2026 found that 94% of cybersecurity professionals view AI as the most significant driver of change in their work. It also points to the next concern facing security leaders, as more capable AI models begin to shorten the path between finding a weakness and using it.

Why Advanced AI Models Raise New Red Flags

Advanced AI models have moved well past automated phishing and into more serious territory, where they analyze software systems on their own and write code that turns weaknesses into cyberattacks.

Anthropic's Claude Mythos Preview made those stakes concrete during testing, when the model found a flaw that had gone undetected for 27 years in OpenBSD, an operating system known for its strong security record.

Mythos also found a separate vulnerability in FFmpeg, a widely used video software that had survived five million automated test runs before the model caught it.

Anthropic chose not to release the model publicly, and the concern soon reached the Financial Stability Board and the IMF. Capabilities this powerful are forcing security leaders to think less about isolated threats and more about how quickly their organizations can spot and repair risk.

Proactive cybersecurity framework showing continuous monitoring, employee training, system audits, and threat prevention

The Growing Importance of Proactive Cybersecurity

Businesses used to have more time to spot a cyber threat before it caused serious damage, but AI is making that old margin feel much harder to trust. Harvard cybersecurity instructor David Cass described working with companies that lost more than $25 million in under 30 minutes.

Speed like that leaves little room for guesswork, which is why proactive security now starts with continuous monitoring that catches unusual activity early. Those early warnings only help if companies also know where their weak spots are, making regular system audits part of the same discipline.

"Reactive security models are becoming harder to sustain in an AI-driven threat environment. Continuous monitoring, employee education, and regular system audits are no longer optional safeguards. They are part of maintaining operational resilience." — Clay Plowman, Executive Vice President at InCorp Services Inc.

Employees need that discipline too, especially as AI makes scams harder to recognize at a glance. Jennifer Gold, chief information security officer at Risk Aperture, said organizations cannot roll out new technology and assume people know how to use it safely.

Cybersecurity has to be built before the breach, while there is still time to prevent panic from becoming the operating plan.

What Recent Attack Attempts Reveal About Preparedness

Organizations with strong defenses still face attack attempts, and what those attempts reveal is often more valuable than the block itself. The Hartford's 2026 Risk Monitor found cyberattacks tied with inflation as the most widely cited concern among business leaders.

Both were flagged by 77% of those surveyed, and cyber risk has claimed a permanent seat beside the financial pressures executives already track. InCorp, a national registered agent and corporate compliance firm, faced a recent attempted breach that its security systems identified and stopped before any client data was at risk.

The incident validated that existing controls were working as intended, while also highlighting where monitoring could be extended and where additional coverage would add value. Moments like this give prepared organizations a chance to learn under real-world pressure, refine their defenses, and stay ahead of more determined future attacks.

Building a Security-First Business Culture

Technology sets the ceiling on what a company can defend, but the decisions people make every day determine whether that ceiling ever gets reached. Those decisions usually take their cue from leadership, especially when executives follow the same security rules they expect from everyone else.

Once that practice is visible from the top, internal rules become part of the workday instead of another document employees skim once and forget. But that same discipline has to extend outside the company, because vendors now sit inside many of the systems businesses rely on to operate.

Naveen Balakrishnan, managing director at TD Securities, has observed that roughly 70% of attacks enter organizations through their vendors. Vendor exposure turns cybersecurity into a trust issue long before customers ever hear about a breach. And when a breach does happen, 65% of consumers say they stop trusting a brand immediately, and rebuilding that confidence takes far longer than the incident itself.

"Cybersecurity culture starts with leadership behavior. Employees are far more likely to follow security protocols when executives visibly treat security as part of everyday operations rather than a technical checkbox." — Yuliya Pearson

What Businesses Should Expect Moving Forward

AI is not slowing down, and neither are the demands it places on companies that rely on it. K. Krithivasan, CEO of Tata Consultancy Services, has noted that AI compute doubles roughly every three months, and every business faces a higher breach risk when technology moves at that pace.

In fact, research from ISC2 found that 52% of cybersecurity professionals say AI will have the greatest negative impact on security, while 41% say it will have the greatest positive impact. Both are right, and most companies will spend the next several years trying to manage the space between them.

However, regulatory pressure is also becoming harder to ignore. Legal analysts at JD Supra have noted that AI compliance has moved past policy discussion into real enforcement, with states expanding rules around automated decisions and consumer data.

For companies operating across multiple jurisdictions, keeping up with what is required has become a serious operational challenge on its own.

Conclusion: Navigating Innovation With Caution

Across businesses of every size, AI has changed how cyberattacks happen and how companies have to defend against them. The tools attackers use are moving faster, and the tools defenders rely on have to keep up without creating new risk.

Arvind Krishna, CEO of IBM, has observed that criminals will use any available tool to reach what is valuable, so defenders have to respond with the strongest tools they can use responsibly, including agentic AI.

The balance between progress and protection is now part of running a modern company. And organizations that build security into daily operations are better prepared before a breach puts their trust to the test.