Cyber resilience in the AI era means fighting AI with AI

AI is accelerating both innovation and cyber risk. The same tools that boost productivity also help attackers scale phishing, reconnaissance and exploit development. For IT and security leaders, the objective shifts from preventing every incident to staying operational and trusted when incidents can happen at machine speed.

At Advania, our experience shows that the organisations that perform best are those that combine prevention, detection and response with tested recovery capabilities.

Cybersecurity still matters, but resilience is the business outcome

Cybersecurity reduces the likelihood and impact of compromise through prevention, detection and response. Cyber resilience is the ability to absorb disruption and restore critical services quickly. In the AI era, resilience matters more because attacks are faster, deception is more convincing, and dependencies (cloud, SaaS and AI services) change continuously.

What is changing in the AI era

• More and sophisticated attacks for less effort: GenAI enables high-quality phishing and rapid iteration as well as vulnerability exploitation, shrinking time from initial access to impact.
• Impersonation becomes routine: Deepfakes and tailored social engineering increase invoice fraud/business email compromise and helpdesk-driven takeovers. Approvals become part of the perimeter.
• AI creates new exposure: Shadow AI, data leakage, and LLM risks (prompt injection, sensitive data disclosure) become common—especially in RAG (retrieval‑augmented generation) solutions.
• The supply chain expands: Alongside cloud and open source, you now depend on AI providers, models, plugins and datasets—so assurance and guardrails matter more.

How organisations can address the new threats: a practical cyber resilience playbook

Governance and priorities: Identify critical services, set recovery targets (RTO/RPO), and define crisis decision rights. Track time to detect/contain/restore and rehearse with executive tabletop exercises.

Identity and response at machine speed: Prioritise phishing-resistant MFA, conditional access, PAM, and rapid token/session revocation. Apply least privilege to non-human identities and AI agents. Traditional SOC models must evolve: an agentic SOC uses AI and automation to triage, correlate signals and execute safe containment faster, with humans in the loop for high-impact decisions.

Recoverability and safe AI use: Use isolated/immutable backups (including SaaS) and run regular restore drills, especially identity recovery. Govern AI with approved tools, data protection, and secure-by-design testing for LLM risks (e.g., prompt injection, sensitive data disclosure).

Why this is now a board conversation (and how regulation reinforces it)

This is increasingly a board topic. In the EU, NIS2 raises expectations for risk management and incident reporting and increases management accountability—so leaders need evidence: tested response, proven recovery, and clear ownership of cyber risk.

What to do next: 30–60–90 day actions for IT and security leaders

• 30 days: map AI usage (incl. shadow AI), confirm critical services, run one restore test.
• 60 days: harden privileged access (MFA, conditional access, PAM), run an exec tabletop exercise.
• 90 days: automate safe containment, implement AI policy + controls, strengthen key vendor assurance.

In the AI era, “fighting AI with AI” works only when paired with governance, disciplined identity controls, and proven recovery—turning incidents into manageable disruption.

Mats Palm

Head of Security Business

Advania Finland