When AI Meets Cybersecurity: From Risk to Opportunity

When AI Meets Cybersecurity: From Risk to Opportunity

AI is fundamentally reshaping the cyber landscape. The same technology that protects us is now being used by attackers – and the more AI we embed into our operations, the larger the attack surface becomes. To succeed, cybersecurity and AI must not be seen as two separate domains, but as two sides of the same coin.

Sofie Perslow and Pernilla Rönn at the DI Tech Strategy Summit on risks and opportunities with AI and cybersecurity.

When AI Becomes Both Defense and Weapon

AI has already begun to redefine cybersecurity. Cybercriminals use generative models to create convincing phishing emails, deepfakes, and large-scale automated fraud campaigns. Tools that once required advanced technical skills are now commercially available for just a few dozen dollars a month.
AI is also used to develop and modify malicious code, discover vulnerabilities, and manipulate existing AI systems – all with increasing precision and speed.

“We are seeing in practice how the same AI technology is used on both the attacking and defending sides. As we strengthen our security capabilities, new ways for attackers to exploit the technology emerge.”
– Pernilla Rönn, Head of Cybersecurity, HiQ

But AI is not just a threat. As cybersecurity solutions become more intelligent, AI is used to detect and stop intrusions far faster than before. In Security Operations Centers, up to half of all incidents are now handled with the support of AI, which analyzes logs, identifies anomalies, and prioritizes threats in real time.

Three Ways AI Is Transforming Cyber Threats

  1. Attackers scale up with generative AI. Hyper-personalized phishing emails, voice clones, and deepfakes no longer require advanced tools – only access to ready-made solutions.
  2. The attack surface expands rapidly. AI generates new code, finds vulnerabilities, and bypasses defenses in real time.
  3. Defenders become smarter. AI strengthens detection, analysis, and response – but requires proper implementation to avoid new risks.

A Growing Attack Surface and New Vulnerabilities

As AI becomes integrated into more parts of the organization, both efficiency and complexity increase. New attack surfaces emerge in data flows, code, and decision-making processes. At the same time, we see a growing phenomenon known as shadow AI – AI tools used within the organization without approval, risk assessment, or testing.

“Without standardized and secure AI solutions, employees turn to their own tools. The result is a shadow-AI landscape with fragmented data, low traceability, and increased compliance risks.”
– Sofie Perslow, Head of AI, HiQ

Preventing shadow AI requires three things:

  • Clear ownership of AI – with a central authority coordinating strategy, risk assessment, and guidelines.
  • A culture of awareness – where employees understand both the value and risks of AI, and receive training on proper tool usage.
  • Good and approved alternatives – secure platforms that are as smooth and useful as open tools, so employees don’t feel the need to bypass the organization.

    When these elements are missing, invisible risks arise around data leakage, bias, and lack of transparency. This is where governance and culture become crucial – not just to avoid incidents, but to enable sustainable, business-driven AI adoption.

AI as Part of the Cyber Defense

At the same time, AI enables entirely new defensive capabilities.

  • Detection and response: AI-driven XDR/NDR solutions identify anomalies in networks and endpoints in real time.
  • Incident analysis: Generative models summarize incidents, triage cases, and help security teams and SOC analysts act faster and more effectively.
  • Threat intelligence: AI-based knowledge graphs map leaked data, trends, and dark web activity before attackers exploit them.

“AI can make security more accurate, but only if it is built the right way. It’s about combining technological innovation with clear governance and meaningful human oversight.”
– Pernilla Rönn

How to Build Secure AI – Without Slowing Innovation

HiQ’s approach to secure AI is built on three core principles:

  • Privacy: Secure data handling through anonymization, traceability, and awareness of bias.
  • Resilience: Continuous testing, misuse detection, and rollback mechanisms built into the architecture.
  • Transparency: Logging, traceability, and human-in-the-loop – critical both for the AI Act and for trust.

A key insight within resilience: AI systems integrated into critical environments rarely have a simple off switch.

“When AI is used in critical systems, it’s often technically impossible to simply turn it off. Instead, you need rollback mechanisms, misuse detection, and operational kill switches that can be activated in real time without shutting down the entire operation.”
– Sofie Perslow

The goal is not to slow development, but to build systems that remain controllable and recoverable – even under pressure.

“Security shouldn’t slow innovation – it should enable it. When security is part of the design from the start, you create an environment where AI contributes to both efficiency and safety.”
– Sofie Perslow

From Protection to Strategy

AI and cybersecurity are no longer separate disciplines – together they shape how organizations develop, automate, and innovate. For future digital solutions to be sustainable, security must be integrated from the beginning, not added on afterward.

HiQ helps companies and public organizations build AI-driven solutions where security, business value, and innovation go hand in hand. There may be no off switch for tomorrow’s innovations – but there are ways to build them securely.

Work at HiQ

Get in touch!

Choose your nearest office, looking forward to hear from you!

Read more articles here

insight Software Development in the Public Sector 2025: Digital Transformation, Data Modernisation and Collaboration in Practice
insight Cybersecurity in the Public Sector 2025: Offensive and Defensive Strategies
insight The EU’s AI Reset Is the Right Path to Safeguard Europe’s Responsible Competitiveness
insight Public Sector 2025: AI as a Force, Compass and Catalyst
insight Atlassian Rovo: AI as the Hub of Future Collaboration
insight Part 2: Social Engineering and Cyber Threats: The Return of the Human Factor
insight Part 3: Platformisation and Digital Resilience: Business Strategy on Cloud Terms
insight Part 1: AI and the Competence Shift: Ready for the Next Big Leap?
insight Windows 10 Support Ends – How It Affects Businesses and What You Need to Do Now
insight Meet Laura Vantellini, HiQ’s new Managing Director in Germany 
insight Digitalization, AI and the Future of Sweden – A Conversation with Minister for Civil Affairs Erik Slottner
insight Customer data is the new gold – and hackers are already digging
insight Quantum Computers and Cybersecurity – From Future Threat to Strategic Reality
insight New Report Shows How We Use ChatGPT: Like Buying an iPhone and Only Using the Flashlight
insight From Crisis to Insight: Building a More Secure Digital Public Sector
insight The Cyber Landscape 2020–2025: From Pandemic Shock to AI-Driven Threats
insight AI sets a new standard for banks’ fraud prevention
insight When Nature Strikes: How AI Can Protect the Energy System from the Next Crisis
insight AI makes Jira the developer’s new assistant
insight Only Five Percent Succeed with AI – How to Avoid Being Among the Losers
insight From Frozen Firmware to Adaptive Intelligence: Embedded Software Is Changing the Game
insight Edge AI: Intelligence Moving into the Systems
insight Digital Resilience – The Next Competitive Advantage
insight From Docker to Kubernetes – The Story of How We Build the Next Generation of Digital Ecosystems
insight The 11 Hottest AI Agents of 2025 – and How They’re Already Transforming Business
insight AI Experiences from a Developer’s Everyday Life – How to Use AI for Coding
insight From Data to Agency: Navigating the AI Maturity Path to Agentic Systems
insight What Does “Developer Experience” Really Mean – and Why Should the Business Side Care?
insight The Future of Development: What State of Software 2025 Reveals About Tomorrow’s Tech Roles
insight From Model Year to Always Up-to-Date – How Software Is Redefining the Car’s Lifecycle
insight AI in the Power Grid – From Vision to Real-World Application
insight Efficiency Without Shortcuts – How to Get More Out of Every Step in the Development Cycle
insight Interview with Ashkan Fardost: Why We Must Understand Technology as Something Deeply Human
insight Towards a Data-Driven Future: Falu Energi & Vatten’s Strategic Journey
insight Confident in Swedish – A Language Initiative that Builds Courage and Connection
insight Java on Cloud Terms – Best Practices for AWS, Azure, and GCP
insight Building a Tech Industry Where Everyone Feels at Home
insight Spring Boot, Quarkus or Micronaut? Your Guide Through the Java Framework Jungle
insight AI – The Manufacturing Industry’s Shield Against the New Reality of Trade Tariffs?
insight How to Build Change-Resilient Teams – with Annika R Malmberg on Tech Royale
insight Vibecoding vs. DevOps: The Future of Software Development in the AI Era?  
insight From Threads to Thousands – How Virtual Threads Are Transforming Java Development
insight How Companies Can Implement the POUR Principles in Their Digital Strategy Ahead of the EAA
insight Everything You Need to Know About Digital Accessibility Before June 2025
insight How Young Professionals Can Prepare for the Future of DevOps
insight Why CxOs Should Care About the Future of DevOps
insight The Trends Shaping DevOps in 2025
insight “We Must Prepare for an Increasingly Complex Threat Landscape”
insight DeepSeek and the AI Arms Race – What Does It Mean for Sweden?
insight Unlearning for DevOps Teams: A Key Skill for the Future
insight DevOps and AI: Building Systems That Learn and Adapt
insight Insights on Leadership and Partnerships in Tech with Simona Bamerlind
insight How to Lead a Tech-Forward Organization – Insights from Ledarlabbet
insight Understanding CRA: A Path to Competitive Advantage
insight Figma’s Dev Mode: A Hands-on Guide
insight Exploring AI, Cybersecurity, and the Future of Intelligence with Staffan Truvé
insight How to Avoid Common AI Project Pitfalls
insight Cybersecurity in Focus This October: How We Can Create a Safer Digital Society
insight Understanding PSD3 and PSR: Why They Matter and What You Need to Know
insight Open Banking and the API Economy: Drivers of New Innovation in Finance
insight The Swedish Financial Infrastructure from a Tech Perspective
insight Five Keys to IT and Tech-Driven Innovation – Insights from Radar Talk
insight The Rise of Autonomous Vehicles: Revolutionizing Transportation
insight AI and Sustainability: Opportunities, Challenges, and the Way Forward
insight AI – From Data to Business Decisions 
insight How HiQ Helps You and Your Business
insight What Happens if Your Software Fails?
insight Skip Projects & Pi in Software Development
insight Four Expert Tips on Business Value with GAI
insight How well do we really understand children’s digital preferences?
insight Mastering Industrial IoT
insight NIS2 – Not Just for Critical Functions
insight Navigating the AI Revolution
insight Unlocking Your Data Goldmine
insight AI Adoption in Nordic Energy and Manufacturing
insight Emerging AI Infrastructure
insight The Nordic AI Race