Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Now that six in ten security leaders view AI as a “game changer” across all security functions and 85% of security professionals report increased AI investment and usage in the past year, it’s clear that AI is no longer a fringe technology in security operations. But the AI conversation has evolved recently as a new buzzword has taken over: agentic AI.

Last November, the Open Web Application Security Project (OWASP) released its Top Ten List for LLMs and Gen AI Applications 2025, making some significant updates from its 2023 iteration. These updates can tell us a great deal about how the LLM threat and vulnerability landscape is evolving - and what organizations need to do to protect themselves.

Artificial Intelligence (AI) is a double-edged sword in cybersecurity, empowering both defenders and attackers. AI-driven security systems are often used to detect threats in real-time, analysing large datasets for anomalies, and automating responses to cyberattacks. However, cybercriminals are also leveraging AI to create advanced malware, automate phishing attacks, and evade traditional defenses.

As AI tools grow more sophisticated and accessible, sadly exploitation of these tools also increases. Recognising this, the Home Office has made the UK the first country in the world to introduce new legislation that targets predators producing AI-generated child sexual abuse material (CSAM). AI-generated content has severe consequences for victims. CSAMs may be used to manipulate or blackmail children, perpetuate harmful narratives, or retraumatise victims whose likenesses have been altered.

Generative AI (GenAI) applications, especially through Retrieval-Augmented Generation (RAG) pipelines, are transforming business interactions with data. These pipelines leverage language models and extensive enterprise knowledge bases for real-time queries of large internal datasets. Robust data privacy and security solutions are essential. Amazon Bedrock’s native security guardrails address this need.

Healthcare organizations managing multiple websites must protect Protected Health Information (PHI) while complying with HIPAA, HHS regulations, state laws, and global privacy requirements. Feroot DataShield AI provides automated monitoring and protection across distributed healthcare web environments.

The cybersecurity industry is facing a new challenge: AI-generated attacks. With the rapid advancement of generative AI, cybercriminals now have access to sophisticated tools that enable them to craft highly targeted attacks with minimal technical expertise. Unlike traditional attack methods that require deep programming knowledge, AI-driven attacks allow even non-technical malicious actors to create malware, exploit scripts, and launch phishing campaigns with ease.