Thirty-five years ago, the future of cybersecurity was changed forever.
Delivered on the humble floppy disk, the AIDS Trojan marked the introduction of ransomware to the world. The program, while masquerading as information on AIDS, instead encrypted the computer files and charged a ransom of $189 to decrypt them. In 1989, owning a personal computer was a luxury, and as such, the attack was small and targeted. However, since then, times have changed, and technology has advanced a hundredfold. Personal computers are almost a given, and mobile phones have become computers in our pockets. In the same way, cybercrime has also evolved, and with this abundance of hackable technology, anyone could be at risk.
Fortunately, as cybercriminals have evolved, so have cybersecurity experts. The roster of defensive tools and techniques has continued to grow, matching the vast and varied attack methods and outpacing them. Today, a proactive defence is the best tool a company can have against cybercrime, but it isn’t always easy to attain. Collaboration with security professionals has proven a highly effective course of action, employing criminal methods to find and eliminate potential vulnerabilities before they can be exploited, facilitating this vital proactive approach to cyber security.
Cyberattacks are becoming commonplace
The AIDS Trojan might have been a small spark, but it has created a roaring inferno. In its 2024 Digital Defence report, Microsoft stated that its customers now face around 600 million cyberattacks daily, ranging from small-scale attacks carried out by rogue individuals to huge multi-target attacks conducted by state-sponsored attackers. Cybercriminals are growing increasingly sophisticated and brazen in their attacks, forming organised groups without a concern for secrecy. In fact, specialist companies are actively tracking 73 groups on the dark web in 2025, compared to just 46 groups last year, representing a 56% increase YoY.
Exploiting AI to power attacks
The advent of AI technology has exponentially increased the number of attack vectors and methods. Attackers continue to evolve and hone their techniques through the exploitation of AI models, with even the most inept cybercriminals posing a credible threat. A recent assessment by the National Cyber Security Centre (NCSC) stated that all types of cyber threat actors – state and non-state, skilled and less skilled – are already using AI to varying degrees. In particular, the technology is ‘providing capability uplift in reconnaissance and social engineering, almost certainly making both more effective, efficient and harder to detect’. A recent report found that almost half (48%) of security leaders now view generative AI as one of the most significant risks facing their organisations today.
It is time to fight fire with fire
Faced with such a daunting threat landscape, the situation for business can look bleak, particularly for those with small security teams and limited resources. Fortunately, help is out there. Specialist technicians and security researchers are providing support for organisations and helping ensure effective security measures are in place. In fact, a growing number of businesses have started to engage with security researchers to vigorously test their networks and other systems for vulnerabilities before they can be exploited by criminals.
These professionals use a variety of techniques to carry out their work, many of which mirror the very methods used by criminal actors. However, security researchers employ them solely within a legal and pre-agreed/authorised context rather than a malicious one. Penetration testing, or pentesting, is the act of simulating a cyber attack to identify security vulnerabilities. It’s one of the many tools in these researchers’ arsenals. In fact, community-driven pentesting has become an increasingly popular method of enhancing security measures, with a 67% increase over the past year. On average, these tests identify 12 vulnerabilities per engagement, with 16% classified as high or critical, demonstrating just how effective they can be in detecting critical vulnerabilities.
The benefits of an AI-supported defence
AI, while still seen as a top threat by security leaders, is also one of the most prominent tools cybersecurity professionals can employ. Just as threat actors are implementing AI to enhance their attack capabilities, security researchers are taking advantage of the same tools and techniques to bolster their defence strategies. The technology has already proved its value, supporting code generation and proactively uncovering vulnerabilities that would otherwise be missed. In fact, according to the most recent Hacker Powered Security Report, nearly 10% of security researchers now specialise in AI to meet the growing demand for AI testing engagements.
Governments must stand firm
These security techniques and strategies are all well and good, but without strong supporting pillars, defences can still fall flat. It is crucial that governments provide this support through national and international regulations, such as the Data Protection Act 2018 and the more recent General Data Protection Regulation. These remain vitally important factors in ensuring all organisations follow strict data protection principles and are held to account in the event of a breach. That being said, any legislation must tread a fine line between upholding standards and not hindering business productivity, otherwise, the willingness for organisations to remain compliant starts to diminish, negatively impacting all involved.
As the field of cyberwarfare continues to evolve, attacks will only rise, and criminal groups will grow ever more sophisticated and organised as they continue to exploit technologies such as GenAI. Security researchers are mounting an effective defence, harnessing modern technologies alongside tried and tested security methods. As attackers continue to develop newer and more dangerous threats, it is only through a strong, collaborative defence that organisations will hold fast in this increasingly volatile battlefield of cyberwarfare.
About the Author
Shobhit Gautam is Staff Solutions Architect, EMEA at HackerOne. HackerOne is a global leader in offensive security solutions. Our HackerOne Platform combines AI with the ingenuity of the largest community of security researchers to find and fix security, privacy, and AI vulnerabilities across the software development lifecycle. The platform offers bug bounty, vulnerability disclosure, pentesting, AI red teaming, and code security. We are trusted by industry leaders like Amazon, Anthropic, Crypto.com, General Motors, GitHub, Goldman Sachs, Uber, and the U.S. Department of Defense. HackerOne was named a Best Workplace for Innovators by Fast Company in 2023 and a Most Loved Workplace for Young Professionals in 2024.
Featured image: Adobe Stock
