AI, deepfake and the future of cybersecurity

The evolution of generative AI and deepfakes is profoundly reshaping the cybersecurity landscape. What until recently required advanced expertise, significant time, and substantial resources has now become widely accessible, with direct consequences on the nature and severity of cyber threats.
The most evident consequence is that the barrier to entry for carrying out sophisticated attacks has drastically decreased: social engineering has become more effective, more convincing, and harder to detect.
This article explores the main drivers behind this transformation and the implications for organizations that need to defend themselves.

Phishing and LLMs: more convincing and harder-to-detect attacks

LLMs have radically transformed phishing. Attack emails are no longer filled with grammatical mistakes or easily recognizable at first glance: they are written flawlessly, tailored to the victim’s specific context, and often crafted using public information such as professional profiles or company websites.

This makes them far more convincing and capable of bypassing traditional filters based on linguistic patterns. At the same time, the cost and time required to generate large-scale campaigns have dropped almost to zero, dramatically lowering the barrier to entry for anyone looking to carry out these types of attacks.

AI-generated phishing is often indistinguishable from legitimate communication. Traditional filters are no longer enough.

Traditional phishing LLM-enhanced phishing
Frequent grammatical mistakes. Grammatically correct and context-aware text.
Generic and repetitive templates. Personalized messages tailored to each victim.
Detectable by traditional spam filters. Bypasses traditional filters.
Slow and manual production. Large-scale automated generation..
Low success rate. Significantly higher deception success rate.

Deepfakes: new threats for businesses and digital processes

Alongside text-based phishing, deepfakes have reached a level of maturity that makes them a concrete threat even within the most critical business processes. This is no longer a niche or experimental phenomenon: today, just a few seconds of audio are enough to convincingly clone a person’s voice, while videos can be manipulated in real time during a video call.

The threat is no longer limited to deceiving individuals: these tools can also compromise automated systems, such as those used for facial recognition or digital onboarding processes. Techniques such as so-called “deepfake injection” demonstrate that even advanced solutions can be bypassed by carefully combining real and synthetic elements in a targeted and calibrated way.

Deepfake injection does not only deceive people: it can also bypass automated identity verification systems.

Let’s explore the current state of the art and the risks organizations may face depending on the different types of deepfakes.

Type State of the art Business risk
Voice cloning Only a few seconds of audio are enough. Phone scams and fraudulent authorizations.
Deepfake video Real-time manipulation during video calls. Digital onboarding bypass and identity fraud.
Deepfake injection Combination of real and synthetic elements. Bypasses automated biometric systems.
Synthetic images Instant and ultra-realistic generation. Fake documents, false identities.

AI agents: autonomous and continuous attacks

In this scenario, another disruptive element is emerging: autonomous AI agents. We are no longer talking only about tools that assist attackers in their activities, but about systems capable of planning and executing entire attack chains autonomously.

From initial reconnaissance to vulnerability exploitation, these agents can operate continuously, across multiple targets at the same time, adapting their strategy based on the outcome of each step. This profoundly changes the role of the human factor within the attack lifecycle: less manual and repetitive execution, and greater focus on interpreting risk, understanding context, and making high-level strategic decisions.

Autonomous AI agents can conduct the entire attack lifecycle — from reconnaissance to exploitation — without human intervention.

Zero-day vulnerabilities and AI: a temporary advantage for attackers

When it comes to zero-day vulnerabilities, attackers currently appear to have an advantage in using AI to analyze large codebases and identify bugs at a scale and speed previously unimaginable. However, this imbalance is unlikely to last.

The same technologies are increasingly being adopted on the defensive side, paving the way for a model in which security is integrated from the software design phase and continuously verified throughout the entire lifecycle. In addition, the number of “historical” vulnerabilities still present in legacy systems is inherently limited and will gradually decrease over time as they are identified and resolved.

Defensive AI is catching up: security by design and continuous verification will become the standard.

NIS2, DORA, and the AI Act: the regulatory landscape is driving change

The European regulatory landscape is placing increasing pressure on organizations to adopt structured, continuous, and well-documented security practices. Regulations such as NIS2, DORA, and the AI Act go beyond requiring formal compliance: they impose systematic approaches that make models based on occasional assessments or reactive interventions obsolete.

Security therefore becomes a permanent process integrated into daily business operations, rather than an occasional activity delegated to annual audits. This regulatory alignment is accelerating the adoption of more mature security practices even among organizations that had previously fallen behind.

What impact do these three regulations have on cybersecurity?

Regulations Scope Impact on security
NIS2 Critical infrastructure and essential operators across the EU. Incident reporting obligations, continuous risk management, and audit requirements.
DORA Financial sector and ICT supply chain. Digital operational resilience and mandatory penetration testing.
AI Act High-risk AI systems within the EU Transparency, human oversight, and technical documentation.

The future of offensive security and the human role alongside AI

Looking ahead to the coming years, it is likely that many offensive security activities will become increasingly automated, eventually evolving into on-demand services. Vulnerability Assessment and Penetration Testing (VAPT) may turn into a true commodity, with lower costs, greater standardization, and broader accessibility.

However, this does not eliminate the human role in cybersecurity: it redefines it and shifts the focus toward what AI still struggles to replicate. Understanding the real business impact of risk, identifying uncodified logical vulnerabilities, and interpreting complex scenarios remain uniquely human capabilities.

The following table compares some activities that AI may perform more effectively than a human professional working in the cybersecurity field.

What AI does better What human does better
Large-scale automated surveying. Understanding the real business impact of risk.
Codebase analysis for known vulnerabilities. Detection of complex logic vulnerabilities.
Continuous execution without interruption. Interpretation of ambiguous and previously unseen scenarios.
Fast and standardized reporting. Strategic decision-making in high-impact scenarios.
Scalability across multiple targets. Assessment of organizational and human impact.

The Betrusted approach: AI and expertise for advanced security

Betrusted is already moving concretely in this direction by developing automated and continuous penetration testing solutions powered by AI agents that support security experts in analysis, exploitation, and reporting activities.

The goal is not to replace the human factor, but to amplify its effectiveness while ensuring scalability, coverage, and methodological rigor. This hybrid approach preserves the high quality of human analysis — essential for understanding strategic risk — while simultaneously multiplying operational capacity and response speed.

What the Betrusted approach offers

Automated and continuous penetration testing with 24/7 coverage
AI agents for reconnaissance, exploitation, and report generation
Human expertise dedicated to strategic risk analysis and complex logic vulnerabilities
Scalability and methodological standardization aligned with NIS2, DORA, and AI Act requirements
A hybrid human-in-the-loop model designed to maximize both quality and speed

The future of cybersecurity is hybrid.
AI enhances human capabilities, it does not replace them. True defense comes from the integration of advanced technology and strategic intelligence.

Read latest posts

Discover how we can help you

Together, we’ll find the best solutions to tackle the challenges your business faces every day.

Traditional phishing	LLM-enhanced phishing
Frequent grammatical mistakes.	Grammatically correct and context-aware text.
Generic and repetitive templates.	Personalized messages tailored to each victim.
Detectable by traditional spam filters.	Bypasses traditional filters.
Slow and manual production.	Large-scale automated generation..
Low success rate.	Significantly higher deception success rate.

Type	State of the art	Business risk
Voice cloning	Only a few seconds of audio are enough.	Phone scams and fraudulent authorizations.
Deepfake video	Real-time manipulation during video calls.	Digital onboarding bypass and identity fraud.
Deepfake injection	Combination of real and synthetic elements.	Bypasses automated biometric systems.
Synthetic images	Instant and ultra-realistic generation.	Fake documents, false identities.

Regulations	Scope	Impact on security
NIS2	Critical infrastructure and essential operators across the EU.	Incident reporting obligations, continuous risk management, and audit requirements.
DORA	Financial sector and ICT supply chain.	Digital operational resilience and mandatory penetration testing.
AI Act	High-risk AI systems within the EU	Transparency, human oversight, and technical documentation.

What AI does better	What human does better
Large-scale automated surveying.	Understanding the real business impact of risk.
Codebase analysis for known vulnerabilities.	Detection of complex logic vulnerabilities.
Continuous execution without interruption.	Interpretation of ambiguous and previously unseen scenarios.
Fast and standardized reporting.	Strategic decision-making in high-impact scenarios.
Scalability across multiple targets.	Assessment of organizational and human impact.