PHUKET, Thailand

The rise of artificial intelligence (AI) in cybersecurity is ushering in a new era on both the offensive and defensive fronts, with experts warning that the technology is emerging as a powerful tool not only for those seeking to protect against cyber threats, but also for the attackers themselves.

Sergey Lozhkin, head of the Asia-Pacific (APAC) and Middle East, Türkiye and Africa (META) regions for Kaspersky’s Global Research and Analysis Team (GReAT), told Anadolu that AI is now used widely — from code generation to video creation — and is no longer confined to ethical users.

“AI doesn’t know if something is good or bad, and even if it has some kind of protective mechanism, it can be bypassed,” Lozhkin said.

“AI could work in both spaces — to enhance the attacking capability of bad actors and to enhance the defensive capability of cybersecurity vendors. It could be both used in legitimate and non-legitimate ways, and each year, they are used more and more by security professionals and bad guys.”

Noting that this situation poses risks not only for cybersecurity but also for society at large, Lozhkin warned: “Everybody is using AI right now for different kinds of tasks — code generation, video creation, and anything like this. And it will still be the fight of sword and shield, but enhanced with AI.”

APT groups target governments, telecoms, logistics and high-tech

Lozhkin said that state-sponsored advanced persistent threat (APT) groups — known for carrying out sophisticated cyberattacks — have also begun using AI, but their targets have remained consistent over the years.

“In the APAC and META region, we observed a number of different kinds of APTs, like SideWinder APT, Tetris, Phantom, Lazarus and many others,” he said.

“We don’t see a significant shift in their point of interest. For the last five years and even more, their interests are absolutely the same: governmental, telecommunication, some high-tech sector, and military.”

He also noted that these groups are particularly interested in trade routes, maritime infrastructure, and logistics in countries that play significant political or economic roles in their regions.

“They are interested in countries like Türkiye, the United Arab Emirates (UAE) - countries that have power and involvement,” he said. “These countries are always of interest to APTs and state-sponsored groups.”

Hidden threats can be embedded during device production

Lozhkin stressed that cyber threats are not always the result of user behavior. Malicious components can be embedded into devices during the manufacturing stage — before the device is even powered on.

“In my opinion, it’s one of the biggest threats right now among supply chain attacks and firmware backdoors. This kind of attack is the hardest to detect,” he said. “If something is planted on the hardware level at the production facility, it could easily look like a legitimate part. It is super hard to distinguish whether a component inside the hardware is malicious or not.”

He explained that while traditional malware can be reverse engineered relatively quickly, detecting a backdoor hidden at the hardware or firmware level requires highly specialized skills, tools, and deep knowledge — often without any official documentation to guide analysis.

“You have to be a super good elite security researcher to find these kinds of threats,” Lozhkin said. “Only a few people in the world can do it easily.”

Kaspersky researchers detected hidden vulnerability in iPhone chip

Lozhkin noted that Kaspersky has a dedicated team focused on hardware security and that they recently uncovered a high-profile hardware attack.

“In the ‘Operation Triangulation’ attack on iPhones, we found a kind of hardware-level backdoor that used undocumented functions of the Apple processor,” he said. “We found it. This kind of discovery takes advanced expertise — and we have that capacity.”

Fragmented global defense hinders cybersecurity

Despite the rise of AI in cybersecurity, Lozhkin pointed out the lack of a global cooperation framework and said fragmentation between nations and companies poses a serious risk.

“A lot of countries and even companies care only about what is happening on their local ground. They don’t like to share information with each other - with other governments or private companies,” he said.

According to Lozhkin, this lack of collaboration weakens the global defense against emerging threats. “If cybersecurity is not global but fragmented, and everybody is working on a small piece and not sharing the data, it decreases the possibility of fighting back properly.”

He stressed that data sharing between governments and the private sector could significantly improve response capabilities against complex cyber threats.

“If governments shared information with private companies that have a lot of experience and knowledge, it would be much easier to fight back to this threat,” he said.