Blab AI
AI-Driven Cyber Threats Outpace Defenses, ASU Report Urges Rapid Investment and Coordination
A new rapid expert consultation report issued this week by the National Academies of Sciences, Engineering, and Medicine highlights that artificial intelligence (AI) is reshaping the cybersecurity landscape. Co‑authored by Nadya Bliss, executive director of Arizona State University’s Advanced Capabilities for National Security Institute, the study argues that AI currently gives attackers an advantage but that, with investment and coordination, defenders can regain the upper hand.
The report’s key takeaway is that AI is fundamentally transforming how cyber attacks are launched and defended. In the short term, attackers can use AI to identify and exploit vulnerabilities with a single successful attempt, while defenders must respond correctly to every threat. Bliss notes that the advantage is temporary and that the long‑term goal is to build systems that automatically protect users.
For individuals, the report reiterates basic security practices that remain effective against AI‑enhanced attacks. Bliss stresses that attackers now target both software flaws and human behavior, and that organizations such as banks are strengthening defenses with two‑factor authentication and passkeys. The report advises users to avoid clicking suspicious links and to refrain from sharing passwords or personal data over the phone.
Bliss explains that the time gap between the current vulnerability window and a future defensive advantage depends on public‑private collaboration, incentive structures, and investment in AI‑enabled security tools. The report calls for a compressed timeline to bridge this gap, emphasizing the need for coordinated efforts across industry, government, and academia.
The study also discusses the dual nature of AI, describing it as both a problem and a potential solution. Bliss compares the present situation to the rapid growth of the internet in the 1990s and early 2000s, when security lagged behind capability. She argues that the same lesson applies today: guardrails must be built efficiently to prevent misuse while allowing beneficial applications.
A concrete example cited in the report is Anthropic’s Claude Mythos, a frontier AI model released to a limited group of partners during the same period the study was developed. The model’s capabilities for finding software vulnerabilities prompted a cautious release strategy. Bliss notes that limiting access alone is insufficient; the report stresses the importance of systemic resilience and “defense‑in‑depth” to counter evolving threats.
Bliss identifies the most frightening development as the early internet’s widespread vulnerabilities, which led to significant data breaches and social media risks. She notes that current infrastructure—both technological and policy‑based—offers greater protection, and she expresses optimism that the lessons from the past will guide AI security practices.
The report concludes that continuous rapid assessments are necessary because AI diffusion is occurring at an unprecedented scale. Bliss recommends regular expert consultations across industries—including healthcare, finance, and transportation—to evaluate AI’s impact on security and society.
Finally, the study underscores AI’s relevance to national security. Bliss points out that the Pentagon is actively pursuing AI adoption to support warfighters and protect critical infrastructure such as energy, healthcare, and water systems. ASU is conducting projects that apply AI to hospital cybersecurity, military training, and space‑based communications.
In summary, the National Academies report calls for immediate investment in AI‑supported cybersecurity, coordinated public‑private partnerships, and ongoing expert reviews to shift the balance from attackers to defenders.
The report’s key takeaway is that AI is fundamentally transforming how cyber attacks are launched and defended. In the short term, attackers can use AI to identify and exploit vulnerabilities with a single successful attempt, while defenders must respond correctly to every threat. Bliss notes that the advantage is temporary and that the long‑term goal is to build systems that automatically protect users.
For individuals, the report reiterates basic security practices that remain effective against AI‑enhanced attacks. Bliss stresses that attackers now target both software flaws and human behavior, and that organizations such as banks are strengthening defenses with two‑factor authentication and passkeys. The report advises users to avoid clicking suspicious links and to refrain from sharing passwords or personal data over the phone.
Bliss explains that the time gap between the current vulnerability window and a future defensive advantage depends on public‑private collaboration, incentive structures, and investment in AI‑enabled security tools. The report calls for a compressed timeline to bridge this gap, emphasizing the need for coordinated efforts across industry, government, and academia.
The study also discusses the dual nature of AI, describing it as both a problem and a potential solution. Bliss compares the present situation to the rapid growth of the internet in the 1990s and early 2000s, when security lagged behind capability. She argues that the same lesson applies today: guardrails must be built efficiently to prevent misuse while allowing beneficial applications.
A concrete example cited in the report is Anthropic’s Claude Mythos, a frontier AI model released to a limited group of partners during the same period the study was developed. The model’s capabilities for finding software vulnerabilities prompted a cautious release strategy. Bliss notes that limiting access alone is insufficient; the report stresses the importance of systemic resilience and “defense‑in‑depth” to counter evolving threats.
Bliss identifies the most frightening development as the early internet’s widespread vulnerabilities, which led to significant data breaches and social media risks. She notes that current infrastructure—both technological and policy‑based—offers greater protection, and she expresses optimism that the lessons from the past will guide AI security practices.
The report concludes that continuous rapid assessments are necessary because AI diffusion is occurring at an unprecedented scale. Bliss recommends regular expert consultations across industries—including healthcare, finance, and transportation—to evaluate AI’s impact on security and society.
Finally, the study underscores AI’s relevance to national security. Bliss points out that the Pentagon is actively pursuing AI adoption to support warfighters and protect critical infrastructure such as energy, healthcare, and water systems. ASU is conducting projects that apply AI to hospital cybersecurity, military training, and space‑based communications.
In summary, the National Academies report calls for immediate investment in AI‑supported cybersecurity, coordinated public‑private partnerships, and ongoing expert reviews to shift the balance from attackers to defenders.
