Cybersecurity firms warn of risks with AI implementation in organizations

Miami, May 12 (EFE).- Cybersecurity companies Batuta, Cloudflare, and Sophos have warned of a trend in several analyses: organizations are accelerating the implementation of artificial intelligence (AI) while underestimating existing security risks.

Digi Americas released a statement on the findings and conclusions of various studies conducted by these companies on the risks AI poses to organizational security.

The Sophos 2025 Active Adversary Report indicated that attackers are becoming “faster and more sophisticated,” increasingly relying on legitimate credentials and tools to avoid detection.

“AI is an extraordinary force multiplier, but it is not the ultimate solution,” said Sophos Field CTO John Shier. He believes that organizations treating AI as a substitute for strong security architecture and skilled human judgment are creating “blind spots” that attackers seek to exploit.

Meanwhile, Cloudflare’s 2026 Threat Report and Q4 DDoS Threat Report documented a large-scale rise in DDoS attacks—with a 121% increase in 2025—and found that AI-focused organizations were frequent targets throughout the year.

Misconceptions about AI and cybersecurity

The companies agreed that one major misconception is the belief that AI alone can guarantee comprehensive security. While AI-based tools are improving detection and response capabilities, they stressed that such tools should complement—not replace—core security fundamentals.

In addition, Sophos research highlighted that AI is creating a “double effect” in cybersecurity, as it strengthens defenses while also introducing new risks such as shadow AI—the unauthorized use of AI tools within organizations—and increased operational complexity.

Another misconception cited is that AI-related threats are a future problem. The companies noted that cybercriminals are already using AI to scale and refine attacks, including advanced phishing campaigns and deepfake-based social engineering.

“We continue hearing organizations say they will address AI-enabled threats once they mature,” said Batuta CEO Federico Nan. However, he warned that “that opportunity has already passed,” because “cybercriminals are already using AI to reduce costs and increase the effectiveness of their attacks.” In addition, he said that organizations that are prepared “are those that treat AI as a current threat.”

According to Cloudflare data, DDoS attack traffic targeting AI companies rose by 347% in the third quarter of 2025. Meanwhile, the 2026 Threat Report warned that fraud involving remote IT workers is accelerating rapidly through organized operations using generative AI to pass interviews and deepfake tools to create fake government identification. Their goal is to infiltrate companies and steal intellectual property or divert revenue.

The companies also pointed to another common mistake: viewing AI security as merely an information technology (IT) issue rather than a business risk. In this context, they noted that AI-related risks—such as compromised decision-making and erosion of customer trust—are becoming increasingly central to business value.

“When AI systems are manipulated or exploited, the impact extends far beyond the security team,” said Blake Darché, head of Threat Intelligence at Cloudflare’s Cloudforce One, who warned that the consequences can affect financial performance, regulatory compliance, and brand trust.

Cybersecurity leaders agreed that addressing AI risk requires a more integrated approach. Among the key priorities they highlighted were strengthening data integrity, model validation, and access controls; assessing third-party AI and supply-chain dependencies; and aligning security strategies with constantly evolving regulatory expectations. EFE

PBD-jap/mb/ims/seo/lap

EFE received support from Digi America in the publication of this content.