Welcome to CYBER_AI, a new newsletter from the Packt team focusing on—well, exactly what it says on the tin: cybersecurity in the age of AI.

Here we go on another step into the future, into a world where the world of cybersecurity brims with the confidence that AI can bring to our practice. Of course, this goal—like all goals—requires us to set up the foundations properly and figure out how we stand on them. That means, for all those struggling to make these ambitious bounds forward, establishing the “101” topics and making sure they are widely understood. For a look into the future, here's our plan:

1. What “Cybersecurity AI” Actually Means

2. Machine Learning 101 for Security Professionals

3. Threat Detection with AI: From Rules to Models

4. Adversarial Machine Learning Basics

5. LLMs in Cybersecurity: Capabilities and Limitations

6. Securing AI Models and Pipelines (AI Supply Chain Security)

7. AI-Enhanced Offensive Techniques

8. Privacy and Data Protection in AI Systems

9. AI Governance, Ethics, and Risk Management

10. Building a Security-Aware AI Workflow

Sound good? Head over to Substack and sign up there!

In this newsletter, we’ll explore how AI is transforming cybersecurity—what’s new, what’s next, and what you can do to stay secure in the age of intelligent threats.

Welcome aboard! The future of cyber defence starts here.

Cheers!
Austin Miller
Editor-in-Chief

AI firm claims it stopped Chinese state-sponsored cyber-attack campaign: Anthropic, the AI company behind Claude, says it detected and halted a Chinese state-sponsored cyber-espionage campaign that used its Claude Code tool. According to Anthropic, 80–90% of the operations in the attack were carried out without human intervention—making it possibly the first large-scale cyberattack primarily executed by AI. While some intrusions succeeded, Claude’s own errors and misinformation limited the damage. Experts have raised concerns about guardrail vulnerabilities and the risk of integrating powerful AI tools without fully understanding their security implications.

Russia and China increasingly using AI to escalate cyberattacks on the US, says Microsoft: A Microsoft report reveals that foreign adversaries—including Russia, China, Iran, and North Korea—are leveraging AI to enhance cyberattacks and disinformation campaigns targeting the U.S. In one month (July 2025), Microsoft detected over 200 instances of AI-generated fake content, more than double the amount from the previous year. The report warns of growing sophistication in phishing, deepfake impersonations, and automated hacking. Experts say U.S. institutions remain exposed due to outdated cybersecurity defenses.

The Era of AI-Generated Ransomware Has Arrived: Generative AI tools are accelerating the evolution of ransomware. Research from Anthropic and ESET shows that criminals are using models like Claude and Claude Code to automate many stages of ransomware attacks—target identification, malware writing, data analysis, and ransom note generation. A proof-of-concept called “PromptLock” was also discovered, which uses locally hosted LLMs to generate malicious scripts. This marks a dangerous shift: even non-expert cybercriminals can now deploy more advanced malware.

AI-powered malware is here: Google’s Threat Intelligence Group has identified two new real-world malware strains — PromptFlux and PromptSteal — that utilize large language models to adapt their behavior during an attack. PromptFlux was spotted on VirusTotal calling back to Google’s Gemini model, while PromptSteal uses an open-source AI model. These are among the first known cases where malware dynamically changes its tactics using AI, signaling a worrying trend in cybercrime sophistication.

AI-fueled cybercrime may outpace traditional defenses, Check Point warns: Check Point Software Technologies released a report warning that cybercriminals are increasingly adopting AI tools, and defenders must also leverage AI to keep up. Their research found that a significant number of generative AI prompts contain sensitive data, and AI platform vulnerabilities are growing enterprise risks. Check Point argues that security teams need to build AI-first defence strategies to counter the evolving threat landscape.

AI Is Now the Leading Cybersecurity Concern for Security, IT Leaders: A global survey of over 1,200 senior IT and cybersecurity decision-makers (from 15 countries) reveals that AI and large language models have overtaken ransomware as the top concern. Many organizations lack visibility over their AI risk, have outdated incident response plans, and face budget constraints. The shift shows how rapidly priorities are changing as generative AI becomes deeply embedded in business but opens new attack surfaces.

AI as Cyberattacker: "From Anthropic:

In mid-September 2025, we detected suspicious activity that later investigation determined to be a highly sophisticated espionage campaign. The attackers used AI’s “agentic” capabilities to an unprecedented degree­—using AI not just as an advisor, but to execute the cyberattacks themselves.

The threat actor—­whom we assess with high confidence was a Chinese state-sponsored group—­manipulated our Claude Code tool into attempting infiltration into roughly thirty global targets and succeeded in a small number of cases. The operation targeted large tech companies, financial institutions, chemical manufacturing companies, and government agencies. We believe this is the first documented case of a large-scale cyberattack executed without substantial human intervention."

AI and Voter Engagement: "Social media has been a familiar, even mundane, part of life for nearly two decades. It can be easy to forget it was not always that way. In 2008, social media was just emerging into the mainstream. Facebook reached 100 million users that summer. And a singular candidate was integrating social media into his political campaign: Barack Obama. His campaign’s use of social media was so bracingly innovative, so impactful, that it was viewed by journalist David Talbot and others as the strategy that enabled the first term Senator to win the White House."

The Role of Humans in an AI-Powered World: "As AI capabilities grow, we must delineate the roles that should remain exclusively human. The line seems to be between fact-based decisions and judgment-based decisions. For example, in a medical context, if an AI was demonstrably better at reading a test result and diagnosing cancer than a human, you would take the AI in a second. You want the more accurate tool. But justice is harder because justice is inherently a human quality in a way that “Is this tumor cancerous?” is not. That’s a fact-based question. “What’s the right thing to do here?” is a human-based question."

Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms, fromKnowledge and Information Systems: This is a comprehensive survey (published April 2025) of how AI (especially machine learning) is being applied in cybersecurity. The paper covers intrusion detection, malware classification, behavioral analysis, and threat intelligence. It also discusses future paradigms — where traditional defense mechanisms are no longer sufficient, and AI-driven security is needed to counter increasingly sophisticated cyber threats.

Generative AI revolution in cybersecurity: a comprehensive review of threat intelligence and operations, from Artificial Intelligence Review: This paper explores the role of generative AI (GenAI) in cybersecurity operations. It examines how generative models can support threat intelligence, automate responses, and assist in security operations more autonomously. The authors also look at potential risks and trade-offs when deploying GenAI in cyber defense.

Organizational Adaptation to Generative AI in Cybersecurity: A Systematic Review (Christopher Nott): This May 2025 study investigates how organizations are adapting their cybersecurity operations in response to the advent of generative AI. Using systematic document analysis and case studies, it identifies how firms are changing their threat modeling, governance, and incident response frameworks. It notes that successful adoption tends to come from organizations with mature security infrastructure, strong human oversight, and clear AI governance.

A cybersecurity AI agent selection and decision support framework (Masike Malatji): This October 2025 paper proposes a structured decision-support framework for selecting different types of AI agents (reactive, cognitive, hybrid, learning) in line with the NIST Cybersecurity Framework 2.0. The framework considers attributes like autonomy, learning capability, and responsiveness, linking them to real-world cyber tasks (e.g., detection, incident response). It also defines graduated autonomy levels (assisted, augmented, autonomous) to align with different organizational maturity levels.

Towards Explainable and Lightweight AI for Real-Time Cyber Threat Hunting in Edge Networks (Milad Rahmati): Published in April 2025, this paper addresses the challenges of deploying AI on edge devices, such as resource constraints and lack of interpretability. It proposes an “Explainable and Lightweight AI (ELAI)” framework combining decision trees, attention-based deep learning, and federated learning. This hybrid approach aims to deliver real-time threat detection on edge networks, with transparency (so analysts understand AI decisions) and efficiency.

Harnessing artificial intelligence (AI) for cybersecurity: Challenges, opportunities, risks, future directions (Zarif Bin Akhtar & Ahmed Tajbiul Rawol), fromComputing and Artificial Intelligence:This article examines how AI can be both a powerful tool for cybersecurity and a source of risk. The authors explore vulnerabilities inherent in AI systems (e.g., data poisoning, adversarial attacks) and discuss ethical, regulatory, and governance issues. They also propose strategic solutions and frameworks to build robust AI-based security systems.