We’ve been asking the wrong question about AI and security
Most of the conversation around generative AI and cybersecurity focuses on whether companies are protected enough. But that framing misses something bigger: the real shift isn’t that attacks are getting stronger — it’s that they’re getting easier to launch. Anyone with access to a generative AI tool and bad intentions now has capabilities that, five years ago, would have required a skilled team of hackers. That’s the part we’re not talking about enough.
I’m Maya Johnson, and I write about AI for people who didn’t study computer science. So let me break this down in plain terms, because the numbers coming out of 2026 are genuinely alarming — and most people still don’t know what prompt injection even means.
The numbers are hard to ignore
AI-enabled cyberattacks rose 89% this year. Not a small uptick — nearly double. A UK-wide survey found that 77% of organizational leaders believe AI has increased their company’s cyber risk. Yet only 27% of those same leaders feel prepared to deal with it. That gap between awareness and readiness is where the real danger lives.
And it’s not just big corporations in the crosshairs. When attack tools become easier to use, smaller targets become viable. Your local clinic, your kid’s school, the startup your friend works at — all of them are now operating in a threat environment that was previously reserved for Fortune 500 companies.
So what exactly is generative AI doing to make this worse?
Three things, mostly:
- Prompt injection attacks. This is when someone sneaks malicious instructions into text that an AI system will read and act on. Think of it like leaving a fake sticky note on someone’s desk that says “forward all emails to this address.” The AI follows instructions — it doesn’t always know which ones are legitimate.
- AI-written malicious code. Writing functional malware used to require real technical skill. Generative AI can now produce working code fast, which means the barrier to entry for launching an attack has dropped significantly.
- Data leaks through AI tools themselves. When employees use AI assistants at work — sometimes without their company’s knowledge, a trend called Shadow AI — they often paste in sensitive information. That data can end up stored, shared, or exposed in ways nobody intended.
The “Shadow AI” problem is bigger than most people realize
Shadow AI refers to employees using AI tools that haven’t been approved or even acknowledged by their organization’s IT team. Someone uses a free AI writing tool to draft a report and pastes in client data. Someone else runs customer emails through a chatbot them faster. These feel like productivity wins in the moment. But the data goes somewhere, and companies often have no visibility into where.
This isn’t about blaming workers. It’s about the fact that AI tools are so accessible and useful that people adopt them faster than security policies can keep up. That’s a structural problem, not a personal one.
Enterprises deploying AI defenses are still getting breached
Here’s something that should give everyone pause: even companies that have invested in AI-powered defenses still faced breaches in 29% of cases. That tells us that using AI to defend against AI-powered attacks is not a clean solution. The offense is moving fast, and defense is playing catch-up.
Attacks in 2026 are described as faster, stealthier, and more targeted than before. Autonomous breaches — where AI systems carry out attacks with minimal human involvement — are no longer theoretical. They’ve been documented this year.
What non-technical people can actually do
You don’t need to become a cybersecurity expert. But a few habits matter more now than they did two years ago:
- Be careful what you paste into free AI tools, especially anything work-related or personally identifying.
- If you manage a team, ask whether your organization has a policy on AI tool usage. If it doesn’t, that’s worth raising.
- Treat AI-generated messages — emails, voice calls, videos — with the same skepticism you’d apply to anything that feels slightly off. Deepfakes are part of this threat space now.
Generative AI is genuinely useful. I use it, I write about it, and I think it has real value. But the same qualities that make it powerful for good — speed, accessibility, the ability to generate convincing content — make it a serious tool for harm when it lands in the wrong hands. Understanding that isn’t pessimism. It’s just being clear-eyed about what we’re actually dealing with.
🕒 Published: