Adversarial AI: When Attackers and Defenders Become Equals
Artificial intelligence has changed the rules of cybersecurity. In SecurityScorecard’s latest fireside chat, Adversarial AI: The New Symmetric Threat Landscape, CEO and Co-Founder Dr. Aleksandr Yampolskiy sat down with Dr. Srinivas Mukkamala, CEO of Securin, to examine what happens when the same technology driving innovation begins empowering attackers.
Mukkamala has spent two decades studying how adversaries think. He helped shape risk-based vulnerability management before it became industry standard. Now, as the CEO of Securin, he focuses on understanding what adversaries can do and how defenders can see it before it happens.
Watch the full talk.
“Defenders used to have the advantage,” Yampolskiy said as the discussion began. “We had the tools, the expertise, and the time.”
“That era is over,” Mukkamala said. “AI has leveled the field.”
He described a new kind of digital turning point. Smaller players, nation-states, and corporations can now wield AI with the precision once reserved for global powers. “AI wars are real,” he said. “They’ll play out everywhere, from governments to private adversaries.”
Listen to the audio below:
Adversarial AI: When Attackers and Defenders Become Equals (Audio File)
How AI Is Fueling The Five-Minute Breach
A single open port left active by mistake can now be discovered within minutes. AI-powered tools scan the internet in near real time.
“We used to measure risk in days or weeks,” Mukkamala said. “Now it’s seconds.”
That change has turned cybersecurity into a race that never stops. “Proactive isn’t enough anymore,” he said. “We have to be preemptive.”
Most defenses still rely on disconnected systems. Tools exchange data but don’t act on the information. Attackers don’t have that constraint.
“They don’t carry legacy systems,” he said. “They move faster, experiment freely, and automate everything.”
What The AI Attack Surface Includes
Yampolskiy asked what the “AI attack surface” really looks like. Mukkamala described it as a mix of open-source code, cloud services, and imported models.
“You might be running a model trained on unknown data from across the world,” he said. “You don’t know what’s inside it, what it’s biased toward, or what it connects to.”
He pointed out three kinds of bias: Data, domain, and algorithmic. Each creates security and safety risks. “If you don’t know what you’re asking, and you trust the answer completely, you can cause harm without realizing it.”
Yampolskiy shared his own example. Before giving a keynote in Spain, he asked ChatGPT to add a few cultural facts. “They looked perfect, even had references,” he said. “Then I checked. Every number was wrong.”
These kinds of errors can be relatively harmless in conversation, but not in a hospital or emergency system. AI can produce answers that sound confident and still be wrong.
Mukkamala’s research team studied 2,500 Model Context Protocol servers, the infrastructure behind many AI tools. The top weakness was improper input validation, the same flaw behind SQL injection.
“We said we’d build secure systems by design,” he said. “We forgot that applies to AI too.”
Why Boards Are Moving Faster on AI Than Security
Boards are now pushing hard for AI adoption. Some even tie compensation to usage. Mukkamala cautioned that this creates new risk. “It’s not a technology shift. It’s a mindset shift,” he said.
He advised leaders to start with people. “What do they need to unlearn? What do they need to relearn? Map that first. Then look at the process. Only after that do you bring in technology.”
Without that order, AI becomes another silo. The United States still lacks a federal AI bill, and each state is writing its own rules. “Boards are trying to lead without a compass,” he said. “We need education as much as regulation.”
What CISOs Should Do Now To Manage AI
If he were a CISO, Mukkamala said he’d start with three priorities.
First, identify people who can learn and adapt to AI. “You can’t fight AI with people who don’t understand it.”
Second, map every exposure created by AI tools, including “shadow AI,” where employees use external systems without oversight.
Third, prepare for AI incident response. “Traditional insurance and playbooks don’t cover it,” he said. “You need to know who to call and how to respond when the attack is global and automated.”
He also urged CISOs to brief boards with clarity, not fear. “Boards don’t want panic,” he said. “They want specifics.”
Balancing AI Innovation and Security
Yampolskiy asked how companies can secure AI without slowing innovation.
“There’s no perfect balance,” Mukkamala said. “If you slow down too much, you lose your edge. If you move too fast, you lose trust.”
The path forward, he said, is to know exactly where AI is used, what problem it solves, and what risks it introduces. He’s confident that AI will strengthen cybersecurity. “It lets us see the entire attack surface as one connected picture,” he said. “We can finally understand how threats move, not just where they start.”
How AI Helps Security Leaders
When Yampolskiy asked if he felt hopeful or worried about AI’s future, Mukkamala shared his positive outlook. “I’m optimistic,” he said. “AI amplifies who we are.”
He explained that writing a board update used to take him hours. Now it takes minutes. “It’s not replacing me,” he said. “It’s helping me think better.”
He sees AI as the next major economic shift that will create new industries and opportunities just as the internet and mobile revolutions did.
His closing thought was personal. “If I had any superpower,” he said, “it would be to make sure every person has food, water, and healthcare. Everything else is just tools. Humanity is the purpose.”
Watch the full conversation with Dr. Srinivas Mukkamala on SecurityScorecard’s BrightTalk channel to hear how AI is changing the balance between attackers and defenders, and what it means for the next era of cyber resilience.
Stay ahead of attacker innovation with real-time visibility into your cybersecurity ecosystem. Download SecurityScorecard’s 2025 Supply Chain Cybersecurity Trends: Why Visibility Is the Next Competitive Advantage