Video Interviews 

The Dual Role of AI in Cybersecurity: Shield or Weapon?

Avatar photo by Alan Shimel on December 1, 2025

Artificial intelligence isn’t just another tool in the security stack anymore – it’s changing how software is written, how vulnerabilities spread and how long attackers can sit undetected inside complex environments. Security researcher and startup founder Guy Arazi unpacks why AI has become both a powerful defensive accelerator and a force multiplier for adversaries, especially in application security.

Arazi traces the problem back to basic economics: Organizations are shipping code faster than ever with AI-assisted development, but product and AppSec teams haven’t grown at the same pace and are still using tools built for a pre-AI era. Even before generative AI, those teams were drowning in vulnerability backlogs and false positives. Now, AI agents can copy and reuse insecure patterns across dozens or hundreds of services, turning individual bugs into systemic weaknesses that nobody fully understands.

That asymmetry is amplified by the way attackers operate. Their KPI is simple—compromise or not—and they’re willing to play the long game, quietly weaponizing public research, bug bounty reports and one-off disclosures into broad campaigns. A single published exploit path can become a blueprint for probing every similar feature and service an organization runs, especially when internal defenses don’t consistently apply “defense in depth” beyond internet-facing surfaces.

Arazi argues that defenders need to rethink both prioritization and how they use AI themselves. High-impact, proven exploit paths—whether found by internal engineers, pen testers or external researchers—should be treated as critical signals and hunted across the entire codebase, not fixed in isolation. At the same time, teams should lean on AI to encode local rules, automate pull-request reviews and reduce repeat mistakes, while still relying on human experts to validate what the models miss or misjudge.

We may be at the “beginning of the beginning” for AI in security, Arazi says, but the gap between how quickly AI can introduce risk and how slowly enterprises adapt is already here. The job now is to close that gap before adversaries do it for us.

Alan Shimel , , ,
Avatar photo

Alan Shimel

Throughout his career spanning over 25 years in the IT industry, Alan Shimel has been at the forefront of leading technology change. From hosting and infrastructure, to security and now DevOps, Shimel is an industry leader whose opinions and views are widely sought after.

Alan’s entrepreneurial ventures have seen him found or co-found several technology related companies including TriStar Web, StillSecure, The CISO Group, MediaOps, Inc., DevOps.com and the DevOps Institute. He has also helped several companies grow from startup to public entities and beyond. He has held a variety of executive roles around Business and Corporate Development, Sales, Marketing, Product and Strategy.

Alan is also the founder of the Security Bloggers Network, the Security Bloggers Meetups and awards which run at various Security conferences and Security Boulevard.

Most recently Shimel saw the impact that DevOps and related technologies were going to have on the Software Development Lifecycle and the entire IT stack. He founded DevOps.com and then the DevOps Institute. DevOps.com is the leading destination for all things DevOps, as well as the producers of multiple DevOps events called DevOps Connect. DevOps Connect produces DevSecOps and Rugged DevOps tracks and events at leading security conferences such as RSA Conference, InfoSec Europe and InfoSec World. The DevOps Institute is the leading provider of DevOps education, training and certification.

Alan has a BA in Government and Politics from St Johns University, a JD from New York Law School and a lifetime of business experience. His legal education, long experience in the field, and New York street smarts combine to form a unique personality that is always in demand to appear at conferences and events.

alan has 171 posts and counting.See all posts by alan