At WAICF 2025, David Grout, CE Manager SEMEA at Google, presented “AI Trust, Security & Compliance: AI & Cybersecurity — Eternal Flame, Frozen Heart”. In this presentation, he analyzed cyber threats enhanced by AI, cybercriminals’ strategies, as well as the opportunities offered by AI to strengthen cybersecurity.
AI, a Double-Edged Sword for Cybersecurity
The rise of artificial intelligence represents both an opportunity and a risk for cybersecurity. On one hand, it strengthens defense systems by detecting threats more quickly. On the other hand, it is also used by malicious actors to perfect their attacks. David Grout emphasized that media discourse around AI is often exaggerated or biased, somewhere between myths and realities. While some already imagine automated attacks carried out by autonomous AIs, the reality is more nuanced: the majority of current attacks are still initiated by humans, but they are optimized by AI.
The Growing Role of AI in Cyberattacks
Google closely monitors the evolution of cyber threats, particularly those involving state-sponsored groups or organized cybercriminals. These groups exploit AI primarily in three ways:
- Phishing optimization: Generative AI is used to create better-written, more convincing fraudulent emails in multiple languages, thus increasing the success rate of phishing attacks.
- Vulnerability research: Attackers use AI models to analyze security flaws in existing software and infrastructures.
- Development of more sophisticated malware: Thanks to AI, malware becomes more adaptive, capable of modifying its code to avoid detection by defense systems.
These techniques allow hackers to automate part of their work and gain efficiency.
Artificial Intelligence as a Defense Tool in Cybersecurity
If AI is a threat, it is also a valuable weapon for defenders. David Grout highlighted several Google initiatives to improve cybersecurity using AI.
- Advanced Threat Detection
AI enables the analysis of massive volumes of data to identify suspicious practices in real time. For example, it can detect:
- Fraudulent access attempts to sensitive systems.
- Anomalies in user behavior, a sign of potential compromise.
- Novel malware, even if not yet listed in traditional signature databases.
Google relies on behavioral monitoring rather than a simple blacklist of known threats, which enables the detection of zero-day attacks (novel attacks exploiting still-unknown vulnerabilities).
- Automated Malware Analysis
One of the major projects mentioned by David Grout concerns improving malware analysis through AI. Rather than relying on static analysis of malicious files, AI enables:
- Anticipating malware behavior even before its execution.
- Generating understandable descriptions of its functioning, even for junior analysts.
- Automating the creation of signatures to block similar threats as soon as they appear.
This automation and explanation capability makes it possible to accelerate incident response and reduce dependence on cybersecurity experts.
- Securing AI Models: Model Armor
Google also presented Model Armor, a new technology designed to protect AI models against adversarial attacks.
Cybercriminals indeed attempt to poison AI models by injecting biased data, or to manipulate them by slightly modifying their inputs to deceive them. Model Armor aims to:
- Strengthen the robustness of AI models against malicious maneuvers.
- Protect interactions (prompt in, prompt out) to prevent sensitive information from being compromised.
- Detect exploitation attempts on models by monitoring suspicious queries.
This technology is essential to ensure the reliability of AI models used in sensitive applications, particularly in cybersecurity.
The Role of Open Source in Cybersecurity and AI
Open source plays a major role in the development of artificial intelligence and cybersecurity. On one hand, it enables rapid and collaborative innovation. But on the other hand, it gives cybercriminals access to the same tools as defenders.
David Grout warned against the misuse of open source technologies by hackers. For example:
- Criminals can exploit open source AI models to perfect their phishing techniques.
- Open source cybersecurity tools can be analyzed to identify and bypass their flaws.
Despite these risks, David Grout insisted on the importance of not demonizing open source. He advocates for a balanced approach, where:
- Open source communities continue to innovate to improve cybersecurity.
- Governance frameworks are established to prevent these tools from being misused for malicious purposes.
In short, open source remains a powerful lever for cybersecurity, provided it is responsibly managed.
Towards AI-Augmented Cybersecurity
Despite the challenges posed by AI, defenders have an edge over attackers.
- AI as a Catalyst for Resilience
AI does not replace cybersecurity experts, but it enhances their capabilities:
- It automates repetitive tasks, allowing analysts to focus on critical cases.
- It facilitates threat understanding by generating clear and detailed reports.
- It accelerates incident response, reducing the impact of attacks.
- Essential Collaboration
Google emphasizes collaboration between companies, researchers, and governments to build robust cybersecurity. AI must be developed in a transparent and responsible manner, with an approach centered on user protection.
- Maintaining the Defenders’ Advantage
Cybercriminals therefore exploit AI for their attacks. But cybersecurity experts have a major asset: they better understand AI mechanisms and can use it to anticipate and neutralize threats before they materialize.
David Grout concluded by emphasizing the importance of staying one step ahead: by developing robust, secure, and accessible AI tools for defenders, we can build a safer digital future.
AI and cybersecurity are therefore inseparable. Far from being merely a danger, AI represents a unique opportunity to better protect digital infrastructures and counter emerging threats. The key lies in a proactive, collaborative, and ethical approach, where technology serves security and digital trust.
