It's time to use AI to fight AI
“Organizations should be focused on using AI to fight AI. As cybercriminals begin to leverage AI to increase the speed, scale and sophistication of their attacks, it’s becoming clear that traditional security tools alone are no longer enough,” says Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks.
According to Palo Alto Networks’ 2025 Unit 42 Global Incident Response Report, threat actors are now evolving their tactics, moving beyond traditional ransomware and data theft to focus on business disruption, AI-assisted attacks, and insider threats.
The report aims to highlight how the increased sophistication of malicious actors is amplifying the challenges faced by businesses worldwide. Key findings of the 2025 Unit 42 Global Incident Response Report indicate operational disruption to be a primary goal with attackers prioritizing data sabotage over theft. What’s more concerning from the report is that cyber attackers are exfiltrating data three times faster than in 2021, with 25% of cases seeing data stolen within five hours, and nearly 20% occurring in under an hour.
With cybercriminals leveraging AI to launch more sophisticated attacks on organizations, Steven Scheurmann, Regional Vice President for ASEAN at Palo Alto Networks explains more about the findings in an interview with CRN Asia.
As cybercriminals leverage AI to launch more sophisticated attacks on businesses, should organizations also be focused on using AI to fight AI?
Yes, organizations should be focused on using AI to fight AI. As cybercriminals begin to leverage AI to increase the speed, scale and sophistication of their attacks, it’s becoming clear that traditional security tools alone are no longer enough. AI enables attackers to automate tasks like phishing, malware development and lateral movement—giving them a significant speed advantage.
According to the 2025 Unit 42 Global Incident Response Report by Unit 42 Palo Alto Networks, data was removed from nearly one in five organizations in less than an hour. The report also found that data exfiltration now happens three times faster than in 2021, which underscores just how difficult it has become to detect and stop these attacks in time.
To stay ahead, defenders will need to adopt AI-driven security solutions that can operate at the same speed as the threats they face—solutions that can identify patterns, learn from data, and respond in real time. Equally critical is ensuring that AI is secure by design, with built-in safeguards from the start, and that it is integrated into a platformized cybersecurity approach to reduce gaps and blind spots.
Are humans still the weakest link when it comes to cybersecurity? Can AI help deal with this challenge?
Human behaviour continues to be a pivotal factor in cybersecurity resilience, especially as social engineering tactics, like phishing, continue to become more sophisticated. In fact, phishing still accounts for 23% of initial attack vectors, and browser-based threats now contribute to 44% of incidents, with employees often falling victim to malicious redirects or downloading malware due to inadequate browser security controls. This human vulnerability stems from a mix of urgency, emotional manipulation, and a lack of real-time security controls, especially in unmanaged environments created by BYOD policies and shadow IT.
Where AI steps in is by enhancing both visibility and speed of response. AI-powered detection systems can analyze patterns and anomalies across encrypted traffic, SaaS applications, unmanaged devices, and cloud environments to spot malicious activity that might otherwise slip through. By learning from billions of signals, AI helps shrink the window between intrusion and detection, crucial when every second counts. Additionally, using AI within a platformized, risk-aware framework ensures not just technical capability, but ethical and responsible deployment that strengthens the overall cybersecurity posture without overburdening human teams.
A lot of organizations are also challenged with the increasing cybersecurity solutions they need and are looking towards a platformized approach for better cybersecurity management. How is Palo Alto Networks enabling this?
As per our recent study with IBM, organizations in Singapore are grappling with an average of 64 security solutions from 24 different vendors, creating a fragmented environment that hinders threat detection and response. With 78% of local executives citing complexity as the biggest roadblock to cybersecurity operations, a platformized approach becomes essential.
Integrating multiple solutions into a unified platform closes coverage gaps created by siloed tools.
That’s why we are championing a unified model through three integrated platforms: Strata for Network Security, Prisma for Cloud Security, and Cortex for Security Operations. These platforms, powered by Precision AI, facilitate cross-platform intelligence, real-time threat detection, and automated response.
By consolidating their security architecture into a unified system, organizations can also empower teams with AI-driven insights through machine learning, deep learning and Generative AI.
Ultimately, a platformized approach simplifies procurement, lightens operational load, and strengthens overall security posture by unifying detection, analysis, and response efforts under a cohesive, AI-driven framework.
Skills in cybersecurity remain a challenge. How is Palo Alto Networks dealing with this? Should businesses also look to MSPs and MSSPs to help them?
As Singapore accelerates its digital initiatives, so do the volume and sophistication of cyber threats. Despite efforts to expand the cybersecurity workforce, the supply of qualified professionals has not kept pace with demand. According to the Cyber Security Agency of Singapore (CSA), an additional 1,000 cybersecurity professionals are estimated to be needed annually to meet industry requirements.
We employ AI and machine learning to improve security operations through automated threat detection and task handling. AI-powered detection helps address a wide range of threats with sophisticated AI algorithms that sift through extensive data sets, enabling early and real-time detection of threats. With AI, routine tasks such as patch management, malware scanning, and network monitoring are now automated, hence reducing the burden on human analysts and reducing the likelihood of human error.
According to a benchmark study we conducted with Tech Research Asia, 79% of companies in Singapore claimed that they would rely on partners to support cybersecurity efforts within two years. Engaging Managed Service Providers (MSPs) or Managed Security Providers (MSSPs) is a strategic move, offering scalable, 24/7 support while maintaining compliance.
Aside from deploying a unified security platform, we are also embracing the Zero Trust strategic security model in our operations. By adhering to principles such as strict identity verification, least privilege access, and continuous monitoring, businesses can aim to reduce the potential impact of sophisticated AI-assisted attacks.
How is Palo Alto Networks ensuring its partner ecosystem is capable of supporting customer requirements, especially with the threat landscape evolving so rapidly?
We support customer requirements through platformization – offering a unified platform that integrates network, cloud, and security operations. This approach empowers partners to deliver end-to-end security solutions while simplifying complexity for customers. In addition, this helps customers to streamline their security stack by reducing the number of tools from an average of 40 to fewer than 10, improving operational efficiency and reducing costs.
We also equip our partner ecosystem with an array of AI-powered capabilities that go hand-in-hand with platformization. For instance, embedding Precision AI across such platforms boosts threat detection and real-time response by combining AI in all its forms (i.e., Generative AI, machine learning, and deep learning) to predict and block attacks before they escalate. We also recently revealed Prisma AIRS, which enables partners to deploy AI confidently by detecting new AI agentic threats such as identity impersonation, memory manipulation and tool misuse. This reduces the risk of breaches, speeds up response times, and streamlines operations that can help partners deliver advanced security solutions to meet a wide range of customer needs.
The combination of platformization and AI integration delivers a powerful advantage for modern security. Organizations gain faster, more accurate threat detection, automated response, and simplified management–enabling scalable, intelligent protection that evolves with the threat landscape—empowering both customers and partners to stay ahead.
Lastly, where do you foresee the future of cybersecurity headed towards and will businesses, of all sizes, be able to cope with this?
The future of cybersecurity will be shaped by the increasing use of AI, both by attackers and defenders. As threat actors use AI to scale and automate their operations, organizations will need to adopt more proactive, intelligence-driven security models that can keep pace. With the adoption of more proactive security models like Zero Trust and increased collaboration through managed services, organizations of all sizes—not just large enterprises—can further build resilience against AI-driven threats with AI.
Businesses must go beyond traditional security measures by leveraging AI to train and deploy models capable of detecting cybersecurity risks before they cause any harm. Subsequently, businesses should also make it a habit to automate their security operations to enable real-time responses as well as monitoring AI usage, whether it’s from using third-party models or building AI models.
As digital transformation accelerates, a siloed approach will no longer be sufficient. With the integration of AI in a platformized approach, it not only allows for real-time threat identification but also provides more comprehensive and efficient data protection and privacy, critical for building long-term cyber resilience across organizations of all sizes.