AI is rapidly impacting many businesses across the spectrum, but while it brings advantages it also brings threats as cybercriminals are increasingly harnessing it, which means resellers need to help keep customers secure.
Artificial intelligence (AI) has begun to realise its potential in the past couple of years and is becoming an everyday part of many businesses as a tool to improve efficiency and productiveness. But with that has come threats as cybercriminals harness AI to create ever-more effective means of penetrating security defences. This is something that resellers must fight back against.
Dan Jones, senior security advisor at Tanium says that AI has fundamentally shifted the speed and sophistication of cyberthreats. “Malicious actors are now using generative AI to automate reconnaissance, craft highly deceptive phishing campaigns, and exploit zero-day vulnerabilities faster than traditional defences can respond,” he says.
“Since the launch of ChatGPT, phishing attacks have surged by 1,265%, with around 31,000 malicious emails sent every day. This scale and precision mean businesses can no longer rely solely on reactive measures. They must adopt proactive, predictive security strategies built on real-time visibility and autonomous defences.”
Attackers can use ChatGPT to debug and develop malware, spread misinformation, evade detection, and launch spear-phishing attacks, adds Richard Lindsay, principal advisory consultant at Orange Cyberdefense. “They can also create their own ‘dark LLMs’ trained specifically for fraudulent purposes,” he adds. “There’s also been a clear increase in malicious services supporting social-engineering activities like deepfakes, AI-powered phishing and AI-powered voice phishing – ‘vishing’.”
Niall McConachie, regional director (UK & Ireland) at Yubico, adds that organised crime gangs are increasingly turning to AI. “LLMs like ChatGPT make phishing emails virtually flawless, allowing attackers to automate targeted ‘spear-phishing’ attacks. As a result, cybercriminals require less skill to carry out successful attacks. This is especially common in today’s business landscape of geographically distributed workforces, where employees working from less secure networks and devices provide increased entry points for cybercriminals.”
Combatting AI threats
But while AI has changed the threat landscape, there are plenty of ways to fight back. “The best way to combat AI threats is to meet them head-on, fight AI with AI,” says Dan. “But at its heart, cybersecurity is a human issue. AI alone isn’t enough, the real frontline is made up of analysts, defenders and operators. To keep them combat-ready, organisations need platforms that maintain the digital estate autonomously, so people can focus on higher-value, human-in-the-loop operations. That means combining real-time endpoint visibility with autonomous detection and response, containing threats within seconds while enabling defenders to out-think attackers.
“Yet, according to McKinsey, only 38% of organisations are actively mitigating the risks of generative AI – a gap attackers are already exploiting. Pairing AI-powered automation with skilled human oversight helps close that gap and keeps defences evolving as fast as the threats. Done right, this approach transforms AI from a risk into a power business enabler.”
Richard agrees that the best way to defend against AI-driven threats is by using AI. “AI-powered detection and threat intelligence help security teams spot anomalies more quickly, prioritise real threats and act in real-time,” he adds. “When combined with automation and contextual intelligence, it enables business leaders to act decisively and reduce impact before threats grow.
“Being aware of how attackers are using AI in ransomware attacks is also crucial to adapting and testing defences. For example, regular employee training and communications should be informed by changing criminal techniques. Staff must be shown realistic examples of the risks they face, with simulated exercises creating awareness of how convincing AI‑assisted attacks can be.”
Ian Ashworth, senior director partners and alliances EMEA at Qualys, says that businesses should adopt a symmetric, AI-powered defence combined with a shift to proactive risk management. “Businesses must move beyond traditional, reactive security and deploy defensive AI tools that can operate at machine speed,” he explains. “Key capabilities include predictive intelligence to anticipate attacks, behavioural analysis to detect novel threats by spotting anomalies and automated response to contain breaches in seconds.
“This technological shift must be paired with an operational one: evolving from a reactive Security Operations Centre to a proactive Risk Operations Centre (ROC). This model unifies security data, prioritises vulnerabilities based on business impact, and communicates risk in financial terms.
“Finally, organisations must govern their own use of AI. This involves discovering and managing ‘Shadow AI’ to prevent employees from leaking sensitive data into public models and performing ‘AI-readiness’ assessments before deploying new tools. For businesses lacking resources, partnering with a managed ROC provider is the most effective path to achieving this resilient posture.”
Geert Busse, solution architect director, EMEA at Westcon-Comstor, says that organisations must adopt a layered, proactive strategy that combines advanced technology, resilient operations and human vigilance.
“This multi-pillar approach begins with deploying AI-driven security platforms that use machine learning to detect anomalies and automate responses, including endpoint and XDR solutions and intelligent phishing defences,” he says. “It also requires a shift toward cyber resilience, embedding incident response across the business and fostering collaboration through threat intelligence sharing.”
Niall says that businesses need to move away from insecure passwords and legacy multi-factor authentication to stronger, phishing-resistant technologies such as passkeys. “In their most secure form, passkeys are stored on a physical hardware security key and are resistant to phishing attacks, meaning they cannot be intercepted or stolen by remote attackers,” he says. “This is because rather than depending on something an employee has to remember – which can be forgotten, stolen, or phished – a passkey relies on something they have (the physical key), something they know (a PIN), and something that proves the identity of the user who is supposed to gain access (a physical touch of the key).
“Beyond the technology, businesses must implement a proactive, holistic strategy to develop ‘phishing-resistant users’ by removing all phishable events from the entire user lifecycle. This includes implementing phishing-resistant measures for registration, login and account recovery.”
Partnering with the right organisations that provide next-gen security and resilience capabilities, including resellers, distributors, MSPs and hyperscalers is also crucial, notes Jason Gerrard, senior director, sales engineering – channel, EMEA at Commvault.
“Additionally, adopting a Minimum Viable Company concept is essential to bolstering cyber resilience,” he adds. “This framework, which includes ascertaining in advance which systems are critical to business survival, and building readiness and recovery protocols around these, provides organisations with a greater chance of rapidly recovering from and surviving these attacks. Partners are critical to the equation, providing guidance to enterprises in evaluating and advancing this framework and related systems.”
Phil Skelton, international business director at eSentire, says organisations should start with visibility. “Inventory which AI services, models and plugins are in use; inspect firewall/CASB/SSE logs; and centralise usage through an API ‘LLM gateway’ so you can monitor, filter and audit prompts, responses, and tool calls. Build governance, not just tools,” he says.
Right solutions
For resellers, it is crucial to ensure they have the best solutions. For instance, they should focus on solutions that protect the customer’s data in transit, not just the network perimeter, according to Simon Pamplin, CTO at Certes.
“Regulatory fines, litigation and reputational damage can wipe out a customer, and by extension, the MSP relationship, overnight,” he says. “The ‘value add’ for MSPs isn’t another firewall; it’s a demonstrable ability to keep customer data safe even when the inevitable breach happens. By offering DPRM, MSPs can show they are safeguarding customer data against current and future threats, including those from AI and future quantum computing breakthroughs.”
Ian adds that resellers and MSPs must make a strategic shift away from selling siloed products towards delivering services through a unified, AI-powered platform. “Customers want security that works quietly in the background but acts decisively the moment a threat is detected,” he says. “For resellers and MSPs, this means choosing solutions that offer full visibility, cut through the noise of endless alerts and help security teams focus on the risks that truly matter. The most effective way to achieve this is by adopting a proactive, risk-based framework, such as a ROC.”
Richard says that MSPs and resellers must act as trusted advisors. “This means providing counsel on the AI threat and opportunity,” he explains. “For instance, while acknowledging how AI can help streamline workloads, it’s also important to educate customers on emerging risks like Shadow AI, the unauthorised use of generative AI tools by employees, is essential. There are two sides to every AI coin.
“MSPs and resellers should have honest conversations with customers about what support AI can provide when it comes to cybersecurity. The crucial point to emphasise is that AI is not a ‘silver bullet’ for cybersecurity. AI washing is rampant now, and there is a lot of pressure to invest in AI tools and solutions that come with the promise of guaranteeing companies’ security, when they simply don’t. Emphasising what AI can’t do, as much as what it can, should be part of the conversations MSPs and resellers are having with their customers.”
Priorities for resellers
Geert agrees that for resellers/MSPs, the priority is to educate customers on the nature of AI threats and guide them toward proactive, layered security strategies. “This means offering curated, interoperable, often multi-vendor platform solutions, staying ahead of threat trends, and partnering with vendors and distributors who provide strong enablement and support,” he says.
Simon adds that resellers should be clear to customers that AI increases the frequency and effectiveness of attacks. “The target is almost always the same: your data,” he adds. “Customers need to understand that AI-driven threats will bypass traditional defences faster than ever, so the real question is: when they get in, will they get anything useful? Data-centric protection in place ensures the answer is ‘no.’”
Tristan Shortland, chief technology officer at Infinity Group, says resellers need to get the fundamentals in place. “Without a unified approach to securing systems, data, devices and behaviour, businesses will be exposed to the most rudimentary attacks,” he says. “When it comes to AI, MSPs need to impress upon customers that the threat landscape is evolving faster than ever before, alongside AI innovation, which requires a level of understanding and agility in adapting to emerging attack vectors. An example might be increased diligence around end-of-life software, which will soon lose support from the vendor and ensuring these risks are fully incorporated into technology roadmaps.”
Continuing development
AI is still in its infancy, so will continue to develop, which means the cyberthreats posed by it to businesses will too, but so will defences against it. “AI will keep evolving, making adversaries more effective and their tactics more sophisticated, especially with tools like deepfakes and AI-assisted phishing, as demonstrated by groups like Scattered Spider,” says Richard. “On the defence side, AI will improve threat detection and drastically reduce response times. But technology alone isn’t enough – well-trained, observant employees remain a key line of defence.”
“In response, defence strategies will shift from reactive to preemptive, with Gartner predicting 75% of security solutions will incorporate such technologies by 2030. Security operations will evolve to a ‘human-in-the-loop’ model, where human experts supervise fleets of ‘AI analysts’ – specialised AI agents that handle the bulk of threat detection, hunting, and response. This escalating arms race will create a stark “digital divide,” making AI-driven cyber resilience a critical competitive advantage for businesses.”
Tristan notes that as AI tools become more accessible and powerful, malicious actors will harness them to automate attacks, identify vulnerabilities at scale and personalise social engineering tactics with unprecedented effectiveness. “Businesses can expect to see a rise in AI-driven malware, deepfake scams and complex phishing campaigns that are increasingly difficult to detect with traditional defences,” he adds.
Phil says that the organisations that stay ahead will be those that integrate AI into their security operations and strategic risk forecasting and planning. “We can expect more sophisticated social engineering by the cybercriminals and an increase in automated malware. We will also see AI exploits that weaponise data-poisoning and model-exfiltration,” he says.
