The Evolving Role of Generative Artificial Intelligence in the Cyber Threat Landscape

The adoption of Generative Artificial Intelligence (GenAI) for malicious cyber activity is in a transitional period. Cyber threat actors (CTAs) are exploring incorporating GenAI into their campaigns while relying on more traditional tactics, techniques, and procedures (TTPs). The use of these platforms is growing, but widespread adoption is limited by technical barriers, defenses, and the proven effectiveness and reliability of more conventional attack methods. Network defenders are learning to leverage GenAI to improve detections, defeat existing attacks, and mitigate the spread of GenAI-enhanced attacks. The result is a race between network defenders and CTAs seeking to gain the upper hand in deploying GenAI.

As GenAI continues to grow and evolve, and as network defenders adapt to the new landscape, this transitional phase marks a critical juncture where CTAs are testing the potential of GenAI without fully pivoting from more conventional playbooks. Understanding the developments of this phase is essential for U.S. State, Local, Tribal, and Territorial (SLTT) governments to improve their defenses against future threats.