Last month, New York police sounded the alarm on a new type of AI voice-cloning fraud: ‘grandparent scams’. In these, scammers extract short voice clips from platforms like TikTok or Instagram to mimic a young relative, then call elderly victims with urgent requests for thousands of dollars – typically framed as emergency bail or legal fees.
Scams like this often unravel when the target takes a moment to verify the story by calling the real family member or by speaking with a bank teller, who may question the withdrawal. These routine checks, while simple, have repeatedly proven more effective than any technical countermeasure in stopping even the most sophisticated synthetic voices. Indeed, consumer protection agencies now widely recommend second-channel verification for any sudden or emotionally charged request involving money.
Concern around AI threats has prompted an increasingly popular narrative that AI threats need to be fought with AI security solutions. However, upon closer inspection, this arms race analogy of duelling AI models quickly falls short. While AI provides huge promise to network defenders, we should not forget that we are already empowered to tackle AI threats. Rather than novel security solutions, protecting ourselves from AI threats often requires doubling down on security fundamentals.
Phishing at scale still dies on the login screen
A 2025 threat report by IT security company Barracuda estimates that a majority of global spam email – about 51% – is now generated with large language models. Crafting a polished lure is easier than ever, but would-be infiltrators still fail in the face of phishing-resistant multi-factor authentication. Microsoft data shows this single control blocks well over 99% of takeover attempts, regardless of whether the email was authored by GPT-4 or an actual employee.
Additionally, automatic detection of AI-written emails does not always require training a bigger model. Researchers have demonstrated that a lightweight stylometry classifier – essentially a machine learning tool that evaluates writing style patterns, such as verb tense, first-person pronoun usage, and clause density – identified GPT-generated spear-phishing messages with 96% accuracy, outperforming several commercial filters. Careful adjustment of existing content-inspection engines often outperforms headline-grabbing but opaque ‘AI versus AI’ add-ons.
Deepfakes at account opening
A 2024 US government alert warns that would-be customers of financial institutions are uploading AI-generated passports and video selfies so polished they fool unsupervised face-match engines. The list of solutions it issues is strikingly familiar: ask for a second, unrelated identity document; refuse pre-recorded videos; escalate to a human when the applicant hurries the verification process or resists a live call-back. Those measures work.
During a job interview, when a cybersecurity company founder asked a suspected deep-fake job candidate to wave his hand in front of his face, the impostor abruptly ended the call. The same pattern shows up in larger-scale frauds: in 2024 scammers tricked Arup Group, the global engineering-and-design consultancy behind projects such as the Sydney Opera House renovation, into wiring them about $25 million dollars – but only after a single finance clerk overrode Arup’s standard two-person confirmation rule.
Finance sector guidance now emphasises layering ordinary controls – multi-factor authentication, call-back routines, and device binding – above any AI driven ‘deepfake detector’. The Financial Services Information Sharing and Analysis Center (FS-ISAC), a global industry consortium for cybersecurity threat intelligence in finance, lists those basics first in its detection taxonomy, relegating specialist media forensics tools to a secondary role. The lesson is not that deepfakes are harmless; it is that most fail when institutions insist on the same diversified proof-of-identity they already required in the pre-AI era.
Closing the loop between discovery and patching
A University of Illinois team recently showed that teams of GPT-4 agents, with planning and delegation roles, can exploit previously unknown software vulnerabilities in a way that earlier AI agents could not. Other researchers have reported that GPT-4 generated useful ‘proof-of-fix’ unit tests for roughly two-thirds of real Java bugs in a dataset, cutting hours of manual work for developers. These results are exciting: they hint at build pipelines where AI flags and verifies many problems before code ever ships.
However, this promise becomes consequential only when discovery is followed by action. An analysis by cyber risk management company Bitsight of 1.4 million organisations found that the median known-exploited vulnerability sits unpatched for roughly 174 days, with 60% of fixes arriving after CISA’s mandated deadlines. Even for critical, internet-facing hosts, cybersecurity company Edgescan reports an average remediation lag of sixty-one days.
As with voice scams and deepfake frauds, AI advances matter less than action. Unless patch pipelines, maintenance windows, and accountability mechanisms accelerate to match AI’s new reconnaissance pace, the technology risks doing little more than lengthening the queue of overdue tickets. AI-driven bug hunting is a breakthrough – but only if organisations close the loop between ‘found’ and ‘fixed’.
Effectively evaluating AI for defence
None of this is to downplay the potential of AI in cyber defence. But that potential is precisely why we should move beyond the simplistic ‘AI-versus-AI’ framing. Too often, the value of defensive tools is measured by how well they counter hypothetical AI-generated attacks, rather than how effectively they address core, persistent security challenges. Treating AI in cyber security as an arms race narrows our focus to spectacle over substance.
Instead, we should assess AI tools by the practical value they add across the broader security landscape. That includes reducing manual toil in security operations centres, translating complex malware signatures or detection rules into plain English, or helping less experienced teams quickly understand and respond to threats. These are not flashy capabilities, but they solve real problems. And, crucially, their effectiveness has little to do with whether the threat originated from a language model.
Inflating defence with counter-AI performance fuels inflated marketing and misallocated budgets. Rather than chasing an endless duel of machine against machine, we should focus on what works: reinforcing the fundamentals. That is not just the simpler approach – it is the one that actually keeps us safe.
