“Attackers are moving faster and at greater scale than ever before. This report is a call to action for organizations to match that pace, with AI as a force multiplier for cyber defence,” said Laurent Gobbi, Partner, Global Head of Cyber & Tech Risk, KPMG.
Cybersecurity is entering an “AI versus AI” era, with companies increasingly deploying autonomous artificial intelligence systems to investigate, detect and respond to cyberattacks at machine speed as hackers themselves rapidly adopt AI-driven attack methods, according to a new World Economic Forum (WEF) white paper released in collaboration with KPMG.
Artificial intelligence is rapidly reshaping cybersecurity and is the biggest driver of change in the field, according to the report.
Some 94% of cyber leaders identify AI as a defining force and 77% of organizations already use it in their cyber operations.
“Adversaries are increasingly operating at machine speed, using AI to conduct reconnaissance of targets and vulnerabilities, generate malware, exploit code, evade detection and launch attacks at scale,” the report said.
The WEF report noted that what earlier required “weeks of effort can now be executed in minutes”, lowering technical barriers for cybercriminals and significantly increasing the scale of attacks.
To counter this shift, organizations are increasingly deploying AI-driven systems capable of autonomously analysing threats, investigating suspicious activity and recommending or triggering response actions in real time.
The AI and Cyber: Empowering Defenders report, developed in collaboration with KPMG, highlights measurable gains in cost reduction, response speed and resilience. While threat actors increasingly weaponize AI to automate deception, generate malware and scale attacks at machine speed, the report indicates that organizations deploying AI strategically are achieving significant advantages.
Organizations that extensively leverage AI in security reduce average breach costs by up to $1.9 million and shorten breach lifecycles by approximately 80 days.
“AI has the potential to shift the balance towards defenders,” said Akshay Joshi, Head of the Centre for Cybersecurity, World Economic Forum. “Organizations that treat it as a strategic capability, rather than a standalone tool, will be better placed to turn growing cyber risk into resilience and competitive advantage.”
Building on the Forum’s 2025 publication, Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards, the 2026 edition focuses on how organizations are deploying AI for defence in practice.
As enterprise attack surfaces expand to include hundreds of thousands of internet-facing assets, the scale and complexity of cyber risk are increasing significantly.
Among the examples featured, KPMG reports a 25% increase in operational efficiency in threat intelligence, Accenture cut security analysis time in more than 100,000 internet-facing sites from 15 minutes to under one minute, and IBM’s ATOM platform helps scale global 24×7 threat detection and response, automating more than 850 analyst hours a month and cutting end-to-end investigation time by 37%.
“Attackers are moving faster and at greater scale than ever before. This report is a call to action for organizations to match that pace, with AI as a force multiplier for cyber defence,” said Laurent Gobbi, Partner, Global Head of Cyber & Tech Risk, KPMG.
The report emphasizes that AI’s value in cybersecurity lies in augmenting human expertise, accelerating decisions and strengthening resilience, rather than automation alone. The report highlights that its impact depends on clear AI deployment strategy, rigorously tested use cases before scaling, and strong governance and human oversight from the outset.
The report draws on 20 real-world case studies and insights from one-on-one interviews and workshops conducted under the World Economic Forum’s Cyber Frontiers: AI & Cyber initiative, convening 105 representatives from 84 organizations across 15 industries.
As cyber risks become more complex, the report calls on business and government leaders to treat AI as a foundational security capability, investing not only in technology but also in the skills, processes and governance required to defend at machine speed.