The growing prevalence of AI in both cyber-attacks and defenses has made these AI-powered technologies both a challenge and an opportunity for the CISO.

The cost of leveraging AI for cyber-attacks can range from a few hundred dollars for basic tools and services to tens of thousands or more for advanced, custom-developed attack systems.

On the other hand, the cost of defending against such AI-driven attacks with AI can range from $50 per user for basic security tools to several hundred thousand dollars annually for advanced enterprise-level security solutions, cloud protection, or 24/7 monitoring and threat intelligence services.

In the fast-evolving cybersecurity landscape, attackers have access to increasingly sophisticated AI-powered tools while defenders are also leveraging AI to stay ahead of evolving threats.

Still early days?

According to Lotem Finkelsteen, Head of Threat Intelligence, Check Point Research, AI is still very expensive today, and cost is a major barrier for both cybercriminals and defenders in fully leveraging the potential of AI.

But with the cyberthreat landscape shifting at an unprecedented pace, “this will not be the case in future,” he said in an exclusive interview with CybersecAsia. “AI will become more of a commodity, and we will see it becoming more popular among threat actors. Obviously, that will mean shorter time to exploit vulnerabilities, because they have more computational resources and intelligence.”

Finkelsteen added: “For instance, we are already hearing reports about how they are trying to hijack cloud accounts and run their own models over those hijacked accounts, to overcome this barrier of cost.”

Here’s another key development. In January 2025, DeepSeek published two new LLMs: DeepSeek V3 and DeepSeek R1. The interest surrounding these models is two-fold: first, they are open-source, meaning anyone can run these LLMs on their local machines and, second, they were reportedly trained using less-powerful hardware, a breakthrough in this space as it demonstrated that such models could be developed at a lower cost.

Distilled versions of DeepSeek R1 – which employs chain-of-thought (CoT) reasoning and a multitoken prediction (MTP) architecture on top of mixture-of-experts (MoE) and multi-head latent attention (MLA) techniques – are able to run on consumer-grade hardware.

“The introduction of models like DeepSeek means that the cost barrier, for both malicious and legitimate business intents, is being figured out,” Finkelsteen said. “Once they get there, generative AI will become a commodity, meaning that it will be available to more and more organizations that are not capable of utilizing it right now. I’m a true believer that it would help us to protect – but the threat actors will also embrace this for their own intentions.”

But he emphasized that there will be growing pains in this technology arms race, and many may drop out of the race. “Eventually we will be left with the few that will be sustainable, that will be safe, that will be effective.”

Preparing for the unknown

As digital infrastructures become increasingly hyperconnected and distributed, securing them demands an innovative, integrated approach. With AI powering future, more sophisticated threats,

In another exclusive interview, CTO of Check Point Software Technologies Dr Dorit Dor emphasized the importance of network mesh and AI in enhancing security.

While network mesh ensures consistent security across different network points, AI accelerates innovation in security solutions. “We believe that innovation is key for the future of security, and we think that AI gives us a perfect opportunity to innovate and bring new solutions to this space,” she said.

“We’ve been using AI for a long time; it’s not something new. But AI accelerates our ability to develop new stuff and gives us new technologies by which we could do stuff that we couldn’t do before.”

Dor highlighted the role of AI, including generative AI, in orchestrating security responses and improving communication with business owners. When managing and preparing for the unknown, “generative AI can enrich data and bring more industry data into the system, making it clearer what is bad.”

She added: “Generative AI can orchestrate missions, collect outcomes, refine missions, and perform autonomous actions, replacing SOC analysts. Generative AI can also communicate with business owners, summarize threat intelligence reports, and take actions based on these reports.”

She also stressed the importance of consolidation as a decision and strategy – not merely integrating tools and technologies – to reduce blind spots and bridge siloes, leveraging AI to automate connectors between solutions.

With new AI-driven attack surfaces such as data poisoning and deepfakes, CISOs are facing more complexity and chaos. In the unknown future, AI-powered attacks may occur faster than SOC analysts can read the alerts!

That’s the reason why we need AI and automation for adaptive defense. Operating at the edge of chaos, we need real consolidated and integrated platforms – powered by AI – to secure our hyperconnected business infrastructures.