Attackers aren’t standing still. They’re already using AI to scale their capabilities—creating polymorphic malware that evades traditional defenses and crafting phishing lures so convincing that even the most cautious users might click. These “Hacker GPTs” have lowered the barrier to entry, making sophisticated attacks accessible to anyone with the right prompt. The battle is no longer simply human versus human. It's now humans powered by AI against humans powered by AI. As we explored in our previous blog, adversaries have learned to industrialize AI for offensive purposes.
For defenders, that shift raises a pressing challenge: how do IT security teams at organizations keep pace when adversaries are turbocharging their operations with the latest AI tools? The answer is simple, but not easy. We have to upskill. Just as networking, encryption, and application security became table stakes for any professional in this field, AI literacy must now join that list. We can’t afford to treat AI as a side topic or a passing trend—it’s becoming a core competency for modern defenders.
Upskilling doesn’t mean becoming a machine learning researcher overnight. For security organizations, it starts with building AI literacy programs—training teams to understand how large language models work, where they excel, and where they fail, including issues like hallucinations and bias. From there, organizations should create hands-on labs and red team exercises where analysts use AI to simulate attacker behavior, generate phishing campaigns, or test defenses against polymorphic malware. Embedding AI into day-to-day workflows is just as critical: using assistants to summarize lengthy threat reports, automating triage of vulnerability disclosures, or applying AI-powered traffic analysis to detect anomalies at scale.
Radware’s own portfolio reflects this practical approach, with solutions like Bot Manager, which uses advanced machine learning to distinguish malicious automated traffic from legitimate users, and Web Application Firewall (WAF), which uniquely combines a traditional negative security model with an AI-powered, behavioral-based positive security model to protect against both known and unknown threats. Gaining hands-on exposure to these kinds of tools builds the trust and intuition security professionals need to know when to rely on AI—and when to override it.
Learning can’t stop there. AI security is evolving too quickly to treat it as one-time training. Conferences like AI Village at DEF CON, RSA, and Black Hat have already become hubs for adversarial AI research and defensive strategies. Broader AI events are equally valuable, offering a glimpse into the capabilities attackers may soon weaponize. Staying plugged into these conversations ensures defenders aren’t blindsided when those capabilities arrive on the offensive side.
Inside security teams, an interesting dynamic is playing out. Juniors often dive into AI experimentation without hesitation, uncovering new workflows and efficiencies. Seniors bring judgment and a broader context to validate those ideas and integrate them responsibly. CISOs, meanwhile, are tasked with channeling both energies into a cohesive strategy that balances innovation with risk management. The real power lies in combining all three, with AI acting as the multiplier that bridges curiosity, experience, and strategic oversight.
The bottom line is clear: waiting is not an option. Every day, attackers are learning how to bend AI to their advantage, and defenders must be just as proactive. By upskilling now—building AI literacy, practicing effective prompting, weaving tools into daily work, and embracing a culture of continuous learning—security teams can turn AI from a looming threat into a powerful ally. The organizations that act today will be the ones best equipped to meet tomorrow’s AI-powered attacks head-on.