Modern society and life are inextricably intertwined with digital technologies and depend on them to a large extent. A whole range of important systems are connected to computer and communication networks and the Internet: banking and financial systems, the state administration system, hospitals, schools and universities, transport infrastructure, industrial plants. The unstoppable process of digitalization brings numerous advantages: faster communication, wide availability of information, business automation and the development of the global economy. On the other hand, security risks are also growing in parallel with the rapid development of technology. One of the greatest threats to today’s modern society is cyber attacks. In them, attackers apply a number of sophisticated methods to steal confidential data, blackmail companies and organizations, spread disinformation or disrupt the operation of critical infrastructure. Data from numerous security agencies indicate that the frequency and complexity of cyber attacks are constantly increasing from year to year. Of particular concern is the fact that attacks are no longer directed at states or multinational companies, but schools, hospitals, small businesses and enterprises, and even individuals are increasingly becoming targets of attacks.

The basis for protecting computer and communication systems are traditional security tools, such as firewalls and classic antivirus programs. However, the development of new methods and forms of attack is increasingly showing their limitations. Automated tools, adaptive malicious programs and techniques used by attackers today successfully bypass classic protection methods. This is why the application of artificial intelligence (AI) is one of the key guidelines when it comes to further development in the field of modern cybersecurity. Artificial intelligence methods enable computer systems to quickly analyze huge amounts of data, recognize behavioral patterns and independently make certain decisions and conclusions. In the field of cybersecurity, this specifically means that the system can automatically recognize threats that a person might not even notice, and is able to react much faster than human administrators and adapt to new types of attacks.

Machine learning

In simple terms, the term artificial intelligence encompasses various methods by which computers simulate certain forms of human thinking and reasoning. One of the most important areas of AI is machine learning (ML), or the ability of a system to learn from data without explicitly programming each individual rule. In traditional programming, a person defines precise rules for the system’s behavior. For example, an antivirus program can be programmed to recognize a certain sequence of characters characteristic of a known virus. The problem arises when a completely new, previously unknown threat appears, for which we do not have a known “signature”. Machine learning works differently – in it, the algorithm is “trained” on a large amount of data and learns to distinguish normal from suspicious (malicious) behavior. After the training phase, the system is able to independently recognize anomalies and make assessments of possible threats. The role of so-called deep learning (DL), which uses neural networks inspired by the way the human brain works, is particularly important. Such models are able to analyze extremely complex patterns, such as user behavior in a network or the structure of malicious program code.

Evolution of cyber threats

To understand the importance of artificial intelligence in cybersecurity, it is necessary to understand the evolution of cyber threats. The first versions of computer viruses were relatively simple programming code that spread and distributed via portable media or electronic mail. Their behavior was mostly predictable. Modern threats and attacks are significantly more complex. Attackers use multi-phase strategies that include social engineering, exploiting system vulnerabilities, and hiding traces of their activities. Just some of the threats are:

• Ransomware attacks – malicious programs that encrypt data and the attacker demands a ransom
• Phishing attacks – fake messages and websites that aim to steal user data
• DDoS attacks – overloading a server with a large amount of network traffic, making it inaccessible to legitimate users
• APT attacks (Advanced Persistent Threats) – long-lasting and sophisticated attacks that require a high level of knowledge and resources, often associated with state actors
• Zero-day attacks – attacks that exploit vulnerabilities for which there is no security patch yet

Modern attackers use automated systems that allow them to scan millions of different devices in search of security vulnerabilities. High speeds and large amounts of data make it impossible for human administrators to effectively monitor and control the security status of the network. This is where the help of artificial intelligence becomes indispensable.

Anomaly detection and network traffic monitoring

Anomaly detection is one of the most important applications of AI in cybersecurity. In any computer system or network, various measurable parameters and patterns of normal behavior can be observed, such as the number of users, the amount of network traffic, the frequency of logins, and the mode of communication between devices. Machine learning algorithms analyze such patterns and create a model of the “normal” behavior of the system. Any deviation from the usual values ​​can be characterized by the system as a potential security threat. For example, if a company employee accesses the system from Osijek every day between 8 am and 4 pm, and the system suddenly records his login at night from a remote location, AI will automatically recognize this and characterize it as a potentially suspicious activity. The main purpose of such systems is the timely detection of theft of user accounts, unauthorized network access, the spread of malicious software, internal threats from employees (when they go beyond the scope of their defined authorities), and unusual data transfers. A great advantage of artificial intelligence in such situations is the ability to process large amounts of data in real time (millions of network events every second), which would be impossible for human administrators.

Artificial intelligence in antivirus protection

The classic approach to antivirus programs involves relying on up-to-date databases of known malware signatures and recognizing them based on overlaps with records in that database. This approach works well against previously known threats, although it is less effective against new and modified viruses that use advanced cloaking techniques. Therefore, the emphasis is no longer on searching for known signatures, but instead, active and systematic monitoring and analysis of program behavior is applied. This approach is actually possible thanks to artificial intelligence methods. If an application behaves suspiciously (for example, it tries to massively modify files, access sensitive data, hide its own processes, and establish network connections to suspicious destinations), the system will conclude that it is malicious activity (even if the specific malware was not previously known). This allows the detection of even polymorphic malware – that which changes its own code in each instance in order to avoid detection based on signature recognition.

Artificial intelligence in phishing prevention

Phishing is one of the most widespread forms of cybercrime today. The attacker’s goal is to deceive the user by sending fake messages that appear to the user to be legitimate communications – for example, with a well-known company, bank or government institution. Traditional email filtering approaches will very often fail to detect anything suspicious, since modern phishing attacks use very convincing language and professional design. Unfortunately, attackers also often resort to artificial intelligence tools when creating fake messages. On the other hand, from a defensive perspective, artificial intelligence enables advanced analysis of message content, grammar and spelling, sender reputation, link structure within the message, and user behavior. Machine learning systems will enable the recognition of even very subtle signs of fraud, which would easily be missed by a human observer (user or administrator).

Generative artificial intelligence – a new threat

The development of generative models, such as large language models (LLM), brings a new dimension to security challenges. Attackers are increasingly resorting to such models, which allow them to create highly convincing texts, images, and even voice and video recordings. Attackers use generative artificial intelligence to automatically write phishing messages, create fake identities, imitate the voices of real people, accelerate and facilitate the development of malicious software, and spread disinformation. For example, instead of a mass phishing campaign, an attacker can generate a personalized message containing information about a company employee collected from social networks. Such a message will look much more convincing than a generic message from a mass phishing campaign. A special category of problems is represented by deepfake technologies that enable the creation of fake voice messages and videos – there are already numerous recorded cases where attackers managed to deceive employees into making unwanted financial transfers by imitating the voice of a company director.

Automation of security operations

Large organizations receive a huge number of security alerts every day. Security analysts are overwhelmed by such volumes of data, which can easily result in missing important threats. Artificial intelligence can help by enabling the automation of the processes of filtering false alarms, classifying threats, and prioritizing incidents, and by providing the ability to automatically respond to attacks. For example, if a system detects ransomware activity (malicious software that encrypts a user’s data, most often with the aim of blackmailing and demanding a ransom), it can automatically isolate the infected computer, block network communication, back up critical data, and notify administrators of system events. This automation of security operations using artificial intelligence can significantly reduce response time, and thus potential damage.

Critical infrastructure protection

Critical infrastructure includes energy grids, water supply systems, hospitals, transport networks and telecommunications infrastructure. Attacks on such systems can have very serious consequences for the entire social community, and directly or indirectly endanger human lives. Artificial intelligence systems can be used to monitor industrial networks, detect sabotage, analyze sensor performance and predict failures, and protect autonomous systems. For example, in an electric power system, artificial intelligence can recognize unusual voltage changes that may indicate a possible cyber attack.

Limitations and ethical issues

The application of artificial intelligence in the field of cybersecurity brings numerous advantages. However, such systems are not perfect, and can also create certain problems: false positives, wrong assessments, discriminatory decisions and security failures. In the security sector, transparency in decision-making is extremely important, because organizations must know and understand exactly why a certain activity is marked as a threat. Therefore, a special problem is posed by “black box” deep learning models whose decisions are difficult to explain. It is also necessary to take into account that artificial intelligence models can also be the target of special attacks. Attackers are able to manipulate input data to deceive the algorithm and conceal malicious activities.

Conclusion and guidelines for future development

Artificial intelligence is now entering the field of cybersecurity as one of the most important tools. Its ability to analyze large amounts of data, recognize anomalies, and automate defense mechanisms enables more effective protection against sophisticated threats. It is expected that artificial intelligence will play an increasingly important role in digital defense in the future. Some areas that are particularly developing are: autonomous security systems, explainable AI (XAI), federated learning, quantum computing in security, and AI systems for predictive attack analysis. Future advanced security systems could independently predict attacks before they happen, analyzing the behavioral patterns of attackers around the world. However, most still believe that artificial intelligence will not replace security experts. Human intuition, ethical judgment, and strategic thinking will remain key elements of defense. At the same time, the development of artificial intelligence also opens up new questions related to privacy, transparency, and misuse of technology. Therefore, the future of security will depend not only on technological progress, but also on the responsible use of artificial intelligence. In the modern world, where digital threats are becoming increasingly complex and sophisticated, artificial intelligence is transforming from an auxiliary tool into the foundation of modern defense of digital society.

Literature:

1. Russel, S., Norvig, P. Artificial Intelligence: A modern Approach, Pearson, 2021.
2. Apruzzese, G. et al. The Role of Machine Learning in Cybersecurity, Digital Threats: Research and Practice, 2023.
3. Ferrag, M. A. et al. Generative AI in cybersecurity: A comprehensive review of LLM applications and vulnerabilities, Internet of Things and Cyber-Physical Systems, 2025.
4. Mohamed N., Artificial intelligence and machine learning in cybersecurity: a deep dive into state-of-the-art techniques and future paradigms, Knowledge and Information Systems, 2025.
5. Salem A. H. et al. Advancing cybersecurity: a comprehensive review of AI-driven detection techniques, Journal of Big Data, 2024.

Author
prof. dr. sc. Krešimir Grgić
Text is partially generated by artificial intelligence