The advancement in Information technology brought about by Artificial Intelligence (AI) has changed the landscape of cybersecurity in today’s digital world. This has been evidenced in the number of ways in which AI has improved the foundational model guiding the policies and practices of securing information systems, which focuses on Confidentiality, Integrity, and Availability (commonly referred to as the CIA triad). Whereas the concept of confidentiality implies that information should only be received and accessed by the intended recipients, integrity ensures that the original information is not altered in any way, and availability ensures that authorised users of the information systems have reliable and timely access to systems and data.
Why the introduction of AI in cybersecurity?
As the digital frontier expands to ensure information and data are well-secured, cyber attackers have also stepped up their efforts. They are growing in their pursuit to counter some of the measures introduced by cybersecurity experts. As a result, cyber-attacks on systems information are increasing in volume, gradually making it challenging for cybersecurity experts to combat them. The introduction of the concept of AI has been a welcome development in curtailing the menace caused by cyber attackers, and AI-powered tools have greatly enhanced cybersecurity by enabling the rapid analysis of massive datasets, uncovering hidden threats, and responding to anomalies in real-time.
Challenges with AI introduction in cybersecurity
Despite the benefits, such as prompt threat detection and response, improved operational speed, and productivity enhancements, among others, that come with the introduction and deployment of AI, new challenges and risks, including bias, privacy concerns, and accountability issues, have also emerged.
Therefore, when deploying AI, there is a need to take cognisance of balancing not only the innovation that the AI contributes to the system but also the ethical and responsible governance in cybersecurity environments. To prevent misuse, AI in cybersecurity must operate within a well-defined ethical framework—one that addresses bias, ensures transparency in automated decisions, and establishes strong oversight mechanisms to identify and correct potential abuse or unintended consequences.
The need to comply with regulatory and governance frameworks
To ensure the responsible use of AI in cybersecurity, established regulatory and governance frameworks are mandated for organisations prior to, during, and after deploying AI technologies.
Some of these frameworks and their purposes are:
General data protection regulation (GDPR): This is a standard for the collection and processing of personal data, and it is aimed at giving individuals more control over their information and strengthening data protection. It applies to organisations and individuals in the UK and the European Union.
ISO/IEC 27001 and ISO/IEC 42001: While ISO/IEC 27001 is the standard for Information Security Management Systems (ISMS) to manage information security risks, ISO/IEC 42001:2023 is the standard for artificial intelligence management system (AIMS), which, offer guidelines for organisations to proactively manage AI risks, including bias, data security, and accountability.
NIST AI risk management framework: designed to better manage risks to individuals, organisations, and society associated with artificial intelligence (AI).
AI Act (EU): ensures AI safety and ethics through a risk-based framework, promoting innovation while protecting rights and transparency.
Organisations must ensure that their AI deployments align with these frameworks, as failure to do so will put them at risk of financial loss through fines and reputational damage.
Best practices for ethical AI implementation in cybersecurity
Ethical considerations in AI-powered cybersecurity are essential to ensure that technological advancements do not compromise human rights, privacy, fairness, or accountability.
Since AI deployment encompasses monitoring user behaviour, the limit of its infringement on the personal privacy of users should be carefully analysed before deployment. Therefore, organisations must ensure that surveillance practices are limited, transparent, within the scope of the information needs, and in conformity with legal and regulatory frameworks.
In addition, since AI technology deployment involves a process where machine learning training is involved, an improper input or coding of the training data could lead to distortion, leading to unfair or inaccurate cyber threat assessments. To minimise this risk of bias, there is a need for regular testing of the systems where AI technologies are deployed so as to promote fairness and desired output.
While AI tools offer positive benefits in enhancing cybersecurity, malicious actors often take advantage of exposed vulnerabilities by manipulating AI systems and launching sophisticated attacks on them. Therefore, organisations should avoid total reliance on AI models without human input, judgment, and oversight so that they can support them with further controls and continuous monitoring.
Lastly, to ensure accountability and responsibility, organisations should establish human oversight and a portfolio system where an individual would be responsible for the outcome of any AI model generation, as this will ensure that the appropriate ethical adoption of AI practices is in place.
The future of AI in cybersecurity
As cyber threats become increasingly complex, the future of cybersecurity will rely heavily on advanced AI technologies such as federated learning, quantum AI, AI-integrated zero-trust architectures, and automated compliance monitoring.
While these innovations promise greater efficiency and security, the deployment of AI must be established in compliance with ethical principles, thereby ensuring that fairness, privacy, trust, and transparency are central to their design and implementation.
Conclusion
Although AI has enormous potential to transform cybersecurity, it is essential to note that ethical responsibility should not be jeopardised or neglected. As a result, organisations who have deployed or are interested in deploying AI for their productivity, detection, and response to cyber-attacks must ensure that the concepts of fairness, privacy, Trust, and transparency are equally adopted and embedded into the AI solutions in conformity with global regulatory frameworks and standards.
In conclusion, while organisations and enterprises aspire to introduce AI innovation into their systems, the co-existence between the new technology and regulatory ethics must not be compromised.
About the author
Nathaniel Akande is a Cybersecurity Analyst with over 8 years of experience in threat intelligence, incident response, vulnerability management, risk compliance, and Quality assurance analyst in the Software Development Life Cycle process. He holds a Master’s Degree in Cybersecurity and is a PECB Certified ISO/IEC 27001 Lead Implementer. Adept at implementing data governance, identity and access management, and aligning operations with standards like GDPR, ISO 27001, and NIST. He is known for strong analytical skills, technical acumen, and a proactive approach to security operations and compliance.
