Offensive cybersecurity experts have largely failed to integrate AI into their services, expressing significant reservations about its possible benefits, according to a new government study.
Back in December 2024, the Department for Science, Innovation and Technology (DSIT) commissioned Prism Infosec to research how red team specialists are integrating emerging technologies into their products and services.
It found that cloud adoption has had a far greater impact on the types of these services being offered than AI.
“Overwhelmingly, our interviews demonstrated the sector remains deeply skeptical of the promises of AI, considering many of its capabilities overstated and overused in products, creating a confused environment as to its true potential and capabilities,” the report noted.
“It was perceived that the most common use by threat actors for AI at this time was to deliver more sophisticated social engineering attacks. Aside from the ethical issues of such use, interviewees highlighted risks of data privacy, large costs, and the security of public models as reasons for hampering widescale adoption of the technology in their current offerings.”
Read more on AI adoption: Cyber AI Trends Review: Preparing for 2025
Respondents were hopeful that the situation will change in the future, as “more accessible models” hit the market. These should enable cybersecurity firms to host and tune them for use in commercial offerings as diverse as attack surface monitoring, vulnerability research and prioritization, the report noted.
“Until the technology reaches this level of maturity however, the red team element of the sector will continue to focus on the manual specialised human efforts for the delivery of commercial offensive cyber services,” it added.
Writing in Infosecurity as far back as 2023, Prism Infosec founder, Phil Robinson, claimed that AI could be a boon for red teamers – helping them not only with victim reconnaissance and developing evasion techniques, but also more mundane tasks like developing policy documents and bug reports for clients.
Respondents to Prism Infosec’s poll were similarly dismissive of quantum computing, arguing that the technology is still “too abstract and only viable for laboratory settings.”
The report added: “Instead, more effort was being focused on exploring environments that were previously considered to be too risky to test, such as those containing operational technology or automated vehicles, which includes land, air and sea assets alongside unmanned drones.”
