AI in Cybersecurity: Why Attackers Have the Upper Hand

In recent months, Microsoft, Google, and OpenAI have independently documented how attackers are deploying AI throughout the entire attack lifecycle. Microsoft measures click-through rates of around 54 percent on AI-generated phishing emails, compared with 12 percent for traditional campaigns. Google Threat Intelligence has observed how state actors from North Korea, Iran, China, and Russia use Gemini and other models for Reconnaissance, phishing, and Command-and-Control. OpenAI has disrupted more than 40 networks since February 2024 that abused its models for cybercrime, fraud, or disinformation operations. In Switzerland, the Federal Office for Cybersecurity (BACS) has been recording rising case numbers for years, driven mostly by phishing and CEO fraud.

These data points show the same pattern across providers. AI has moved from research into real attack operations and is lowering the entry barrier for complex campaigns. What used to be the preserve of state actors with large budgets is becoming cheap enough that criminals with much smaller resources can run similar operations. That shifts the risk calculus for Swiss SMEs as well. Anyone who used to fly under the radar because a tailored campaign wasn’t worth the effort now sits within reach of automated tools that have long been in use in criminal networks.

What has changed in AI?

Although the data from Microsoft, Google, and OpenAI is not Switzerland-specific, three trends are especially relevant for Swiss companies.

Phishing has become linguistically indistinguishable. The previously most reliable detection markers (clunky translations, wrong salutations, and generic openings) are gone. AI models write emails in the right tone, with reference to real projects and real people, and produce them at scale. Microsoft measures click-through rates of around 54 percent on AI-generated phishing emails, compared with around 12 percent for traditional campaigns.

Voice cloning makes social engineering by phone a standard technique. Until recently, Swiss phone-fraud waves relied mostly on automated recordings with a robotic English computer voice, often opening with the line “This is a call from the Swiss Police Department.” Even this easily detectable pattern generated around 22,000 reports to BACS in 2024 and damages of CHF 3.5 million. AI-powered voice cloning makes such attacks far more believable. An entrepreneur in the canton of Schwyz transferred several million Swiss francs to an account in Asia after cloned voices imitated a trusted business partner over the course of several weeks. Internationally, Arup lost USD 25 million in Hong Kong in 2024 to a deepfake video conference populated by fake colleagues.

Vulnerability discovery and exploitation are accelerating. Mandiant, the threat intelligence arm of Google Cloud, reports that for 2025, exploitation now begins on average seven days before a patch becomes available. Google identified malware families like PROMPTFLUX and PROMPTSTEAL for the first time in late 2025 that call out to LLMs at runtime to alter their own code or generate new functions on demand.

What do the Swiss numbers say?

Behind the BACS half-year reports sit trends that matter most to SMEs. Phishing and CEO-fraud reports keep rising. These are exactly the methods that benefit most from the AI shifts described above.

The mandatory reporting obligation for critical infrastructure, in force since 2025, creates the first binding data baseline. Banks, energy suppliers, and telecommunications companies have to report certain incidents to BACS within set deadlines. The first analyses point to a focus on the financial sector along with DDoS and hacking incidents as the largest categories.

FINMA reports a clear rise in cyber events in the Swiss financial sector from a regulatory perspective. Specific quarterly figures vary, but the broad trend has been pointing upward for three years.

Which security fundamentals should SMEs invest in now?

Behind this shift between offense and defense lies an asymmetry. Offensive tools can run with little integration work on any home computer. That makes things easier for cybercriminals. Defensive systems are expensive to deploy and have to run around the clock. This gap closes more slowly than new threats appear.

SMEs can build effective security fundamentals, in particular in four areas:

Manage passwords centrally. A password manager eliminates reuse, closes the credential stuffing gap, and gives leadership visibility over who has access to what. A comparison of the four main providers for SMEs in Switzerland lays out the differences in architecture and admin features.

Adopt phishing-resistant two-factor authentication. SMS-based 2FA can be bypassed via SIM swap. TOTP apps are vulnerable to real-time phishing proxies. FIDO2 hardware keys (YubiKey or Nitrokey) are the only widely available method that structurally removes the phishing risk, because they are bound to the domain and cannot be relayed.

Prioritize patch management. With vulnerability exploitation now starting around a week before a patch becomes available, patch management matters more than ever. The most important levers are automatic updates for operating systems, browsers, and critical software libraries.

Secure backups with an air gap. A ransomware infection encrypts synchronized cloud volumes along with everything else. Versioned backups on a separate account or on storage that isn’t permanently connected are the only reliable path to recovery.

Where do we go from here?

What’s been shifting in AI over the past few years is real and measurable. Panic is still out of place. The defensive logic stays structurally the same. It just becomes less forgiving. An SME that lived with three or four unpatched vulnerabilities now has to expect those gaps to be found faster. Anyone who has the fundamentals in place benefits from a much smaller attack surface. Anyone still at the start should begin with the most obvious of these four measures. The first step counts.