SUPPORT
Please Note:
The support ticket system is for technical questions and post-sale issues.
Â
If you have pre-sale questions please use our chat feature or email information@mile2.com .
AI as Risk and Weapon
Insights from Ray Friedman – Mile2 Webinar of September 4, 2025
The Rise of AI as Both Risk and Weapon in Cybersecurity
Raymond Friedman, PhD, Mile2 CEO
AI promises to strengthen cybersecurity, but the sword cuts both ways: malicious actors use AI just as effectively as defense specialists. Research indicates that 93% of cybersecurity stakeholders anticipate facing AI-driven attacks daily. This forces organizations to rethink their strategies, considering AI both as a risk and a potential weapon.
Â
Attackers utilize AI to identify vulnerabilities more quickly, generate automated phishing emails, and develop sophisticated malware. Simultaneously, AI can help defenders detect anomalies or automate repetitive tasks—but only if deployed carefully and securely. Cybersecurity professionals must understand this dual role of AI and employ strategies that address new AI-driven threats while optimizing AI for defense. Traditional principles, such as air-gapping, monitoring, and patch management, remain applicable and are complemented by leveraging the knowledge of AI, including machine learning models and data ethics.
Â
New Threats from AI: Deepfakes, Autonomous Attacks, and Nation-States
Deepfakes are among the most striking AI threats — hyper-realistic forgeries of images or audio. Unlike traditional phishing, which uses text, deepfakes mislead victims with fake audiovisual content. In 2019, fraudsters used AI-generated audio to mimic a CEO’s voice, convincing a UK director to transfer $243,000. During Russia’s 2022 invasion, a fake video showed Ukrainian President Zelensky calling for surrender—a fabricated AI deepfake intended to sow confusion. Beyond deepfakes, AI-generated malware is rising. Underground tools like WormGPT and FraudGPT—large language models without ethical restrictions—are sold on the dark web, enabling less skilled attackers to generate malicious code, phishing websites, and scams. Nation-states also exploit AI for propaganda, automated espionage, facial recognition to track dissidents, and cyberattacks on critical infrastructure. This scenario has created a new arms race where states invest in AI-cyberweapons while defenders must adopt AI to resist them. For cybersecurity professionals, this means threats are becoming more versatile and sophisticated. Phishing can originate from the voice of a known contact; malware can self-adapt; and disinformation can be automated on a mass scale. In response, organizational awareness and cybersecurity training are crucial for recognizing deepfakes, anticipating AI attacks, and refining response procedures.
AI Cybersecurity Playbook – Purpose, Structure, and Content
Raymond Friedman, CEO and President of mile2, has recently authored the AI Cybersecurity Playbook, a strategic guide for organizations to adopt AI securely and effectively. The playbook bridges traditional cybersecurity practices with the new demands posed by AI. It covers AI-driven threats, methods for using AI for defense (such as threat intelligence and anomaly detection), and governance & compliance guidelines. Significantly, it goes beyond technical tips, focusing also on embedding AI into company policy, establishing guidelines for ethical use, adapting incident response procedures, and training staff. A future key aspect of the playbook is Raymond’s Adaptive Cyber Resilience Policy Model (ACRPM), which considers human capital governance structures and translates its principles into practical models for policy and processes.
Â
Adaptive Cyber Resilience Policy Model (ACRPM)
The Adaptive Cyber Resilience Policy Model (ACRPM) integrates critical elements from three frameworks: the Socio-Technical Systems Theory, Risk Governance Framework, and Narrative Policy Framework. Friedman’s ACRPM is a proposed model that injects an adaptive, decentralized approach towards cybersecurity resilience. Instead of static policies that are updated annually, ACRPM promotes a dynamic, learning-based approach. Some key components of the ACRPM include continuous threat intelligence, adaptive measures and responses, AI integration in defense (under strict governance), firm-level management policy and compliance (e.g., EU AI Act), and ongoing education. ACRPM fosters a cyber-aware culture across departments—IT, HR, executives—so all employees can recognize and respond to evolving threats. For example, if an AI tool is discovered that can identify zero-day vulnerabilities, an ACRPM organization would immediately evaluate and adjust controls, rather than waiting for the following annual review. This approach ensures resilience, allowing for instant adaptation to emerging AI threats rather than being caught off guard.
Mile2's C)AICSO Certification: Certified AI Cybersecurity Officer
To train leaders for the AI era, Mile2 has recently launched the C)AICSO certification —a five-day program designed for CISOs, executives, and risk managers. The curriculum covers: leadership & governance, enterprise security architecture with AI, AI and biometric threat mitigation, national security implications, and board-level strategy. Each module mixes theory with practical case studies and scenarios—for example, detecting attacks on ML models or drafting AI incident response plans. Graduates are prepared to serve as AI Cybersecurity Officers, guiding organizations through AI-related security, strategy, and ethical challenges.
Proactive Policy Formation and Preparation: A Call from the CEO
CEO Raymond Friedman closed the webinar with a strong call to be proactive versus reactive. Waiting for incidents is not an option. He urged organizations to update policies, train teams, and invest in AI-capable defenses. Although AI is changing the landscape, there is still a window of opportunity to prepare before what has now become a certain yet sophisticated AI attack. Cybersecurity stakeholders who adapt proactively will lead in the AI-driven future.
Next Steps: Training and Development
Continuous cybersecurity cultural training is essential to apply these insights. Mile2 offers a robust line of cybersecurity certification programs that are centered on AI, as well as other unique disciplines, which deepen expertise, prepare teams for AI threats, and help organizations stay ahead of the ever-changing cyber threat landscape. With the quality certification training, effective governance framework implementation, and a proactive mindset, AI can become a tremendous ally rather than an uncontrollable enemy in the cybersecurity space.