Rapid growth in AI-assisted software development (e.g., GitHub Copilot,Claude Code) and the buildout of AI infrastructure (data centers, cloud/edgeworkloads, and API ecosystems) are highly likely to increase both the volumeand the novelty of cybersecurity work. The driver is not “AI is insecure bydefault,” but that AI accelerates software delivery and infrastructure scalefaster than most organizations can proportionally expand secure engineeringcapacity, asset governance, and monitoring. Evidence from recent code-securityevaluations shows that AI-generated code frequently contains commonvulnerabilities (often aligning with OWASP categories), and human factorsresearch warns about over-reliance and misplaced confidence. Meanwhile,official energy and capacity analyses show fast-growing data-center demand—anindicator of expanding compute footprint—while cloud and API growth createsmore externally reachable surfaces. In parallel, practitioners andthreat-intelligence organizations report adversaries using generative AI as a forcemultiplier across the attack lifecycle. These trends are reflected inregulatory frameworks (EU AI Act cybersecurity obligations; NIST AI RMF + GenAIprofile; ISO/IEC 42001) and in market/workforce signals (BLS job-growthprojections, industry spend forecasts, and workforce studies highlighting AIand cloud as top skills gaps). [1]
The best available evidence suggests AI code assistants can raisesecurity risk through scale and process effects, even when vulnerability typeslook familiar.
First, multiple evaluations show that AI-generated code often failssecurity expectations on common categories. Veracode’s 2025 GenAI Code SecurityReport tested 100+ LLMs across multiple languages and reports that 45% ofcode samples failed security tests and introduced OWASP Top 10 vulnerabilities,with language-specific failure rates (e.g., Java higher than others) andfrequent failures such as XSS defenses. [2] A complementary “in-the-wild” study analyzing AI-attributed code inpublic GitHub repositories found 7,703 AI-attributed files andidentified 4,241 CWE instances across 77 vulnerability types usingCodeQL scanning—evidence that security issues appear at meaningful frequency inreal repositories, not only contrived prompts. [3] Earlier academic work on Copilot also raised the core concern thatmodels trained on large corpora of unvetted code can reproduce insecurepatterns, motivating systematic evaluation against high-risk CWEs. [4]
Second, AI shifts developer behavior and review dynamics. Developeradoption is now widespread: Stack Overflow’s 2025 survey reports 84% ofrespondents are using or planning to use AI tools in development, and 51%of professional developers use AI tools daily. [5] GitHub’s Octoverse reporting similarly indicates generative AI hasbecome “standard” in development, including very large numbers of publicrepositories using LLM SDKs and high pull-request volume. [6]
At the workflow level, GitHub research reports that code reviewswere completed 15% faster when reviewers used Copilot Chat in the studysetup, and that participants reported increased confidence in code quality. [7] Faster reviews are not inherently worse, but they change thethroughput/assurance tradeoff: in high-volume environments, “time-per-change”pressures can reduce deep security reasoning unless teams deliberately investin automated testing, secure-by-default patterns, and security gates. This riskis reinforced by human factors research warning that programmers can becomeover-reliant on AI code assistants and accept undetected errors. [8]
Third, AI assistants can amplify existing security debt. Snykdemonstrates how Copilot’s context mechanisms (e.g., using nearby open files)can replicate insecure patterns found in the local codebase, meaning insecurerepositories can become “teaching signals” that multiply repeatvulnerabilities. [9] GitHub’s own documentation emphasizes that Copilot Chat can help findcommon issues but should not be relied on for comprehensive securityanalysis, explicitly recommending code scanning for stronger assurance. [10]
AI’s infrastructure footprint is expanding quickly, and that expansionis tightly coupled to cybersecurity demand because it increases (a) the numberof systems to secure, (b) the number of trust boundaries, and (c) theconsequences of compromise (high-value data, GPU/compute capacity, and modelIP).
Data-center growth is a concrete indicator of the infrastructure surge.The IEA estimates global data-center electricity consumption at ~415 TWh(~1.5% of global electricity) in 2024, growing at ~12% per year over theprevious five years, and notes that AI is accelerating deployment ofhigh-power accelerated servers and increasing power density. [11] In the United States, DOE summarizes the Lawrence Berkeley NationalLaboratory report indicating data centers consumed ~4.4% of U.S. electricityin 2023 and could rise to ~6.7–12% by 2028, with electricity usageprojected to grow substantially (and AI cited as an important driver). [12]
Infrastructure expansion also appears in cloud and application layers.Recorded Future’s 2025 cloud defense landscape explicitly warns that as cloudservices and infrastructure grow, defenders face “mitigation challenges” due toan increased external attack surface and the need to keep pace with newservices to avoid configuration blind spots. [13] At the API layer, OWASP’s API Security Top 10 highlights that APIsexpose many endpoints (broad surface area), with common failures like brokenobject-level authorization and broken authentication creating systemic risk. [14]
A simple “attack surface growth” timeline is illustrated below using afew high-signal indicators (developer AI adoption, AI software proliferation,and compute footprint). [15]
AI introduces new failure modes and adversary objectives beyondtraditional web/app/cloud threats. OWASP’s Top 10 for LLM Applications codifiesseveral of these risks (prompt injection; insecure output handling; trainingdata poisoning; supply chain vulnerabilities; sensitive informationdisclosure). [16] NIST’s Adversarial Machine Learning taxonomy provides a life-cyclelens for attacks and mitigations across training, deployment, andoperations—useful for integrating AI security into existing risk management. [17] MITRE ATLAS provides a “MITRE-style” knowledge base of tactics andtechniques against AI-enabled systems, supporting threat modeling and testing. [18]
Prompt injection is one of the most prominent AI-specific threatsbecause it exploits the model’s instruction-following behavior rather than aclassic parser bug. A prompt-injection study on LLM-integrated applicationsreported testing 36 applications and finding 31 susceptible, withmultiple vendors validating findings—illustrating that prompt injection is notonly theoretical. [19] Closely related, “insecure output handling” (e.g., treating modeloutput as trusted commands/queries) can convert model text into code execution,data exfiltration, or workflow manipulation if outputs flow into tools withoutproper controls. [16]
Model poisoning and data integrity attacks target training andretrieval pipelines. OWASP explicitly lists training data poisoning as a toprisk, and U.S./allied agencies have issued practical guidance emphasizing datasupply chain risks, poisoned data, and data drift, recommending measures likeencryption, digital signatures, provenance tracking, secure storage, and trustinfrastructure. [20]
Data leakage risks arise in multiple ways: leakage of sensitiveprompts/context, retrieval-augmented generation (RAG) indexing sensitivedocuments, or membership inference/model extraction attacks that attempt torecover training data or model behavior. Recent work continues to documentmembership inference risks for fine-tuned LLMs and surveys model extractionattacks and defenses for LLM systems. [21]
Area
Traditional threat examples
AI-specific / AI-amplified threat examples
Defensive focus (traditional + AI-specific)
App & API layer
Injection, authz/authn failures, SSRF, broken access control [14]
Prompt injection; insecure output handling; “tool invocation” abuse (agentic workflows) [22]
Keep OWASP API controls; add prompt/input isolation, output validation, tool sandboxing, and allowlisted actions [23]
Data security
Data exfiltration, insecure storage, weak key mgmt
Training data leakage, RAG leakage, membership inference of training records [24]
Strong IAM + encryption; plus dataset provenance, privacy testing, and governance over model inputs/outputs [25]
Supply chain
Dependency compromise, CI/CD tampering, SBOM gaps
Model supply chain (weights, adapters), poisoned datasets, compromised model artifacts [20]
SSDF + artifact signing and provenance; secure model registries; reproducible pipelines [26]
Availability
DDoS, resource exhaustion
Model DoS / resource-heavy prompts; runaway agent loops [16]
Rate limits + quotas; cost controls; circuit breakers; monitoring for abnormal token/tool usage [23]
IP theft
Source code theft, secrets exposure
Model extraction and prompt/system prompt theft [27]
Traditional DLP + access controls; plus model API abuse detection and response shaping/throttling [28]
Threat intelligence reporting increasingly characterizes AI as tradecraft:not necessarily creating entirely new categories of intrusion, but reducingcost and skill barriers and increasing speed across the attack lifecycle.
Microsoft Threat Intelligence reports observing threat actors usinggenerative AI to draft phishing lures, translate content, summarize stolendata, generate/debug malware, and scaffold scripts or infrastructure—explicitlyframing AI as a “force multiplier” embedded into workflows. [29] Google’s Threat Intelligence reporting similarly describesgovernment-backed and criminal actors integrating and experimenting with AItools throughout the attack lifecycle. [30] OpenAI’s threat reporting emphasizes that actors often combine AI withother tools (websites, social media, etc.) rather than relying on AI alone,which aligns with the “acceleration” narrative: faster content creation, fasteriteration, and faster operational tempo. [31]
This matters for cybersecurity demand because defenders must respondnot only to more AI systems, but also to higher attack volume and improvedsocial engineering quality, greater automation in reconnaissance andscripting, and more rapid “adapt-test-repeat” loops that stress detection andresponse capacity. [32]
Regulation is increasingly encoding “AI must be secure” into complianceobligations. The EU AI Act (for high-risk AI systems) requires providers toachieve appropriate levels of accuracy, robustness, and cybersecurity acrossthe lifecycle, and to be resilient against attempts by unauthorized partiesto alter outputs/performance by exploiting vulnerabilities. [33] In parallel, the U.S. regulatory ecosystem is leaning onvoluntary-but-influential frameworks: NIST’s AI Risk Management Framework (AIRMF) is designed to help integrate trustworthiness into AIdesign/development/use, and NIST has published a Generative AI profile(NIST-AI-600-1) to address GenAI-specific risks. [34] Organizations are also adopting management-system approaches such asISO/IEC 42001 to formalize AI governance, risk management, and continualimprovement processes. [35]
On the market side, analyst forecasts explicitly tie security spendinggrowth to AI adoption. Gartner projected global information security end-userspending to grow in 2025 and stated that adoption of AI/GenAI is increasinginvestments in security software categories (application security, datasecurity/privacy, infrastructure protection), and even forecast that by 2027 amaterial fraction of cyberattacks will involve generative AI. [36] The World Economic Forum’s Global Cybersecurity Outlook 2026 reportsthat a large share of surveyed leaders view AI as a major driver ofcybersecurity change, and that AI-related vulnerabilities were widelyidentified as fast-growing cyber risks. [37]
Workforce signals point in the same direction. The U.S. Bureau of LaborStatistics projects 29% growth (2024–2034) for information securityanalysts—far faster than average—indicating sustained demand for cybersecuritylabor. [38] The 2025 ISC2 Workforce Study reports that skills shortagesoutweigh headcount shortages, and highlights AI and cloud securityamong the most pressing skills needs; it also notes that many professionalsexpect AI to create demand for new specialized skills and more strategicsecurity roles. [39]
Effective response requires treating “AI security” as an extensionof secure software + secure infrastructure + data governance, with severalAI-specific additions.
Organizations should harden the SDLC for AI-scale development byadopting NIST’s Secure Software Development Framework (SSDF) and its AI-focusedcommunity profile that augments SSDF practices for generative AI and foundationmodel development. [40] At minimum, treat AI-generated code as untrusted input toengineering: mandate code scanning and policy checks, and avoid relying onassistants as comprehensive security analyzers. [41]
For AI systems specifically, use the U.S./allied “Deploying AI SystemsSecurely” guidance as a baseline for secure deployment and operations(on-prem/private cloud), emphasizing that defenders must update AI systems asweaknesses are discovered and combine AI-specific with traditional IT bestpractices. [42] Implement AI data security controls consistent with the joint “AI DataSecurity” guidance: encrypt sensitive datasets, use digital signatures andprovenance tracking, secure storage, and establish trust infrastructure;explicitly manage data supply chain risk, poisoned data, and data drift. [43]
Security professionals should expand threat modeling and testing tocover AI-specific classes. Use OWASP’s LLM Top 10 to ensure coverage of promptinjection, insecure output handling, training data poisoning, and supply chainvulnerabilities, and map AI attack paths using MITRE ATLAS-style techniques. [44] For LLM-integrated applications, implement concrete guardrails:separate system prompts from user content; enforce strict tool allowlists;validate and constrain outputs before execution; rate-limit and monitortoken/tool usage; and isolate sensitive retrieval sources to preventprompt-based exfiltration. Evidence that many real LLM-integrated apps areprompt-injection susceptible raises the priority of these controls. [45]
Finally, lean into SOC automation carefully. The SANS SOC Survey 2025highlights widespread AI/ML tool use but also warns about lack of intentionalintegration and oversight—suggesting a near-term need for governance, standardoperating procedures, and measurement rather than ad hoc “shadow AI” inincident workflows. [46]
It is logical—and strongly supported by current evidence—to expect thatfaster AI-generated code production and rapidly expanding AI infrastructurewill increase cybersecurity demand. AI accelerates software andinfrastructure scale, introduces AI-specific threat classes (prompt injection,poisoning, model/data leakage), and simultaneously helps attackers operate moreefficiently. Regulatory regimes and industry frameworks are converging on“secure AI by design,” while workforce and spending signals show AI/cloudskills rising to the top of security priorities. The practical implication isclear: organizations should scale security engineering with automation andgovernance (SSDF + AI profiles, AI deployment/data security guidance, OWASPLLM/ API controls) and build AI-aware detection, response, and assurancepractices so that “speed” does not outrun “safety.” [47]
Key source URLs (clickable in most clients; also reflected incitations):
https://www.veracode.com/blog/genai-code-security-report/
https://link.springer.com/chapter/10.1007/978-981-95-3537-8_9
https://owasp.org/www-project-top-10-for-large-language-model-applications/
https://arxiv.org/abs/2306.05499
https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF
https://media.defense.gov/2025/May/22/2003720601/-1/-1/0/CSI_AI_DATA_SECURITY.PDF
https://www.iea.org/reports/energy-and-ai/energy-demand-from-ai
https://www.energy.gov/articles/doe-releases-new-report-evaluating-increase-electricity-demand-data-centers
https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/
https://openai.com/index/disrupting-malicious-ai-uses/
https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools/
https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-15
https://www.nist.gov/itl/ai-risk-management-framework
https://csrc.nist.gov/Projects/ssdf
https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
https://www.isc2.org/insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study
[1] [5] [15] AI | 2025 Stack OverflowDeveloper Survey
https://survey.stackoverflow.co/2025/ai/
[2] [47] Insights from 2025 GenAI Code Security Report
https://www.veracode.com/blog/genai-code-security-report/
[3] Security Vulnerabilities in AI-Generated Code: A Large-ScaleAnalysis of Public GitHub Repositories | Springer Nature Link
https://link.springer.com/chapter/10.1007/978-981-95-3537-8_9
[4] [2108.09293] Asleep at theKeyboard? Assessing the Security of GitHub Copilot's Code Contributions
https://arxiv.org/abs/2108.09293
[6] Octoverse: A new developer joins GitHub every second as AI leadsTypeScript to #1 - The GitHub Blog
https://github.blog/news-insights/octoverse/octoverse-a-new-developer-joins-github-every-second-as-ai-leads-typescript-to-1/
[7] Research: Quantifying GitHub Copilot’s impact on code quality - TheGitHub Blog
https://github.blog/news-insights/research/research-quantifying-github-copilots-impact-on-code-quality/
[8] Threats to scientific software from over-reliance on AI codeassistants | Nature Computational Science
https://www.nature.com/articles/s43588-025-00845-2
[9] Copilot amplifies insecure codebases by replicating vulnerabilities inyour projects | Snyk Labs
https://labs.snyk.io/resources/copilot-amplifies-insecure-codebases-by-replicating-vulnerabilities/
[10] [41] Finding existing vulnerabilities in code - GitHub Docs
https://docs.github.com/en/copilot/tutorials/copilot-chat-cookbook/analyze-security/find-vulnerabilities
[11] Energy demand from AI – Energy and AI – Analysis - IEA
https://www.iea.org/reports/energy-and-ai/energy-demand-from-ai
[12] DOE Releases New Report Evaluating Increase in Electricity Demand fromData Centers | Department of Energy
https://www.energy.gov/articles/doe-releases-new-report-evaluating-increase-electricity-demand-data-centers
[13] 2025 Cloud Threat Hunting and Defense Landscape
https://www.recordedfuture.com/research/2025-cloud-threat-hunting-defense-landscape
[14] OWASP Top 10 API Security Risks – 2023 - OWASP API Security Top 10
https://owasp.org/API-Security/editions/2023/en/0x11-t10/
[16] [20] [22] [23] [44] OWASP Top 10 for Large Language Model Applications | OWASP Foundation
https://owasp.org/www-project-top-10-for-large-language-model-applications/
[17] AI 100-2 E2025, AdversarialMachine Learning: A Taxonomy and Terminology of Attacks and Mitigations | CSRC
https://csrc.nist.gov/pubs/ai/100/2/e2025/final
[18] MITRE ATLAS™
https://atlas.mitre.org/?utm_source=chatgpt.com
[19] [45] [2306.05499] Prompt Injectionattack against LLM-integrated Applications
https://arxiv.org/abs/2306.05499
[21] [24] Membership Inference Attacks against Fine-tuned Large Language Models...
https://proceedings.neurips.cc/paper_files/paper/2024/hash/f36ad694188bb4c4bbbd61e2038e069e-Abstract-Conference.html?utm_source=chatgpt.com
[25] [43] media.defense.gov
https://media.defense.gov/2025/May/22/2003720601/-1/-1/0/CSI_AI_DATA_SECURITY.PDF
[26] [40] Secure Software DevelopmentFramework | CSRC
https://csrc.nist.gov/Projects/ssdf
[27] [28] A Survey on Model Extraction Attacks and Defenses for Large LanguageModels
https://arxiv.org/abs/2506.22521?utm_source=chatgpt.com
[29] [32] AI as tradecraft: How threat actors operationalize AI | MicrosoftSecurity Blog
https://www.microsoft.com/en-us/security/blog/2026/03/06/ai-as-tradecraft-how-threat-actors-operationalize-ai/
[30] GTIG AI Threat Tracker: Advances in Threat Actor Usage of AI Tools |Google Cloud Blog
https://cloud.google.com/blog/topics/threat-intelligence/threat-actor-usage-of-ai-tools/
[31] Disrupting malicious uses of AI | OpenAI
https://openai.com/index/disrupting-malicious-ai-uses/
[33] Article 15: Accuracy, robustness and cybersecurity | AI Act ServiceDesk
https://ai-act-service-desk.ec.europa.eu/en/ai-act/article-15
[34] AI Risk Management Framework | NIST
https://www.nist.gov/itl/ai-risk-management-framework
[35] ISO/IEC 42001:2023 - AImanagement systems
https://www.iso.org/standard/42001
[36] Gartner Forecasts Global Information Security Spending to Grow 15% in2025
https://www.gartner.com/en/newsroom/press-releases/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025
[37] 3. The trends reshaping cybersecurity - Global Cybersecurity Outlook2026 | World Economic Forum
https://www.weforum.org/publications/global-cybersecurity-outlook-2026/in-full/3-the-trends-reshaping-cybersecurity/
[38] Information Security Analysts :Occupational Outlook Handbook: : U.S. Bureau of Labor Statistics
https://www.bls.gov/ooh/computer-and-information-technology/information-security-analysts.htm
[39] 2025 ISC2 Cybersecurity Workforce Study
https://www.isc2.org/insights/2025/12/2025-ISC2-Cybersecurity-Workforce-Study
[42] media.defense.gov
https://media.defense.gov/2024/Apr/15/2003439257/-1/-1/0/CSI-DEPLOYING-AI-SYSTEMS-SECURELY.PDF
[46] elastic.co
https://www.elastic.co/pdf/sans-soc-survey-2025.pdf
