“It’s important for companies to look for these next-generation technologies to identify and prevent attacks using things like AI,” George Kurtz, CEO of cybersecurity company CrowdStrike, told Fortune.  

The number of cyberattacks in the U.S. hit an all-time high in 2023 with , according to the Identity Theft Resource Center, a nonprofit that educates the public about cybercrime. These breaches threaten businesses because they can shut down sales, destroy reputations, create legal headaches, and put individual customers in danger.  CrowdStrike monitors companies’ systems for hacking and blocks cyberattacks based on what it calls “indicators of attack,” or IOAs. These IOAs are sequences of events in a computer system that signal a breach might be taking place. For example, a signal may include a user downloading an online file and opening it, and then the file uploading code, erasing other computer files, and deleting their backups. Each of these actions alone might indicate normal computer use but together suggest something nefarious.  “There are only so many ways to rob a bank,” Kurtz said, comparing the methodology of hacking to another kind of crime. “You have to get in and get out. It doesn’t matter what shirt you’re wearing, or whether you have a gun or a knife.” 

Similarly, there are only so many ways to commit a cyberattack, and CrowdStrike dreams up new scenarios through IOAs and tries to stop them. Previously, CrowdStrike researchers and analysts would create these IOAs by hand, said chief technology officer Elia Zaitsev. They collected patterns of behavior on customers’ computer systems, read about new kinds of hacks, and came up with sequences of actions for their technology to look for. “It’s very time-consuming,” Zaitsev told Fortune. 

But in 2022, the company launched AI-powered IOAs. CrowdStrike’s AI systems can crawl through the trillions of data points from its customers—including Target, ona bet:Salesforce, Intel, and Wyoming’s state government—and suggest new pattern🎐s that may signal breaches.  

“It gets smarter as it goes through the data,” Kurtz said. “It finds more, and then it gets better, and then it finds more.” 

The AI-powered IOAs are also more effective than human-created sequences, Zaitsev added. “We have found that the AI-powered IOAs are better at catching the bad stuff but also less noisy in detecting benign things,” he told Fortune. 🐭“It’s giving us our cake and letting us eat it too.🍨”

Other cybersecurity companies are using AI in similar ways. Darktrace, a British cybersecurity company, uses AI to learn the intricacies of individual companies and identify when a user or device deviates from how they normally work, signaling a potential breach. Microsoft’s security business, called ona bet:Microsoft Defender for Endpoint, al🦋so uses AI to predict if devices are at risk🀅 for an attack and automatically increases security if it determines they are.  

While cybersecurity protections can help companies identify and stop attacks, they aren’t foolproof. Cyber experts are often left playing catch-up with bad actors who are constantly figuring out new techniques. Just as cyber companies are using AI to stop attacks, hackers are adopting it, and breaches are getting more sophisticated as a result. For example, AI can write a persuasive phishing email without the typos or format inconsistencies that may be a red flag to a target. It can also aid in of a family member, which can be used to ask for money over the phone. “AI is a wonderful tool for defenders,” said George Berg, associate professor and former chair of the information security department at the State University of New York at Albany. “But it is at least comparably effective for offenders.

“All an attacker needs is to find one weakness to access a system,” he told Fortune. “A defender has🌃 to find and block all of them. The advantage is with the att🦩acker.”

Hacking grunt work

Cyberattacks happen for many reasons. Nation-state groups may be looking to gather intelligence on specific companies. Last month, for example, a suspected Russian state-sponsored group ona bet:hacked into Microsoft a𝕴nd accessed corporate email🦩 accounts, looking for information related to the group itself, Microsoft said. 

Money is another motivator. Bad actors may break in, encrypt files, and demand ransom. In 2021, meat processor JBS to hackers after a breach, the U.S. division chief said at the time, that caused a daylong shutdown of all its U.S. beef plants and interruptions at poultry and pork operations. Hacking groups may also deface websites as a form of ဣactivism. Such was the case in 2020 when foreign hackers to express their anger after a U.S. airstrike killed an Iranian general. 

“For a nation-state attack, AI will help the hackers a little bit, but they already have people with insane skills,” Arthur Conklin, information security professor at the University of Houston, told Fortune. “For the peꦯople doing botnets and ransomware—the common criminals of the in🌳ternet—it will help them incredibly.”  

Hacking is a “long path with boring grunt work,” he said, including writing code and searching through data—tasks that AI can do with enough precision to be effective. Because AI supercharges and speeds up hacks, it wouldn’t be surprising to see an increased number of attacks in the future, Berg added.

Generative AI, too

Zaitsev of CrowdStrike acknowledges the difficulties. “It’s an arms race where you’re always a step behind the adversaries,” he said.  CrowdStrike has another AI product that is supposed to make it easier for both security professionals and employees with little technology experience to protect themselves and their companies. In addition to CrowdStrike’s AI-powered IOAs, the company last year introduced a generative AI chatbot called Charlotte AI that can answer questions from anyone using CrowdStrike security products about their individual systems, such as whether they are vulnerable to a specific kind of attack. It can also explain cybersecurity problems, like what a specific kind of malware is and how to avoid it. As a resource for an entire company, Charlotte can help onboard novice users and further train experienced ones, Zaitsev said.  It can also gather information and perform tasks for an IT department. For example, a user may enter a query, “Show me all failed log-in attempts from New York,” and the system will offer a list, giving security personnel the information they need to take further steps.  “Charlotte will be another leg of growth for us,” Kurtz said, adding that AI is at the core of what’s growing the company.