Cyber criminals now use AI to improvise their phishing attempts–by eliminating spelling and grammar errors and crafting more believable emails. Steve Ledzian, CTO, Google Cloud Security, JAPAC at Mandiant says security is always an arms race, with new defensive capabilities leading to new offensive ones. “But as of now, AI is helping defenders more than attackers,” he said in an interaction with TNIE.
Ledzian, who was in Bengaluru recently, said ransomware, in particular, can impact critical services. “Take healthcare—if hospitals are hit, ambulance services might have to divert, affecting patient safety. Or energy—like the ransomware attack on the US East Coast pipeline. These are not just financial issues; they affect society and national infrastructure. That’s why countries now equate these attacks to acts of war,” he said.
Talking about recent trends that they are noticing this year, especially in Asia, he said deepfakes used in business email compromise (BEC) attacks are notable. BEC doesn't involve malware—it’s social engineering. Attackers may hack a vendor, read email exchanges, then impersonate that vendor to redirect payment to a fraudulent bank account.
“Normally, finance teams call to verify such changes. Now, attackers are using deepfakes to impersonate the person being called. So, the callback validates against an AI-generated voice. A recent case in Hong Kong saw an attacker steal $25 million using this technique,” he said.
According to him, the most exciting development that he is witnessing is agentic AI. “We started with machine learning, then moved to generative AI. Now, agentic AI combines generative models with specialised agents that handle distinct tasks. In a SOC (Security Operations Centre), for example, you could have a triage agent, an investigation agent, and a response agent—all working in coordination. This orchestration gets us closer to the vision of a fully autonomous SOC”, he said.
The company has already launched its triage and malware analysis agents. “More agents are in development. Agentic AI can handle sophisticated tasks, from initial alert triage to investigation, response, and even detection engineering. Each stage can be assigned to a specialized agent, working in tandem. The result is a highly efficient and precise workflow,” he said.
“When people see what agentic AI can do—the end-to-end investigations, the automation—it’s jawdropping. And while still in progress, it’s already generating massive excitement in the cybersecurity community,” he said.
In cybersecurity, AI helps by making the existing security professionals more efficient. It allows them to do their jobs faster and more effectively. Ledzian said it also eliminates repetitive, manual tasks, allowing humans to focus on the last 20%, which involves decision-making and more interesting work. This helps with retention because analysts don’t get burned out. “You’re not stuck with SOC fatigue—endlessly clicking through alerts. AI can automate a lot of that work,” he said.