New to ShortSpan? We distil the AI-security research that matters into practitioner takeaways — edited by Ben Williams (NCC Group). Get the weekly email
// Analysis

LLMs Tip the Scales: Attackers Automate, Defenders Lag

Enterprise
LLMs Tip the Scales: Attackers Automate, Defenders Lag

A new survey argues Large Language Models now industrialise both attack and defence. It cites LLM-assisted malware growing from about 2% of detections in 2021 to a projected 50% by 2025. Vendors embed models in CI/CD and app screening, but risks like prompt injection, poisoning and model extraction remain immaturely managed.

The security story around Large Language Models (LLMs) is not about sudden machine brilliance. It is about throughput. A new survey pulls together academic and industry work and estimates LLM-assisted malware jumped from roughly 2% of detections in 2021 to a projected 50% in 2025. If that trajectory holds, the centre of gravity has already moved.

Attackers are using generative tools to do the boring parts at machine speed: produce polymorphic code, rewrite loaders, alter control flow, and keep changing strings and structure until signature-based checks miss. The same models can be asked to reason about a target stack, propose likely weak points, and sketch exploit paths. None of this makes an operator smarter. It just lets an average operator try a hundred ideas before lunch and keep the two that work.

Social engineering benefits most from this scaling. Context-aware phishing that reflects local jargon, policy names, or vendor tooling reads like an insider wrote it. When you can customise tone and detail per inbox, at volume, you do not need perfect pretexting; you just need enough plausible hooks to net a few privileged clicks.

On the blue side, vendors are wiring LLMs into continuous integration and deployment pipelines and platform screening. The survey points to improved triage and fewer false positives when models apply semantic understanding of code and behaviour. That is progress, but it also centralises risk. An enterprise model that underpins code review, policy enforcement and app vetting becomes a single target. Prompt injection can bend it at inference time. Data poisoning in training or feedback loops can bias it in quieter ways. Model extraction threatens to clone capabilities defenders paid to build. Adversarial inputs can nudge classification without tripping alerts.

Explainability and privacy tooling exist, but the paper is blunt: they are essential and still immature at scale. Token-level salience maps and federated learning pipelines help with audit and compliance stories, yet they do not give you a verifiable account of why a specific detection flipped last Tuesday. Watermarking and cross-industry collaboration appear in the recommendations, useful but insufficient if your core control is a black box that can be steered.

Here is the uncomfortable read: the decisive change is speed and centralisation. Offence uses LLMs to flood the zone with variations. Defence concentrates decision-making into a few models. In that setup, the side that understands its own failure modes better will win more often. Today, that understanding still looks thin.

Additional analysis of the original ArXiv paper

📋 Original Paper Title and Abstract

Large Language Models (LLMs) and Generative AI in Cybersecurity and Privacy: A Survey of Dual-Use Risks, AI-Generated Malware, Explainability, and Defensive Strategies

Authors: Kiarash Ahi and Saeed Valizadeh
Large Language Models (LLMs) and generative AI (GenAI) systems, such as ChatGPT, Claude, Gemini, LLaMA, Copilot, Stable Diffusion by OpenAI, Anthropic, Google, Meta, Microsoft, Stability AI, respectively, are revolutionizing cybersecurity, enabling both automated defense and sophisticated attacks. These technologies power real-time threat detection, phishing defense, secure code generation, and vulnerability exploitation at unprecedented scales. Following a rapid surge where LLM-generated malware grew to account for an estimated 50% of detected threats by 2025, up from just 2% in 2021, navigating this highly automated threat landscape in 2026 demands next-generation security frameworks. This paper presents a comprehensive survey of the beneficial and malicious applications of LLMs in cybersecurity, including zero-day detection, DevSecOps, federated learning, synthetic content analysis, and explainable AI (XAI). Drawing on a review of over 70 academic papers, industry reports, and technical documents, this work synthesizes insights from real-world case studies across platforms like Google Play Protect, Microsoft Defender, Amazon Web Services (AWS), Apple App Store, OpenAI Plugin Stores, Hugging Face Spaces, and GitHub, alongside emerging initiatives like the SAFE Framework and AI-driven anomaly detection. We conclude with practical recommendations for responsible and transparent LLM deployment and trustworthy AI, including model watermarking, adversarial defense, and cross-industry collaboration, setting a new benchmark for rigorous, holistic cybersecurity research at the intersection of AI and threat defense, and offering a roadmap for secure, scalable LLM systems that serves as a critical reference for researchers, engineers, and security leaders navigating the complex challenges of AI-driven cybersecurity.

🔍 ShortSpan Analysis of the Paper

Problem

This survey examines how Large Language Models (LLMs) and generative AI reshape cybersecurity through a pronounced dual-use dynamic: the same models that enable automated defence, secure code generation and zero-day detection also empower attackers to create malware, sophisticated phishing and vulnerability exploits at scale. The paper highlights a rapid rise in AI-assisted threats, reporting LLM-generated malware increasing from about 2% of detected threats in 2021 to a projected 50% in 2025, and argues that this shift requires new defensive frameworks, governance and auditability to manage systemic risks.

Approach

The authors present a comprehensive literature and industry survey synthesising over 70 academic papers, reports and technical documents alongside real-world case studies from platforms such as Google Play Protect, Microsoft Security Copilot, Amazon Web Services, Apple App Store, OpenAI Plugin Stores, Hugging Face Spaces and GitHub. The review covers defensive applications (zero-day detection, DevSecOps, federated learning, explainable AI), offensive misuse (AI-generated malware, social engineering), governance initiatives and recommended controls including watermarking, adversarial defence and cross-industry collaboration.

Key Findings

  • Rapid growth of AI-enabled threats: industry data reviewed in the paper estimate LLM-assisted malware rose from roughly 2% of detections in 2021 to a projected 50% in 2025, indicating a paradigm shift in attack scalability.
  • LLMs strengthen detection and triage: fine-tuned LLMs and domain-specific variants outperform traditional static analysers on semantic code understanding and can improve zero-day vulnerability detection, triage speed and plausible exploit-path hypothesis generation.
  • Defensive integration at scale: major vendors are embedding LLMs into CI/CD and platform security workflows for real-time code scanning, policy enforcement and pre-deployment app screening, reducing false positives and time-to-detection in large ecosystems.
  • Democratisation of offensive capability: generative models lower the skill barrier for creating malware, polymorphic code and context-aware phishing, enabling non-experts to produce functional malicious artefacts rapidly.
  • Explainability and privacy are essential but immature: adapted XAI tools (for example token- and attention-based analyses) and federated learning pipelines show promise for auditability and GDPR-aligned deployment, yet scalable, verifiable explainability and privacy-preserving inference remain open challenges.
  • Systemic risks to defender models: LLMs used for defence face threats including data poisoning, model extraction, prompt injection and adversarial evasion, creating single points of failure if not properly secured and monitored.
  • Bias, scalability and compliance challenges: training data skew and regional regulatory differences can cause misclassification, higher false positive rates for underrepresented locales and operational overhead when deploying LLMs globally.

Limitations

The survey relies on heterogeneous sources including academic papers and industry reports, and notes scarcity of comprehensive public incident data on weaponised LLM usage. Benchmarks and standardised metrics for many security tasks remain limited, deployment studies often omit long-term robustness evaluation, and the black-box nature of large transformer models complicates causal attribution and compliance with transparency obligations.

Implications

Offensive security implications are significant: attackers can use LLMs to automate and scale malware creation, generate polymorphic code to evade signature detection, craft highly convincing spear-phishing at volume, discover and exploit zero-day vulnerabilities faster, and attempt to compromise defender models via poisoning, extraction or prompt injection. The democratization of capability means lower-skilled actors can mount sophisticated campaigns, and targeting of defender LLMs could create blind spots or backdoors that amplify adversary impact.

// Similar research

Related Research

Get the weekly digest

The few AI-security papers that matter, with the practitioner takeaway. No spam.