Artificial Intelligence and Cybersecurity Balancing Risks and Rewards 2025

Endnotes 1. Federal Bureau of Investigation (FBI) San Francisco. (2024). FBI Warns of Increasing Threat of Cyber Criminals Utilizing Artificial Intelligence. https://www.fbi.gov/contact-us/field-offices/sanfrancisco/news/fbi-warns-of-increasing-threat-of- cyber-criminals-utilizing-artificial-intelligence; United Nations Office on Drugs and Crime. (2024). Transnational Organized Crime and the Convergence of Cyber-Enabled Fraud, Underground Banking and Technological Innovation in Southeast Asia: A Shifting Threat Landscape. https://www.unodc.org/roseap/uploads/documents/Publications/2024/TOC_Convergence_ Report_2024.pdf. 2. Heiding, F., Schneier, B. & Vishwanath, A. (2024). AI Will Increase the Quantity – and Quality – of Phishing Scams. Harvard Business Review. https://hbr.org/2024/05/ai-will-increase-the-quantity-and-quality-of-phishing-scams. 3. Cantos, M., Riddell, S. & Revelli, A. (2023). Threat Actors are Interested in Generative AI, but Use Remains Limited. Google Cloud. https://cloud.google.com/blog/topics/threat-intelligence/threat-actors-generative-ai-limited. 4. Fang, R. et al. (2024). Teams of LLM Agents can Exploit Zero-Day Vulnerabilities. Arxiv. https://arxiv.org/abs/2406.01637. 5. Oprea, A., Fordyce, A. & Andersen, H. (2024). Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. National Institute of Standards and Technology. https://www.nist.gov/publications/adversarial-machine- learning-taxonomy-and-terminology-attacks-and-mitigations. 6. Cantos, M. (2019). Breaking the Bank: Weakness in Financial AI Applications. Google Cloud Blog. https://cloud.google.com/blog/topics/threat-intelligence/breaking-bank-weakness-financial-ai-applications/. 7. World Economic Forum. (2024). Unlocking Value from Generative AI: Guidance for Responsible Transformation. https://www3.weforum.org/docs/WEF_Unlocking_Value_from_Generative_AI_2024.pdf. 8. MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS). (n.d.). Home. https://atlas.mitre.org/. 9. UK National Cyber Security Centre. (n.d.). The near-term impact of AI on the cyber threat. https://www.ncsc.gov.uk/report/ impact-of-ai-on-cyber-threat. 10. Government of Dubai. (n.d.). Dubai Electronic Security Center launches the Dubai AI Security Policy. https://www.desc.gov.ae/ dubai-electronic-security-center-launches-the-dubai-ai-security-policy/. 11. Cyber Security Agency of Singapore. (2024). Guidelines and Companion Guide on Securing AI Systems. https://www.csa.gov.sg/Tips-Resource/publications/2024/guidelines-on-securing-ai. 12. UK Department for Science, Innovation & Technology. (2024). Call for views on the Cyber Security of AI. https://www.gov.uk/government/calls-for-evidence/call-for-views-on-the-cyber-security-of-ai/call-for-views-on-the-cyber- security-of-ai. 13. Oprea, A., Fordyce, A. & Andersen, H. (2024). Adversarial Machine Learning: A Taxonomy and Terminology of Attacks and Mitigations. National Institute of Standards and Technology. https://www.nist.gov/publications/adversarial-machine- learning-taxonomy-and-terminology-attacks-and-mitigations. 14. Open Worldwide Application Security Process. (2024). AI Exchange. https://owaspai.org/. 15. AI Risk and Vulnerability Alliance. (2024). AI Vulnerability Database. https://avidml.org/; Organisation for Economic Co- operation and Development (OECD) Policy Observatory. (2024). OECD AI Incidents Monitor. https://oecd.ai/en/incidents- methodology; Open AI. (2024). Disrupting malicious uses of AI by state-affiliated threat actors. https://openai.com/index/ disrupting-malicious-uses-of-ai-by-state-affiliated-threat-actors/. 16. World Economic Forum. (2024). Presidio AI Framework: Towards Safe Generative AI Models. https://www3.weforum.org/ docs/WEF_Presidio_AI%20Framework_2024.pdf. 17. World Economic Forum. (2024). Unlocking Value from Generative AI: Guidance for Responsible Transformation. https://www3.weforum.org/docs/WEF_Unlocking_Value_from_Generative_AI_2024.pdf. 18. Axon, L. et al. (2019). Analysing cyber-insurance claims to design harm-propagation trees. https://ora.ox.ac.uk/objects/ uuid:496b5fb7-9da3-4305-a0b1-e4cbf0c41bfb/files/m75e3108c23c67618e62a642ac8c3f8f8. Artificial Intelligence and Cybersecurity: Balancing Risks and Rewards 27