In-Depth

Fighting AI with AI: An Expert's Guide to Defending Against Intelligent Threats

• By David Ramel
• 06/17/2026

Cybersecurity consultant, instructor and conference speaker Sergey Chubarov used a June 17 presentation on "A Primer for Defending Against Intelligent Threats" to make a practical point about AI-era security: attackers may be moving faster, but defenders still have to start with visibility, identity, data governance and response discipline. One part of a 2-event summit titled, "Cybersecurity in the Age of AI," it is being made available for online replay thanks to the sponsor, Wiz.

Chubarov set up the broader problem. Generative AI, he said, is "cheap, multilingual, and tireless," while enterprises are shipping AI features faster than security teams can review them. He summarized the shift in four areas: speed, scale, believability and a new attack surface. Reconnaissance and lures can drop from days to minutes, one operator can run thousands of personalized campaigns, grammar and voice are no longer reliable warning signs, and an organization's own AI systems can become targets.

Chubarov also outlined the attacker's AI playbook: using large language models to crawl public sources for target dossiers, generating personalized spear-phishing messages, deploying voice or video deepfakes, using AI to refactor or obfuscate malware, and hiding prompt-injection content in documents, Web pages and emails.

That setup led into the main focus, where AI-assisted attacks intersect with deepfakes, synthetic identity, malware, prompt injection and AI agents with too much access.

Voice and Video Become Untrusted Channels
While discussing deepfakes and synthetic identity, he cited several examples, including deepfake finance scams, voice-clone attacks against IT help desks and synthetic candidates applying for remote jobs to gain insider access.

Chubarov said attackers can reuse available voice samples to impersonate a target. "Attackers have access to your examples of your voice, then they can mimic that and reuse it," he said.

For defenders, his guidance centered on liveness checks, code words for high-trust calls and recorded verification for wire transfers or access changes. The point was not limited to IT and security teams. Chubarov said business users with access to financial systems also need to understand that voice or video is no longer enough when a request involves money, credentials or sensitive access.

That made deepfakes a bridge into the larger theme of the session: trust decisions can no longer depend only on what people see, hear or receive in normal business workflows.

AI-Generated Malware Challenges Signature-Based Defenses
Chubarov then moved to AI-augmented malware. He listed auto-generated phishing kits, loaders and infostealers tailored per victim; polymorphic malware generated on demand; and large language model-generated scripts that can resemble normal administrative activity.

He connected malicious AI-generated code to the same pattern many developers already see with legitimate coding assistants: AI-generated code has improved over time and increasingly requires less debugging. In an attacker context, that matters because malware can be changed repeatedly, making static indicators less useful.

"AI can generate malware, and we should be ready for this fact that antivirus will not catch it," Chubarov said.

His recommended countermeasures included behavior-based endpoint detection and response, application allow-listing, signed-script enforcement and tighter control over administrative tools such as PowerShell, curl and wget. He summarized the conclusion directly: "Assume signature-only AV is already bypassed."

The Strongest Warning: Your AI Systems Are Now Targets
One especially interesting part of the session came when Chubarov turned from attackers using AI to attackers targeting AI systems themselves.

He examined prompt injection, sensitive data exposure, supply-chain risk, excessive agency, model theft and shadow AI. He distinguished between direct prompt injection, where a user explicitly attempts to override an AI system's instructions, and indirect prompt injection, where malicious instructions are hidden in material the system later reads, such as documents, emails or Web pages.

He also warned about poisoned models, compromised plug-ins, compromised container images and poisoned data sets. But the most operational risk he emphasized was the growth of AI agents with credentials and permissions that may be poorly tracked.

"Agents, we have too many agents," Chubarov said, adding that credentials can end up "everywhere" with excessive permissions and weak lifecycle oversight.

That point tied AI security to a familiar enterprise problem: identity sprawl. In Chubarov's framing, AI agents and service principals need to be treated as identities that require inventory, scoping, rotation and revocation, not as invisible background plumbing.

Identity Now Includes AI Agents
Chubarov summarized the response: assume the adversary is also using AI; treat identity as the perimeter for humans, services and AI agents; prioritize visibility before control; reduce blast radius; and use AI in the security operations center because human analysts alone cannot keep up.

He said AI security should not be viewed as a replacement for existing security programs, but as an extension of them. "We don't need to change completely all our protection, but we definitely need to extend it and keep AI in mind," he said.

Visibility was a recurring theme. Chubarov warned that AI agents can appear quickly and multiply across the environment, leaving organizations with identities whose access, ownership and lifecycle may not be clear. Removing those identities later can become difficult if teams do not know whether applications depend on them.

That is why he emphasized visibility before control. Organizations that wait until the number of agents grows may find it harder to untangle what each agent does, what data it can reach and what credentials it uses.

Four Pillars for AI-Era Defense
Chubarov organized the defender playbook into four pillars: identity, access and Zero Trust; data and model governance; cloud and AI security posture; and detection, response and fighting AI with AI.

The first pillar focused on phishing-resistant multifactor authentication, short-lived credentials, just-in-time access, continuous access evaluation and separated privileged-access pathways. Chubarov said privileged accounts should be separated from daily-driver accounts, including separate administrative workstations and access paths where appropriate.

The second pillar covered data and model governance. Chubarov discussed discovering and classifying sensitive data across cloud, Software as a Service and AI training stores; inventorying sanctioned and shadow AI use; setting guardrails around prompts and retrieval-augmented generation indexes; and blocking secrets from leaving the organization through AI assistants.

The third pillar focused on cloud and AI security posture, including Cloud-Native Application Protection Platform tooling and AI Security Posture Management. His deck emphasized correlating AI risk with cloud risk, including "toxic combinations" such as an exposed AI endpoint, an over-privileged identity and sensitive training data.

The fourth pillar focused on detection and response, including AI-assisted triage, summarization and investigation; behavior-based detection; AI-specific detection content; and tabletop exercises for scenarios such as a deepfake chief financial officer call, prompt injection through a customer ticket or a shadow-AI data leak.

During Q&A, Chubarov returned to that same idea when asked how teams with limited security staff can improve response time against intelligent threats. His answer was direct: "Use AI to fight AI."

He also said many vendor tools already include AI-assisted detection capabilities, but for organizations looking to start their own AI-assisted security work, incident response may be one of the easier entry points.

"One of the things could be incident response," he said, "where you can create agents that start to triage your alerts."

A 30/60/90-Day Plan
Chubarov's action-plan slide translated the discussion into staged recommendations.

For the first 30 days, the deck recommended inventorying sanctioned and shadow AI usage, enforcing phishing-resistant MFA on administrators, and requiring out-of-band verification for finance and help desk workflows. For days 31 through 60, it recommended rolling out cloud and AI security posture visibility, classifying sensitive data flowing into AI and running a deepfake or business email compromise tabletop exercise. For days 61 through 90, it recommended closing the top 10 toxic-combination attack paths, standing up AI-specific detection content and publishing an AI acceptable-use and review policy.

Chubarov acknowledged that the timeline may vary by organization, especially where tool selection, testing and budget approvals are involved. But he said organizations should at least begin moving in that direction.

For smaller organizations, he emphasized low-cost early steps. Asked what a small organization with a limited security team should do first, he pointed to FIDO keys for administrators and out-of-band verification policies for finance and help desk requests.

"Fido keys, they're not expensive to be fair," he said.

Prompt Injection Demos Show Agent Risk
Chubarov followed the action-plan section with demos that showed why AI agents create a different kind of security concern.

In one demo, he used Copilot in a browser to analyze the writing style of a LinkedIn post and generate a new post based on the same tone, sentence structure, vocabulary, formatting and personal style. He told attendees they could test the same idea against their own articles, LinkedIn posts or social content to see how well AI can mimic their writing.

In another demo, he showed an AI-enabled application acting as an agent that looked through a user's mailbox for travel information. A malicious instruction hidden in an email caused the agent to return directory information, depending on the permissions the agent had. Chubarov used the example to reinforce the risk of over-permissioned agents.

He also attempted a second prompt-injection-style demo using hidden text in a travel policy document. That demo did not return the expected result during the live session, but the attempted demonstration still reflected his larger warning: documents and emails can become attack paths when AI systems are instructed to read and act on them.

The Closing Message: AI Changes the Economics, Not the Basics
The Key Takeaways summarized the presentation in five points: AI changes the economics of attack but not the fundamentals; AI systems are now an attack surface; phishing-resistant MFA and out-of-band verification are high-return controls; defenders need a single view across cloud, identity, data and AI; and organizations should start with one pillar and one improvement.

The captured discussion supports that framing. Chubarov's most actionable guidance was not to replace existing security programs, but to extend them for an environment in which voice can be cloned, malware can be regenerated, business documents can carry hidden instructions and AI agents can hold credentials.

In that environment, the old security basics still matter. The difference is that identity now includes agents, visibility now includes AI usage and response planning now has to account for threats that move at AI speed.

And More
And, although replays are fine -- this was just today, after all, so timeliness is not an issue -- there are benefits of attending such summits and webcasts from Virtualization & Cloud Review and sister sites in person. One such benefit today was the giveaway of a $300 Target gift card thanks to the sponsor, Wiz, which also presented at the summit.

More important among these benefits is the ability to ask questions of the presenters, a rare chance to get one-on-one advice from bona fide subject matter experts. With all that in mind, here are some upcoming summits and webcasts coming up:

• Trust, Control & Security in the Age of Agentic AI Summit -- June 18, 2026
• Cloud Resilience & Recovery Summit: Protecting Data in the AI Era -- June 23, 2026
• 5 Smarter Ways to Run Modern Workloads—Without Losing Control in the Public Cloud -- June 25, 2026
• AI Attack Workshop: Get Ready for Instant Quarantine -- June 25, 2026
• Cisco Live 2026: Public Sector Takeaways -- June 26, 2026
• The Automated Safeguard: Elevating Disaster Recovery Through Guardium and AI -- June 29, 2026
• Modern Database Recovery Summit: Automation, Accuracy & Speed -- July 14, 2026
• End-to-End Attack Surface Management Strategies for Modern Enterprises Summit -- July 21, 2026
• Scaling the AI Factory: Overcoming the Infrastructure Bottlenecks of Enterprise Agentic AI -- July 22, 2026