By 
Artificial intelligence (AI) is rapidly reshaping the cybersecurity landscape — offering both opportunities and escalating risks — according to Allan Juma, a cybersecurity engineer at ESET East Africa.
While AI-driven cybersecurity solutions are enhancing defense capabilities, cybercriminals are simultaneously exploiting the same technologies to launch increasingly sophisticated attacks. Juma emphasizes that the technology itself is neutral: “AI is not inherently good or bad. Its impact depends entirely on who controls it. In the hands of defenders, it bolsters protection against cyber threats. In the hands of malicious actors, it becomes a tool to exploit human vulnerabilities at scale.”
For African enterprises accelerating digital transformation, this dual nature of AI poses a unique challenge — particularly in terms of regulatory compliance and internal risk management. The growing reliance on digital systems has introduced new vulnerabilities that go beyond technical systems and extend to the human layer of cybersecurity.
One of the most concerning threats is AI-enhanced social engineering. Generative AI and large language models, such as ChatGPT, are being weaponized to craft highly convincing phishing messages that mimic trusted figures like executives or team members. These tools also enable multilingual capabilities, making it easier for attackers to breach language barriers and target smaller regions using local dialects.
Cybercriminals are also automating vulnerability assessments and compliance risk evaluations, accelerating the rate at which they identify and exploit weaknesses within an organization’s infrastructure. This includes hijacking internal accounts to disseminate phishing emails or deploying deepfake technology — AI-generated audio and video that impersonates company leadership — to deceive staff into making critical errors.
“Human error continues to be a leading cause of data breaches,” Juma notes. “Cybersecurity awareness training and compliance management systems are now more essential than ever. The lack of staff training is a major gap that criminals are eager to exploit.”
According to the Google Threat Intelligence Group, malicious actors are now using tools like Google’s Gemini AI for content creation, persona development, and outreach strategies. Their 2025 report on the adversarial misuse of generative AI highlights how translation, localization, and communication tactics are being fine-tuned to penetrate new markets more effectively.
Despite the risks, AI also provides powerful support for regulatory compliance monitoring and real-time threat detection. When implemented responsibly, it allows security teams to analyze behavioral patterns, predict cyber threats, and automate defensive responses — significantly reducing response times and limiting operational disruption.
“AI has long been a cornerstone in cybersecurity frameworks — even before it became a trending topic,” Juma explains. “The danger is in underestimating its potential for harm. Businesses must stay vigilant and integrate AI responsibly within their risk assessment and regulatory frameworks.”
With increasing incidents of AI-driven fraud detection failures and compliance breakdowns, the emphasis is now on fortifying human-centric strategies within Governance, Risk, and Compliance (GRC) ecosystems. Firms are encouraged to adopt robust compliance automation, invest in continuous compliance training, and deploy trusted compliance monitoring tools to secure their digital environments.
ESET, a leader in regulatory technology solutions, continues to deliver proactive digital security services aimed at preventing cyberattacks before they occur — reinforcing the urgent call for AI-enhanced yet human-aware cybersecurity approaches across Africa.
Comments