Key Takeaway: 90% of enterprises now use AI, but threat actors are weaponizing the same technology to launch unprecedented social engineering attacks.

At Panoramai's Swiss Generative AI Summit, Doron Bar Shalom from Microsoft Security's Global CTO Office delivered a stark reality check: « The signature is not relevant anymore » Traditional cybersecurity defenses are failing against AI-powered adversaries.

The New Attack Playbook

Modern threat actors use AI to:

• Harvest massive OSINT data from LinkedIn, GitHub, and corporate blogs

• Create « asymmetric advantage » over defenders through instant analysis

• Launch precision SPEAR phishing at scale with personalized messaging

Emerging Threats to Watch

Prompt Injection Evolution: Bar Shalom warns that multimodal AI creates new attack surfaces. « Someone can put a sticker in the road and... they are going to use it as a prompt injection »

MCP Security Gap: Model Control Protocol servers connecting AI to enterprise systems like SAP need comprehensive code auditing to prevent malicious backdoors.

Data Leakage Risk: Employees inadvertently sharing proprietary data through public AI tools like ChatGPT.

The Defense Response

Microsoft Security fights fire with fire, using AI for:

• Natural language SOC queries replacing complex KQL

• Adversarial AI testing: « We are using AI in order to attack our own products... in a protective way »

• Automated threat detection and response

Bottom Line for Swiss Enterprise

These threats are « not the future, it's happening right now » Swiss companies must develop comprehensive AI governance frameworks addressing both traditional cybersecurity and emerging AI-specific risks while maintaining European data protection compliance.

The window for proactive defense is closing fast.

📖 Full Keynote: Panoramai AI Security Report