{"id":6040,"date":"2025-12-09T09:38:54","date_gmt":"2025-12-09T09:38:54","guid":{"rendered":"https:\/\/evincedev.com\/blog\/?p=6040"},"modified":"2026-04-10T06:32:54","modified_gmt":"2026-04-10T06:32:54","slug":"how-artificial-intelligence-strengthens-cybersecurity-systems","status":"publish","type":"post","link":"https:\/\/evincedev.com\/blog\/how-artificial-intelligence-strengthens-cybersecurity-systems\/","title":{"rendered":"How Artificial Intelligence Strengthens Cybersecurity Systems"},"content":{"rendered":"<p><span style=\"font-weight: 400;\">Cybersecurity has always been an arms race. Defenders build controls, attackers find gaps, and the cycle repeats. What makes today different is the speed and scale at which that cycle is accelerating. Artificial intelligence is now influencing nearly every layer of security, from how we detect suspicious behavior to how criminals craft convincing phishing messages.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The impact of <strong>artificial intelligence<\/strong>\u00a0on cybersecurity is not one-directional. <\/span><b>AI-powered cybersecurity<\/b><span style=\"font-weight: 400;\"> helps teams detect threats faster, reduce alert fatigue, and respond more efficiently. At the same time, it gives adversaries new ways to automate attacks, impersonate real people using deepfakes, and build more evasive malware. Understanding both sides is essential for any organization building a modern security strategy.<\/span><\/p>\n<p><strong>Quick Stat:<\/strong><\/p>\n<blockquote><p><a href=\"https:\/\/www.gartner.com\/en\/newsroom\/press-releases\/2024-08-28-gartner-forecasts-global-information-security-spending-to-grow-15-percent-in-2025?\" target=\"_blank\" rel=\"nofollow\">Gartner<\/a> predicts that by 2027, 17% of cyberattacks will involve generative AI, which is why AI-driven threats are moving from \u201cemerging\u201d to \u201cexpected.\u201d<\/p><\/blockquote>\n<p><span style=\"font-weight: 400;\">This blog explores what AI in cybersecurity really means, the benefits it brings, the risks it introduces, how attackers are already using it, and how organizations can adopt it responsibly. The goal is not hype. The goal is clarity.<\/span><\/p>\n<h2>What Does \u201cAI in Cybersecurity\u201d Mean?<\/h2>\n<p>When people say \u201cAI in cybersecurity,\u201d they may be referring to multiple technologies, and it helps to separate them:<\/p>\n<ul>\n<li><strong>Machine Learning (ML):<\/strong> Models trained on data to identify patterns and make predictions. Example: learning what normal login behavior looks like and flagging unusual logins.<\/li>\n<li><strong>Deep Learning (DL):<\/strong> More complex ML models, often used for high-dimensional data like images, audio, and large-scale behavioral modeling. Example: analyzing endpoint telemetry for malware-like behavior.<\/li>\n<li><strong>Natural Language Processing (NLP):<\/strong> Understanding and classifying text. Example: scanning email content for phishing language patterns.<\/li>\n<li><strong>Generative AI (GenAI):<\/strong> Models that can create text, images, audio, code, and more. Example: summarizing incidents for analysts, or conversely, generating realistic phishing emails for attackers.<\/li>\n<\/ul>\n<p>Organizations exploring these capabilities often begin by implementing <a href=\"https:\/\/evincedev.com\/ai-iot-solutions\"><strong>AI development services<\/strong><\/a> that enhance detection, automation, and response across security workflows.<\/p>\n<p>In security operations, AI most often shows up as an added intelligence layer across existing systems:<\/p>\n<ul>\n<li><strong>SOC operations and SIEM:<\/strong> turning large volumes of logs into prioritized insights.<\/li>\n<li><strong>Endpoint security:<\/strong> detecting suspicious processes, lateral movement, and ransomware-like behavior.<\/li>\n<li><strong>Network security:<\/strong> spotting anomalous traffic patterns and command-and-control behavior.<\/li>\n<li><strong>Identity and access management (IAM):<\/strong> identifying risky authentication attempts.<\/li>\n<li><strong>Email and collaboration tools:<\/strong> detecting phishing, malicious links, and impersonation attempts.<\/li>\n<li><strong>Cloud security:<\/strong> finding misconfigurations, abnormal access, and risky workloads.<\/li>\n<\/ul>\n<p>AI does not replace the fundamentals. Strong identity controls, patching, segmentation, backups, and monitoring remain non-negotiable. AI-powered cybersecurity improves how quickly you notice problems and how effectively you respond.<\/p>\n<p><strong>Quick Stat:<\/strong><\/p>\n<blockquote><p>AI is not a technical upgrade; it&#8217;s an investment that can drive measurable business impact. Indeed, in <a href=\"https:\/\/www.ibm.com\/think\/insights\/cost-of-data-breaches-business-case-for-security-ai-automation?\" target=\"_blank\" rel=\"nofollow\">IBM&#8217;s Cost of a Data Breach Report 2024<\/a>, organizations that used AI and automation in security saw an average reduction in breach costs of $2.2 million compared with those that did not.<\/p><\/blockquote>\n<h2><span style=\"font-weight: 400;\">Why Traditional Cybersecurity Struggles Today<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Organizations do not lack security tools. They often lack time, attention, and energy.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Here are a few reasons security is harder now than it was even a few years ago:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Exploding data volumes:<\/b><span style=\"font-weight: 400;\"> Network logs, endpoint telemetry, cloud audit trails, SaaS logs, application logs, API traffic, and user behavior signals can overwhelm human teams.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Complex environments:<\/b><span style=\"font-weight: 400;\"> Hybrid infrastructure, remote work, multi-cloud setups, and third-party integrations create more entry points.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Alert fatigue:<\/b><span style=\"font-weight: 400;\"> Many security teams face thousands of alerts daily, and a high percentage are false positives or low-value noise.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Faster attacks:<\/b><span style=\"font-weight: 400;\"> Modern threats move quickly. The time between initial compromise and real damage can be short.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Targeted social engineering:<\/b><span style=\"font-weight: 400;\"> Attackers increasingly rely on manipulating humans rather than purely \u201chacking systems.\u201d<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">AI is attractive because it helps security teams manage complexity at the speed of modern threats, especially where humans alone cannot scale.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How AI Improves Cyber Defense?<\/span><\/h2>\n<h4>Threat Detection and Anomaly Detection<\/h4>\n<p><span style=\"font-weight: 400;\">Traditional detection relies heavily on known signatures or predefined rules. That works well for known threats, but it can fail when attackers change small details to avoid detection.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI adds a different capability: identifying <\/span><b>behavioral deviations<\/b><span style=\"font-weight: 400;\">.<\/span><\/p>\n<p><b>Examples:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A user who usually logs in from one region suddenly logs in from another region and downloads a large volume of sensitive files.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A server begins communicating with unusual external endpoints at odd hours.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">An endpoint process chain matches patterns commonly seen in malware execution, even if the exact file hash is new.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Anomaly detection is not magic. It depends on good baseline data. But when implemented well, it can help surface threats that rules miss.<\/span><\/p>\n<h4>Reducing Alert Noise and Improving Prioritization<\/h4>\n<p>A major promise of AI is not just detecting threats, but helping teams decide what matters.<\/p>\n<p>AI-driven prioritization may use:<\/p>\n<ul>\n<li>Asset criticality (Is this a domain controller or a test laptop?)<\/li>\n<li>User role and privileges (Is this an admin account?)<\/li>\n<li>Behavior history (Is this unusual for this user or system?)<\/li>\n<li>Threat intelligence context (Are these indicators linked to active campaigns?)<\/li>\n<li>Attack chain logic (Does this behavior resemble early steps in ransomware?)<\/li>\n<\/ul>\n<p>The result is better triage with fewer wasted cycles. Not fewer alerts, necessarily, but better-ranked alerts that lead analysts to the most likely issues first.<\/p>\n<h4>Automated Incident Response with Guardrails<\/h4>\n<p><span style=\"font-weight: 400;\">Security automation primarily happens through SOAR platforms and response playbooks. AI enhances it by speeding up decision-making and automating workflows.<\/span><\/p>\n<p><b>Practical examples:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automatic quarantining of an endpoint that exhibits strong ransomware signals.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Temporarily resetting an account session in cases of impossible travel detection or token abuse.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Blocking suspicious domains or IPs based on combined evidence from multiple data sources.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automatically collect the following endpoint artifacts on alert (process list, network connections, recent file events).<\/span><\/li>\n<\/ul>\n<h4>Predictive Security and Threat Intelligence<\/h4>\n<p><span style=\"font-weight: 400;\">AI can help identify patterns in threat data over time. It can correlate:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">recurring tactics and techniques,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">infrastructures used by attackers,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">sector-specific targeting,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">the \u201cshape\u201d of campaigns.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><b>This can be used to:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">anticipate which threats are most relevant to your organization,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">tighten controls around likely entry points,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">strengthen detections where you are most exposed.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Predictive does not mean certain. It means better-informed. The value is in shifting security from purely reactive to more proactive.<\/span><b><br \/>\n<\/b><\/p>\n<h4>Vulnerability Management: Prioritizing What to Fix<\/h4>\n<p><span style=\"font-weight: 400;\">Many organizations have more vulnerabilities than they can patch quickly. A raw list of CVEs is not useful unless it is prioritized based on real risk.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI-driven vulnerability prioritization can weigh:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">exploitability and known exploitation in the wild,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">exposure (internet-facing vs internal),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">asset importance,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">compensating controls,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">observed attacker behavior trends.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This helps teams answer the real question: \u201cWhat should we patch first to reduce risk the most?\u201d<\/span><\/p>\n<h4>Phishing, Fraud, and Social Engineering Detection<\/h4>\n<p><span style=\"font-weight: 400;\">Social engineering remains one of the most successful attack techniques. AI helps in two ways:<\/span><\/p>\n<p><b>Classifying content signals<\/b><b><br \/>\n<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">unusual wording patterns,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">risky attachments,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">lookalike domains,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">deceptive link structures,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">language similar to known phishing campaigns.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><b>Behavior-based signals<\/b><b><br \/>\n<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">unusual sender behavior,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">sudden spikes in outbound email volume,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">account activity inconsistent with regular patterns.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Together, these improve detection beyond static keyword filters.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Real-World Use Cases by Domain<\/span><\/h2>\n<h4>SOC Operations and Analyst Productivity<\/h4>\n<p><span style=\"font-weight: 400;\">Security teams often struggle with repetitive workflows: reading alerts, checking context, assembling evidence, writing incident notes, and communicating status.<\/span><\/p>\n<p><b>AI can help by:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">summarizing alerts into readable narratives,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">correlating related events into a single incident view,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">suggesting likely causes based on historical incident matches,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">guiding the next steps in the investigation,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">generating incident reports and stakeholder updates.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A useful mental model is \u201cAI as a SOC copilot.\u201d It can draft, summarize, and correlate. The most critical decisions still stay with humans.<\/span><\/p>\n<h4>Identity and Access Security<\/h4>\n<p><span style=\"font-weight: 400;\">Identity is now a primary battleground. If attackers steal credentials or tokens, they can bypass many controls.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI-driven identity risk detection can flag:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">anomalous logins (time, location, device fingerprint),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">suspicious token behavior,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">unusual privilege escalation,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">large, abnormal access to sensitive resources,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">access patterns that resemble compromised accounts.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This is especially powerful when paired with adaptive authentication, where higher-risk sign-ins require stronger verification.<\/span><\/p>\n<p><b>Endpoint and Ransomware Detection<\/b><\/p>\n<p><span style=\"font-weight: 400;\">Ransomware is not just about encrypting files. Before encryption, attackers often:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">gain persistence,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">disable backups,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">escalate privileges,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">move laterally,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">exfiltrate data.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">AI models trained on endpoint telemetry can detect these behaviors earlier, increasing the chance of containment before damage spreads. For many organizations, AI-powered cybersecurity at the endpoint and identity layers provides the biggest early wins by reducing dwell time and limiting the blast radius.<\/span><\/p>\n<h4>Cloud and SaaS Security<\/h4>\n<p><span style=\"font-weight: 400;\">Cloud environments generate detailed audit logs, but the signal-to-noise problem can be intense.\u00a0\u00a0\u00a0\u00a0\u00a0<\/span><\/p>\n<p><b>AI can help detect:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">unusual API calls,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">abnormal data access,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">anomalous creation of credentials or roles,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">suspicious changes to network rules,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">misconfigurations that dramatically raise exposure.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">In cloud environments, speed matters. Misconfiguration combined with automation can create fast-moving risk.<\/span><\/p>\n<div class=\"alert alert-info\"><strong>Also Read: <a href=\"https:\/\/evincedev.com\/blog\/ai-powered-cloud-computing-redefining-business-operations\/\">AI-Powered Cloud Computing and the Future of Business Operations<\/a><\/strong><\/div>\n<h4>Apps and APIs<\/h4>\n<p><span style=\"font-weight: 400;\">For organizations building digital products, applications, and APIs are core attack surfaces.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">AI can help with:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">bot detection and abuse monitoring,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">anomaly detection on API usage,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">spotting credential stuffing campaigns,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">identifying suspicious request patterns that indicate exploitation attempts.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This includes fraud and abuse prevention in addition to classic \u201ccybersecurity\u201d concerns.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How Attackers Use AI<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Defenders are not the only ones using AI. Attackers are increasingly adopting it because it reduces cost and increases scale.<\/span><\/p>\n<h4>AI-Generated Phishing at Scale<\/h4>\n<p><span style=\"font-weight: 400;\">The old signs of phishing were often obvious: poor grammar, generic greetings, and strange phrasing. Generative AI changes that.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Attackers can now generate:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">natural-sounding emails,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">messages tailored to a specific company tone,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">localized language that matches the region,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">variations that evade basic filters.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">They can also quickly produce A\/B variants: if one message gets blocked, generate ten more with different wording, structure, and deception style.<\/span><\/p>\n<h4>Deepfakes and Impersonation Fraud<\/h4>\n<p><span style=\"font-weight: 400;\">Deepfake audio and video enable new social engineering tactics, including:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">impersonating executives to request urgent payments,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">faking vendor calls to redirect invoices,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">staging \u201cvideo calls\u201d that look credible at first glance,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">manipulating employees into sharing credentials or approving access.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This pushes organizations toward stronger verification processes that do not rely solely on voice or video recognition.<\/span><\/p>\n<h4>Smarter Malware and Evasion<\/h4>\n<p><span style=\"font-weight: 400;\">AI can support attackers in:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">generating code variations to evade signatures,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">optimizing phishing landing pages and lures,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">automating reconnaissance and target selection,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">identifying weak points faster.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Not every attacker needs advanced AI expertise. Tools and kits are becoming more accessible, lowering the barrier to sophisticated campaigns.<\/span><\/p>\n<h4>Faster Reconnaissance and Targeting<\/h4>\n<p><span style=\"font-weight: 400;\">Attackers can use AI to:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">summarize exposed information about organizations,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">analyze public code repositories quickly for secrets,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">scan for exposed services and rank the best exploitation paths,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">tailor messages based on org charts and online footprints.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This makes targeted attacks more common, even for mid-sized organizations.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Realistic Examples: Two Micro-Scenarios You Can Learn From<\/span><\/h2>\n<h4>Scenario 1: GenAI phishing plus deepfake voice for payment approval<\/h4>\n<p><span style=\"font-weight: 400;\">The finance team member receives a sophisticated email, apparently from the senior leadership team, with accurate context and a request to approve an urgent vendor payment. Minutes later, the call arrives, and the voice sounds exactly like that leader, pushing for quick approval. The email is GenAI-written, and the voice is a deepfake designed to remove hesitation.<\/span><\/p>\n<p><b>What helps:<\/b><span style=\"font-weight: 400;\"> out-of-band verification for payments, two-person approvals, treating voice as non-proof, and AI-powered cybersecurity that correlates suspicious email, identity, and behavior signals.<\/span><\/p>\n<h4>Scenario 2: Cloud token theft triggering abnormal API activity<\/h4>\n<p><span style=\"font-weight: 400;\">A valid cloud access token is exposed through a leaked config or a compromised device. The attacker uses the token to make calls to cloud APIs, ranging from quiet resource discovery to unusual actions such as enumerating permissions, creating new keys, accessing unfamiliar storage, and pulling large amounts of data. Since the tokens have already been authenticated, most of the controls are bypassed by the attacker.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/p>\n<p><b>What helps:<\/b><span style=\"font-weight: 400;\"> anomaly detection for API usage, identity risk scoring, auto-revoking sessions, rotating credentials fast, and least-privilege access.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Risks and Challenges of Using AI in Security<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">AI improves security outcomes, but it also introduces new issues that security leaders must manage.<\/span><\/p>\n<p><b>Data Quality and Bias<\/b><\/p>\n<p><span style=\"font-weight: 400;\">AI models are shaped by the data they learn from. If the data is incomplete, biased, outdated, or mislabeled, the outputs can be unreliable.<\/span><\/p>\n<p><b>Common pitfalls:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">missing logs from key systems,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">inconsistent event formats across tools,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">poor labeling of incidents,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">skewed baselines due to seasonal business changes,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">overrepresentation of one type of threat.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Insufficient data leads to inaccurate decisions, even with a powerful model.<\/span><\/p>\n<h4>Model Drift and Changing Environments<\/h4>\n<p><span style=\"font-weight: 400;\">Security environments constantly change:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">new applications are deployed,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">users change behavior,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">cloud architectures evolve,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">attackers modify tactics.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Over time, models can become less accurate. This is called drift.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Practical consequence: a model that performed well in quarter one may generate noisy or inaccurate results by quarter three unless it is monitored, updated, and validated.<\/span><\/p>\n<h4>Explainability and Trust<\/h4>\n<p><span style=\"font-weight: 400;\">Security is high-stakes. When a model flags an event, analysts need to know why. If the \u201cwhy\u201d is unclear, it becomes harder to act confidently.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Explainability matters for:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">auditability and compliance,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">reducing false positives,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">building trust within the security team,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">communicating risk to leadership.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Not every model is explainable in the same way, but good tools provide evidence trails: key signals, correlated events, and the factors that influenced the risk score.<\/span><\/p>\n<h4>Adversarial Attacks Against Models<\/h4>\n<p><span style=\"font-weight: 400;\">Attackers can attempt to trick AI systems by:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">crafting inputs that evade detection,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">poisoning training data (in some contexts),<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">probing model behavior over time to learn how to bypass it.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">In simple terms, attackers can target not just your network, but your detection logic itself. This is why AI-based defense should not be a single point of failure.\u00a0\u00a0\u00a0<\/span><\/p>\n<h4>Over-Reliance on Automation<\/h4>\n<p><span style=\"font-weight: 400;\">Automation reduces response time, but it can also create:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">accidental lockouts of legitimate users,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">service disruptions if a critical system is isolated,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">missed nuance when a situation requires context.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The solution is not to avoid automation. The solution is to implement automation selectively, tied to confidence thresholds, and with clear rollback procedures.<\/span><\/p>\n<h4>Privacy and Compliance Concerns<\/h4>\n<p><span style=\"font-weight: 400;\">Security data often contains sensitive information, such as user behavior, access patterns, emails, and logs that can be tied to individuals.<\/span><\/p>\n<p><b>Organizations must consider:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">data minimization and retention,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">clearly defined access to security data,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">how employee monitoring is handled ethically,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">where AI processing occurs,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">whether the AI model sends data externally.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This is especially important when using generative AI tools that may process text, logs, or incident content.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Securing AI Systems: Protecting Models, Data, and AI Apps<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">As organizations adopt AI, they also create new systems that need protection.<\/span><\/p>\n<p><b>Security teams increasingly need to secure:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AI models,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">training datasets,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">inference pipelines,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">AI-enabled applications like chatbots, copilots, and agentic workflows.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><b>Common issues include:<\/b><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Sensitive data leakage:<\/b><span style=\"font-weight: 400;\"> prompts or outputs exposing confidential information.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Prompt injection:<\/b><span style=\"font-weight: 400;\"> malicious inputs that manipulate the AI&#8217;s behavior.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Abuse and policy bypass:<\/b><span style=\"font-weight: 400;\"> users pushing the model to do harmful tasks.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Supply chain risk:<\/b><span style=\"font-weight: 400;\"> third-party models, libraries, and dependencies.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">A good strategy treats AI systems like any other high-value application: apply strong access control, logging, secrets management, testing, and monitoring.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Governance and Strategic Implementation: How to Adopt AI Safely<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Successful AI adoption in cybersecurity is not about buying a tool. It is about running a program.<\/span><\/p>\n<h4>Human-in-the-Loop by Design<\/h4>\n<p><span style=\"font-weight: 400;\">A practical approach:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Automate low-risk and high-confidence actions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Require human approval for disruptive actions.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Make it easy to review evidence around AI decisions.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">This builds trust and reduces operational risk.<\/span><\/p>\n<h4>Start With High-Impact Use Cases<\/h4>\n<p><span style=\"font-weight: 400;\">Good initial use cases:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">alert deduplication and prioritization,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">phishing classification support,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">endpoint suspicious behavior correlation,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">identity risk scoring,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">incident summarization and report drafting.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">These deliver value without fully handing over control.<\/span><\/p>\n<h4>Build a Strong Data Foundation<\/h4>\n<p><span style=\"font-weight: 400;\">Before \u201cAI transformation,\u201d focus on:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">consistent logging across critical systems,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">normalized event formats,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">clean asset inventories,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">well-defined identity data,<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">reliable incident labels for learning.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">If the data foundation is weak, AI will amplify confusion rather than clarity.<\/span><\/p>\n<h4>Establish Policies for Generative AI in Security<\/h4>\n<p><span style=\"font-weight: 400;\">Define what is allowed and what is not, for example:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Can analysts paste raw logs into an external assistant?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Can incident reports be generated automatically?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">What redaction rules apply to sensitive content?<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Which tools are approved and which are blocked<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The policy should be practical, not just restrictive. Security teams will use what makes them faster unless safe alternatives exist.<\/span><\/p>\n<h4>Measure Outcomes, Not Just Adopt (MTTD)<\/h4>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Mean Time to Respond (MTTR)<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">False positive rates<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Analyst time saved in investigations<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Number of incidents contained before escalation<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Phishing click rates and reporting rates<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Patch prioritization effectiveness<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">Your AI program should be treated as a performance lever with measurable impact. This is where <\/span><b>AI-powered cybersecurity<\/b><span style=\"font-weight: 400;\"> becomes tangible, not theoretical.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">The Future of AI in Cybersecurity<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The next stage of this shift will likely include:<\/span><\/p>\n<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>More autonomous detection and response:<\/b><span style=\"font-weight: 400;\"> AI that not only flags threats but orchestrates multi-step containment actions, still with clear safeguards.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Wider use of security copilots:<\/b><span style=\"font-weight: 400;\"> tools that help security teams search, summarize, correlate, and communicate faster.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>More AI-driven attacker behavior:<\/b><span style=\"font-weight: 400;\"> increasingly targeted social engineering, automated recon, and faster exploit adaptation.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><b>Stronger focus on AI security standards and governance:<\/b><span style=\"font-weight: 400;\"> as organizations recognize that AI itself can be exploited and must be secured like infrastructure.<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">The broader trend is simple: AI will raise the baseline capability on both sides. Organizations that treat AI as a tactical add-on will be outpaced by those who treat it as a strategic foundation with governance.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Conclusion<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Cybersecurity has always been an arms race, and it is accelerating as organizations adopt cloud, modern apps, and always-on digital operations. Attackers are moving faster, too, using automation and social engineering to exploit both systems and people. This is where AI is starting to reshape the security landscape.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The impact is two-sided. An <\/span><b>AI-powered cybersecurity<\/b><span style=\"font-weight: 400;\"> solution can improve detection, reduce alert noise, and speed up response times. At the same time, attackers use AI to generate convincing phishing, automate targeting, and even impersonate trusted voices with deepfakes. At <strong>EvinceDev<\/strong>, our digital transformation services help businesses adopt AI securely, ensuring cybersecurity evolves alongside <a href=\"https:\/\/evincedev.com\/product-development\"><strong>modern product development<\/strong><\/a>.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">In this blog, we break down what AI in cybersecurity really means, the major benefits, the key risks, and how organizations can adopt AI responsibly with the right mix of automation and human oversight.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity has always been an arms race. Defenders build controls, attackers find gaps, and the cycle repeats. What makes today different is the speed and scale at which that cycle is accelerating. Artificial intelligence is now influencing nearly every layer of security, from how we detect suspicious behavior to how criminals craft convincing phishing messages. [&hellip;]<\/p>\n","protected":false},"author":15,"featured_media":6047,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[1364,1289,78,618],"tags":[1211,1496,1497,1498],"acf":{"question_and_answers":null,"key_takeaways":[{"takeaway_item":"AI Driven Security: AI is reshaping cybersecurity with faster threat detection, smarter automation, and stronger defense against evolving digital attacks."},{"takeaway_item":"Faster Cyber Defense: AI-powered cybersecurity reduces breach risks, cuts alert noise, and helps teams respond faster to modern, AI-driven cyber threats."},{"takeaway_item":"Early Threat Finder: Generative AI boosts cybersecurity by identifying anomalies early, automating responses, and uncovering threats humans miss."},{"takeaway_item":"Advanced Threat Guard: Cyber attackers now use AI too, making AI-driven defense essential for detecting phishing, deepfakes, and advanced malware."},{"takeaway_item":"Predictive Security: AI and GEO improve cybersecurity visibility, helping organizations predict attacks, prioritize vulnerabilities, and protect critical systems."}]},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/posts\/6040"}],"collection":[{"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/users\/15"}],"replies":[{"embeddable":true,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/comments?post=6040"}],"version-history":[{"count":0,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/posts\/6040\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/media\/6047"}],"wp:attachment":[{"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/media?parent=6040"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/categories?post=6040"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/evincedev.com\/blog\/wp-json\/wp\/v2\/tags?post=6040"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}