AI for Defense, Intelligent Automation Against Cyber Threats

The rise of AI is making cyberattacks faster and more precise. For that reason, organizations like T-Systems are leveraging AI-assisted monitoring, automation, and human oversight to detect and respond to incidents in real time. Combining AI tools with skilled security teams is crucial for protecting digital assets and maintaining operational resilience as AI-driven attacks grow in sophistication.

"Adversaries now use AI and natural language processing to enhance the realism of attacks, including subtle language cues and sentiment analysis," said Edgar Flores, Offensive Security and Cyber Threat Intelligence Team Lead, T-Systems Mexico, during the Mexico Cybersecurity Summit 2025. 

AI-driven threats, says Flores, now encompass deep fakes, voice cloning, and CEO-targeted social engineering campaigns, often referred to as “CEO fraud” or Business Email Compromise attacks.

The integration of AI into cyberattacks has made threats more scalable, adaptive, and polymorphic. Attackers can now automate reconnaissance, build detailed digital profiles of organizations, and generate convincing phishing campaigns in minutes rather than days. Malware, once static, is increasingly capable of self-modification once deployed, adapting to evade traditional defenses such as endpoint detection and response (EDR) or extended detection and response (XDR) systems.

Rodrigo Renaud, Global Cyber Defense Manager, T-Systems Mexico, highlights that organizations must incorporate AI into their defensive strategies to match the speed and sophistication of AI-powered threats. T-Systems employs AI-assisted monitoring, threat detection, and incident response, while ensuring human oversight in critical decision-making. 

"We have developed independent AI data lakes that allow human analysts to maintain custody and validate investigations," says Renaud. This combination of AI and human expertise enables rapid identification of threats and timely response.

Automation is a key component of T-Systems’ cyber defense strategy. By consolidating multiple consoles into a single platform with 2,900 playbooks, the company can triage incidents in seconds, a process that previously took hours. This approach allows security teams to respond to threats in real time, minimizing operational disruptions and potential financial losses while maintaining compliance and continuity across production environments.

Flores and Renaud warn that Mexico recently became the most targeted country in Latin America for cyberattacks, surpassing Brazil. They stress the importance of implementing AI-assisted defenses alongside human expertise, including continuous monitoring, least-privilege access, comprehensive observability of AI systems, and rigorous incident response drills. These measures ensure organizations are not only prepared to detect threats but capable of mitigating them effectively.

Key performance indicators for AI-assisted cybersecurity include time to detect and respond, notification speed, and the effectiveness of automated remediation processes. Renaud and Flores emphasize that while AI enhances cyber defense capabilities, human expertise remains essential for validating threats, configuring responses, and conducting forensics.

Looking ahead, T-Systems anticipates that AI-driven cyberattacks will intensify in 2026 and 2027. Organizations that integrate AI tools with skilled security teams and robust processes will be better positioned to protect digital assets, prevent operational disruptions, and respond to increasingly complex threats.