AI vs. AI: The arms race for security
By Kriti Gupta and Daniel Rouke
It’s become a familiar pattern: A new artificial intelligence (AI) model proves it can do a human task. (Or someone suggests it can.) Suddenly, it’s assumed that progress now will make jobs obsolete later. Investors panic. The sector in question sells off. And suddenly, current cash flow and fundamentals don’t matter. The fear of whether an industry will exist in two years takes over. The extrapolation turns into hysteria. Cue the broad-based selling. Then, it happens all over again.
In the face of AI jitters, there is a corner of the market that has been swept up in indiscriminate selling: cybersecurity. If AI aids with efficiency in a traditional office function to the point of making human tasks redundant, imagine what it can to do for the frequency and strength of automated attacks – not to mention scaled operations. Therein lies the marriage of geopolitical fragmentation and a technological revolution. The more that geopolitical conflict involves AI-based warfare, the more governments and corporations will spend to defend against it. That means using AI to defend against AI.
And this time, rather than disrupt an industry, it’s pushed it into overdrive. (Even if the market doesn’t see it yet.) Sixteen percent of enterprise cyberattacks are AI-generated with effects that are 24% worse., That number is growing. The business risks of getting it wrong are simply too high. And the more use cases that AI has, the more threats enterprises and governments have to protect against. At risk are the large language models (LLM), data, agents and code, among other ingredients.
Ready to take the next step in investing?
We offer $0 commission online trades, intuitive investing tools and a range of advisor services, so you can take control of your financial future.
In 2025, the global average cost of a data breach reached $4.4 million, marking a decline for the first time in five years, according to an IBM report. The drop comes as a result of faster identification and containment. Of the companies that reported AI-related security incidents, 97% did not have the digital security mechanisms needed to protect themselves. Being unprotected is not only risky but an expensive venture as conflicts begin to be fought with lines of code in addition to lines of soldiers.
Anthropic, an AI powerhouse, learned firsthand how it can happen when outside actors manipulated its own Claude code to launch cyberattacks – not just against Anthropic but also large tech companies, financial institutions and government agencies – with only 10%–20% human intervention. The incident demonstrated not only that AI systems can execute sophisticated attacks that would otherwise require a full team of experienced hackers but that these systems are also essential to providing the defense.
Driven by a rapidly fragmenting world, security concerns are accelerating the need not just for AI but for sovereign AI. It’s not enough to innovate. Nations have to reshore digital infrastructure, prioritize data sovereignty and expand the role of companies willing to invest in public priorities. That’s just step one. Step two is securing the infrastructure and building resilience against both physical and digital threats.
To address it, the world is spending at a pace and level that it never has before. Global cybersecurity spending is projected to reach $240 billion in 2026 and grow at an 11% compound annual growth rate to $320 billion by 2029. AI-driven cybersecurity spend is growing three to four times as fast.
Amid a backdrop of broad defense spending, more and more of it is being allocated to this arena. The United States alone called for a $1.5 trillion U.S. defense budget for 2027, marking a more than 50% increase from 2026. Spread across various departments and security agencies, cybersecurity, AI and other digital tools have been named as large and growing parts of the budget. Across the Atlantic, NATO targets sit at 3.5% of gross domestic product (GDP) with an additional 1.5% earmarked for defense-related infrastructure – also eligible for cyber and digital security.
Governments are increasing defense spend globally
And there is still more work to be done. It's not enough to spend on defense, but it is important to create the frameworks to respond. That's what's happening around the world. Take Latin America, which the World Bank identified as one of the fastest-growing regions for disclosed cyberattacks. As a result, it's been made a top priority in the region when developing legislation and policy to address the risk.
It’s a simple formula: More companies and governments use AI. Cyberattacks get more sophisticated and frequent. The technology creates a need to protect more components. Governments spend more on defense and security policy. Fiscal tailwind. AI is used to fight AI. The industry survives and grows.
In an era of AI panic, this long-term dynamic may not be seen immediately. Cybersecurity, after all, is subject to the same knee-jerk market reaction. It also sold off when Anthropic released an AI tool to detect online vulnerabilities. But it has yet to prove it can do it in real time. The assumption is that it will eventually. That's the danger. But that doesn't change the trajectory of the trend. And historically, policymakers have wanted multiple players involved in building the security apparatus. The convergence of government priorities and the critical need for advanced, AI-enabled defense solutions means higher corporate spending and expanded federal contracts. That isn't going anywhere for a while.
All market and economic data as of 02/27/2026 are sourced from Bloomberg Finance L.P. and FactSet unless otherwise stated.
You're invited to subscribe to our newsletters
We'll send you the latest market news, investing insights and more when you subscribe to our newsletters.
