12

Artificial intelligence (AI) is developing at a rapid pace; in a short period of time, it has led to radical changes even in the field of cybersecurity. Hackers now use AI-based tools to automate vulnerability scanning, predict attack vectors, and create threats faster than ever before. This synergy between human ingenuity and machine learning is transforming the field. It has sparked debate among people: If fraudsters with no ethical constraints use AI for attacks, what should the ethical constraints be when using AI to build defense systems?

Results of using AI in cybersecurity

The successes of hackers are evident. According to the IBM X-Force report, cyberattacks on critical infrastructure — especially SCADA systems and telecommunications — have increased by 30%. This includes DDoS attacks, malware infiltration, and compromise of control systems. In the first quarter of 2025, a DDoS botnet of 1.33 million devices was discovered, which is six times larger than the largest botnet in 2024. Cybersecurity departments of companies that test IT systems for penetration in accordance with ISO 27001, NIST, and CIS standards are increasingly doing so not annually or weekly, but daily.

Neutralizing AI threats in cybersecurity using ethical methods

The active use of AI has led to the need for insurance against AI-driven threats. Moreover, cyber insurance has recently become a strategic requirement for businesses, especially in the finance, healthcare, and critical infrastructure sectors. For example, international insurers such as AIG, AXA, Zurich, or Chubb require clients to demonstrate regular ethical hacking assessments.

Insurers believe that the effectiveness of ethical hacking in testing companies is estimated at 98%. In other words, without regular vulnerability testing, the market sees no chance of staying ahead of hackers and protecting systems.

According to the U.S. Department of Justice’s updated guidance, ethical hacking is legally protected when done with consent, and insurers increasingly rely on it to assess enterprise resilience. Ethical hacking has become a basic requirement for secure business operations in the US, both for Fortune 500 companies and startups. Facebook and its affiliated companies allocate the largest budget for these purposes. Its total cybersecurity spend is estimated in the billions, with ethical hacking playing a critical role in that ecosystem.

In Israel, ethical hacking has also become the basis of its updated National Cybersecurity Strategy for 2025–2028, the Israel National Cyber Directorate.

Ethical issues

Opponents of ethical hacking argue that the line between “white” and “black” hackers is thin and sometimes blurred.

Hackers may discover vulnerabilities that go beyond what has been agreed upon. Should they report it? Use it to their advantage? Ignore it? This gray area is fraught with ethical issues.

Ethical hacking standards are already being systematized as part of ethical hacking certifications in the US and EU. But opponents believe that ethical hacking skills and tools can be used for malicious attacks.

In addition, penetration tests can inadvertently lead to system failure, data corruption, or disclosure of confidential information, especially in real-world conditions. Such access to personal data raises questions about user consent and privacy protection laws.

Gevorg Tadevosyan Exclusive: Expert Opinion

Gevorg Tadevosyan, a cybersecurity expert from the Israeli company NetSight One, shared his opinion on this debate. Gevorg, a graduate of Bar-Ilan University with a deep understanding of cybersecurity protocols and ethical hacking, emphasized the importance of developing a balanced approach. He agreed that artificial intelligence has improved certain aspects of cyber defense, such as speed and efficiency, but warned against the dangers of using artificial intelligence for offensive purposes and urged the implementation of ethical hacking as one of the main protective measures. Gevorg therefore calls for the development of a comprehensive framework for the use of artificial intelligence in cybersecurity and the resolution of existing ethical issues. This requires the creation of a clear legal basis for ethical hacking:

• Bring the ethical hacking business out of the legal gray area and create a unified state licensing and supervision system;
• Pass a law on mandatory disclosure of information about all vulnerabilities.
• Make it mandatory by law to eliminate the consequences after penetration testing.
• Strengthen privacy protection and develop clear rules for the processing of personal data during penetration testing.
• Legislate the legality of testing cross-border systems and eliminating threats.

Reasons to Address Ethical Constraints.

Gevorg’s vision adopts a scientific approach to urgently address all ethical constraints in the application of AI for cybersecurity protection. He asserts that AI can indeed enhance protective measures, but this cannot be achieved under existing ethical constraints. We need new regulations and laws governing the use of AI for penetration testing to prevent AI from being misused and to avoid consequences, especially unintended ones. National cyber resilience will only benefit from the use of AI with clear ethical rules, and the risks to the community will be reduced.

Сonclusion

The interplay between technology and ethics in the field of AI and cybersecurity is complex. While AI has great potential to improve cybersecurity, its use for offensive purposes requires caution. Insightful experts such as Gevorg Tadevosyan of NetSight One also note the urgent need to address contemporary ethical issues surrounding the use of AI in cybersecurity. By addressing all ethical considerations, the cybersecurity community can optimally leverage AI to pave the way for a more secure digital environment in Israel.

JPost.com is grateful for the professional advice provided by Gevorg Tadevosyan in preparing this article.