Businesses and other organisations are in a “high-speed race” against cybercriminals as AI accelerates both threats and defence methods, the World Economic Forum says.

A white paper prepared with KPMG says agentic AI offers “unprecedented opportunities” to strengthen cybersecurity, while also introducing new risks.

Businesses that extensively use AI in security reduce average breach duration by about 80 days, substantially lowering costs, according to the report.

AI can help address structural challenges in cybersecurity such as talent shortages, resource constraints and regulatory demands.

“AI and cybersecurity have become inextricably linked. AI has the potential to shift the balance towards defenders,” said WEF cybersecurity centre head Akshay Joshi, who notes the “transformative potential of AI in strengthening cybersecurity”.

He also recommends “vigilance against over-reliance ... and preserving human expertise and judgment”, and says decisions on whether an AI operation is fully autonomous should be “based on risk and reversibility of actions”.

The paper says: “AI solutions should be validated through structured pilots with clear success criteria. Once deployed, continuous monitoring and refinement remain essential.”

AI speeds detection and decision-making, and strengthens technical, operational and governance systems. But heavy reliance on AI can undermine cyber resilience.

“Excessive trust in automated decisions creates a false sense of security and over time erodes the expertise needed to intervene when systems fail,” the report says.

Security teams should combine AI with human judgment, simulate AI failures and design fail-safes that keep security operations functional during AI outages.

The report examines 20 case studies, including Allianz’s use of hypothesis-based AI analysis for autonomous cyber threat detection that “reimagined threat investigation”.

When alerts are triggered, it identifies only the data points needed to validate them and retrieves them – giving targeted dynamic data collection that avoids infrastructure overload.

“This approach enables comprehensive forensic analysis at scale, even for minor cases, while maintaining operational efficiency ... The system reduces mean time to respond and strengthens cyber detection capabilities.”

The WEF says leaders should treat AI as a “foundational security capability” and “a force multiplier for cyber defence”.

“Attackers are moving faster and at greater scale than ever before. This report is a call to action for organisations to match that pace,” KPMG global head of cyber and tech risk Laurent Gobbi said.

See the white paper here.