AI in Cyber security: A New Disruption, a Familiar Playbook
If you've been in cyber security for more than a few years, you've already lived through at least one moment where the ground shifted, and the old playbook stopped working. The field of cyber security is no stranger to disruption, and this is another one.
Written by the TryHackMe Team
If you've been in cyber security for more than a few years, you've already lived through at least one moment where the ground shifted, and the old playbook stopped working. The field of cyber security is no stranger to disruption, and this is another one.
The rise of the Internet was one of those moments. Before widespread network connectivity, security was largely a physical and perimeter concern. Then, almost overnight, every system became reachable. The attack surface expanded from "who can physically access this machine" to "anyone, anywhere, with a network connection." Entire categories of vulnerabilities, such as remote code execution, web application attacks, and network-based exploitation, went from theoretical to urgent. The profession had to adapt, and it did. New disciplines emerged, new tooling was built, new frameworks were written, and a generation of practitioners learned to secure systems that were fundamentally more exposed than anything that had come before.
Cloud computing was another. The shift from on-premises infrastructure to cloud-hosted environments did not just change where systems lived, it changed who was responsible for what. Shared responsibility models introduced new trust boundaries. Infrastructure-as-code made deployments faster, but also made misconfigurations easier to introduce at scale. The attack surface expanded again, and cyber security had to catch up once more. Practitioners had to learn new architectures, new identity models, and new ways of thinking about what "the perimeter" even meant.
In both of these disruptions, cyber security found itself in a position that will feel familiar to anyone in the field today: caught between enabling the business to move forward and ensuring that progress does not come at the cost of security. That tension, being seen as the team that slows things down, even when the reality is far more nuanced, is something the profession has navigated before. It is part of the job.
And now, we are in the middle of it again.
The AI disruption is here, and it looks familiar
Depending on where you sit, the conversation around Large Language Models (LLMs) and AI more broadly is either dominated by hype or by fear. On the one hand, there are bold claims that AI will replace entire professions overnight. On the other hand, there is genuine anxiety from practitioners, particularly those early in their careers, about whether the skills they are building will still matter in a few years. Both extremes are loud. Neither is entirely right.
The more grounded observation is that the trendline is clearly heading upward, and it is heading there fast.
For a non-technical example, consider the now-famous AI-generated video of Will Smith eating spaghetti that circulated in early 2023. It was unsettling, bizarre, and immediately recognisable as artificial. At the time, it was a novelty, a demonstration of what generative AI could attempt, but also a clear illustration of its limitations. Fast forward to today, and AI-generated video is increasingly difficult to distinguish from reality. The progress made in barely two years is striking, not because any single output is perfect, but because the trajectory is so steep.
The same trajectory is playing out in the technical domain. When LLMs first gained widespread attention, their ability to write functional code was limited and often unreliable. Today, models are capable of autonomous vulnerability discovery, exploit development, and security analysis at a level that would have seemed unrealistic just a year ago. Recent announcements, such as Anthropic's Claude Mythos Preview and Project Glasswing, point to models that have identified critical, previously unknown vulnerabilities across major software systems, with the capability emerging not from deliberate security training, but as a byproduct of improvements in general coding ability.
That last point deserves emphasis. These security capabilities were not the goal, they were a side effect. And that tells us something important about where the trendline is heading: as AI models become better at understanding and writing code, they will inevitably become better at finding where code breaks. This is not speculative. It is already happening.
For security practitioners, this means that both offensive and defensive security are going to change. How vulnerability discovery works, how security testing is conducted, how attacks are constructed and defended against, all of it is in motion. The specifics of what that will look like are still taking shape, and anyone who claims to have a complete picture is getting ahead of the evidence. But the direction is not in question.
No one knows exactly what is coming. But we have been here before.
It is worth being honest about something: no one can tell you precisely what the cyber security landscape will look like in three to five years. The pace of AI development is so fast that predictions made six months ago already look dated. If someone is offering you certainty about the future, they are selling something.
What we do have is the pattern. And the pattern, across every major disruption this industry has faced, is remarkably consistent. New technology creates new capabilities. New capabilities create new attack surfaces. New attack surfaces demand new skills, new tools, and new thinking. The people who invest in understanding the changing landscape early are best positioned when the dust settles.
This is not a cause for panic, it is a cause for preparation. The internet did not end the need for security professionals. Cloud computing did not either. Both created enormous demand for practitioners who understood the new landscape and could operate effectively within it. There is every reason to believe the AI disruption will follow the same pattern: not eliminating the need for skilled security professionals, but shifting what those professionals need to know and how they need to work.
The key word in all of this is adapt. Not because adapting is easy, but because adapting is what this profession does, and has always done.
Training is how you navigate disruption
Throughout every disruption the cyber security industry has faced, the single most reliable strategy for practitioners has been the same: learn. Invest in understanding the new technology, attack surfaces, and defensive approaches before you are forced to by an incident or a market shift.
It is with this in mind that TryHackMe has built the AI Security Learning Path.
This path was not built in reaction to a single headline or announcement. It was built because the trajectory has been clear for some time, AI is being adopted across organisations at pace, and with that adoption comes an entirely new category of security challenges that practitioners need to be equipped to handle. We saw the direction, and we built training for it.
The path is structured around the OWASP LLM Top 10, the industry-standard framework for AI-related vulnerabilities, and aligned with the CompTIA SecAI+ framework. Across five modules and 25 guided lessons, it covers the full spectrum of AI security, from foundational concepts through to advanced, hands-on challenges:
- AI Fundamentals covers the threat landscape, how AI models consume and process data, and AI forensics, establishing the mental models needed before going deeper.
- Secure AI Systems explores AI systems as an attack surface, covering secure architecture, LLM-specific security concerns, and threat modelling frameworks applied in AI contexts.
- Prompt Security addresses one of the most prevalent AI attack classes, prompt injection, covering both offensive techniques and defensive hardening, with live challenge labs.
- AI Supply Chain Security examines how AI models can be compromised from procurement through deployment, including tampered artefacts, poisoned checkpoints, and compromised fine-tunes.
- Data Poisoning goes into the deepest layer, the data, covering risks in Retrieval-Augmented Generation (RAG) systems, attacks on ingestion pipelines, and sensitive information disclosure.
Eight of those lessons are dedicated challenge labs, built on TryHackMe's purpose-built AI platform where you engage with real LLM interfaces, not static exercises. You attempt prompt injections against live models. You identify model backdoors. You defend against data poisoning in environments that reflect the realities practitioners encounter in the field.
The focus throughout is practical and balanced. The path blends offensive and defensive perspectives, understanding how AI systems are attacked and how they are defended, because in practice, you cannot do one effectively without the other. And the emphasis is squarely on how AI is being deployed in real organisations, the security risks it introduces, and the concrete steps businesses can take to adopt AI while keeping their environments secure.
This is a starting point, not a finish line. The AI security landscape is evolving rapidly, and training must evolve with it. TryHackMe is committed to building for the industry that is emerging, not the one from a year ago. The AI Security Learning Path is the first step on that road, and there is more to come. We are thinking deeply about how this field is changing and how we can best support practitioners through the transition.
The one constant across every disruption
The technologies change. The attack surfaces change. The tools and frameworks change. But one thing has remained true across every disruption this industry has faced: the practitioners who invested in learning, who leaned into the change rather than away from it, are the ones who came through strongest.
AI is the next disruption in cyber security. It will not be the last. And the way through it is the same as it has always been: train, learn, adapt.
The AI Security Learning Path launches on 13 April 2026. 25 hands-on lessons, 5 modules, 8 challenge labs, structured around the OWASP LLM Top 10. Built for the cyber security industry that's emerging.
-TryHackMe Team