AI Now Arms Both Sides of the Cyberattack

For the last two years, most AI security conversations for SMEs have focused on adoption risk: shadow AI tools, compliance gaps, governance. That conversation still matters, but it misses something happening at the same time. Attackers are now using AI as well, and they are doing it faster and more effectively than most defenders expected. For a small or mid-sized business without a dedicated security team, this changes what "reasonable precaution" actually looks like.

A Familiar Tool, A New Kind of Risk

The AI tools your team uses to write code faster, draft emails, or speed up research are the same category of tool now being weaponized against you. This is not a future threat. Security researchers are documenting it in production environments right now, across three distinct fronts: AI-assisted social engineering, AI-evading malware, and a newer technique that targets the AI coding assistants developers already trust.

How Attackers Are Using AI Right Now

Phishing has changed shape. Attackers are no longer relying on broken grammar and generic urgency. AI-generated messages now convincingly imitate the tone and detail of a founder, a client, an accountant, or a supplier, which makes the usual advice of "look for red flags" far less reliable than it used to be.

On the malware side, ransomware groups have started building tooling specifically designed to disable endpoint detection and response systems before deploying their payload. One documented framework standardizes this evasion layer across multiple tools, some borrowed, some custom-built, all designed to impersonate legitimate security software using fake version information and copied certificates. The effect is that detection tools a business relies on can be quietly disabled before an attack even begins, without obvious warning signs.

The Coding Assistant Problem

The most directly relevant development for businesses building or maintaining their own software involves a technique researchers have named AgentJacking. It works by manipulating the context or inputs given to AI coding assistants, causing the tool to generate code that looks reasonable but contains a hidden vulnerability or backdoor. A developer reviewing the output sees working code that solves the problem asked of it. The flaw is not visible without specifically auditing for this kind of manipulation.

This matters because AI coding tools have become a normal part of how small development teams move quickly. A team without a formal code review process, which describes a large share of SMEs building internal tools or customer-facing software, has no natural checkpoint where this kind of issue would get caught.

Why SMEs Feel This More Than Enterprises

None of this is new in kind. Phishing, evasion tooling, and supply chain manipulation have existed for years. What has changed is the speed and scale at which AI lets attackers operate, and that shift disproportionately affects smaller organizations.

A large enterprise has security operations staff, dedicated detection tooling, and code review processes built into its development pipeline by default. A typical SME has none of that as a baseline, and instead relies on a mix of vigilance, basic tools, and trust in the platforms it uses. AI-driven attacks are specifically effective against that combination, because they are designed to look ordinary until the moment they are not.

What To Actually Do About It

The response does not require building an enterprise security function from scratch. It requires closing a small number of specific gaps.

Treat AI-generated code the same way you would treat code written by a contractor you have not worked with before. It needs review before it goes into production, particularly anything that touches authentication, payments, or customer data. This is a process change, not a tooling purchase, and it costs nothing beyond discipline.

Reconsider how much you rely on email-based trust signals alone. A request to change payment details, transfer funds, or share credentials should have a verification step that does not depend on the email itself, such as a phone call to a known number. This single habit defeats a large share of AI-enhanced phishing regardless of how convincing the message is.

Make sure your detection and backup systems are not single points of failure. If endpoint protection can be disabled by an attacker who gains initial access, backups and monitoring that operate independently of that same environment are what actually limit the damage.

AI has lowered the cost of running a convincing attack. It has not changed what stops one. Basic verification habits, code review discipline, and detection that does not depend on a single layer remain the controls that matter most. The businesses that adjust those habits now will be in a meaningfully better position than those waiting for a more obvious warning sign.