Webinar Discover Complement's conversational avatars - Wednesday 25 June at 6 PM CET AI avatars - 25 June at 6 PM CET Register
ia

Cybersecurity and AI : towards an explosion of vulnerabilities driven by usage

Artificial intelligence is profoundly transforming cybersecurity by enabling large-scale detection of vulnerabilities. However, this progress creates a new challenge: a massive increase in vulnerabilities that is difficult for security teams to absorb. At the same time, AI usage is rapidly expanding, often without clear governance, increasing the risks associated with human error. Today, the real issue is no longer purely technical, it lies in understanding and controlling how AI is actually used within organizations.

Cybersecurity and AI : towards an explosion of vulnerabilities driven by usage

n recent weeks, a weak signal has turned into a major topic for security teams.

With the emergence of models capable of analyzing code and detecting vulnerabilities at an unprecedented scale, cybersecurity has entered a new phase. Artificial intelligence can now identify flaws that automated tools had failed to detect for years. At the same time, vulnerability discovery is scaling up. What once relied on long cycles and expertise applied to limited scopes is becoming massive, almost industrial.

The paradox is immediate. We have never been so capable of detecting vulnerabilities, yet security teams have never been under so much pressure. Some are already talking about a volume of vulnerabilities that is difficult to absorb, prioritize, and fix.

But this transformation conceals another one more diffuse, more silent.

For years, cybersecurity has been built on a widely validated intuition: incidents do not come only from systems, but from usage. IBM’s 2023 report regularly highlights this: the majority of data breaches involve some form of human error.

Not spectacular mistakes, but ordinary decisions: a file shared too quickly, an approximate configuration, a tool used خارج its intended scope.

Artificial intelligence does not challenge this observation. It amplifies it.

It accelerates actions, simplifies operations, and reduces friction. It allows non-experts to interact with complex systems, sometimes without fully understanding the implications. At the same time, it expands the attack surface. Data flows differently, tools multiply, and usage spreads without always going through traditional validation channels.

What stands out today is how these usages have taken root. In most organizations, AI is used individually, often outside any collective structure. It is mainly used for “augmented office work”: writing, rephrasing, summarizing, producing faster.

These uses are not problematic in themselves. On the contrary, they are a powerful productivity lever. They help automate certain tasks, free up time, and facilitate daily work. But in many cases, they remain poorly governed.

This is where a key tension lies.

Providing a tool, no matter how powerful, is not enough to ensure controlled usage. AI is no exception. Without a clear framework, shared best practices, and proper support, usage develops in heterogeneous and sometimes improvised ways.

In this context, employees learn on their own. They experiment, adjust, and replicate behaviors observed elsewhere. They seek quick gains, often rightly so. But they do not always have the necessary reference points to assess the associated risks.

This is often when doubts begin to emerge on the CIO side.

Not following a major incident, but more gradually. A question arises:

Do we truly understand what teams are doing with AI today - and therefore, do we have it under control?

In many organizations, the answer remains incomplete. Not due to a lack of tools, but because usage evolves faster than the frameworks designed to structure it. This gap marks a significant shift.

For a long time, cybersecurity was built around infrastructure, securing access, controlling flows, protecting systems.

Today, the point of tension is shifting: it lies in usage.

Some companies are beginning to adapt their approach accordingly. They are no longer just trying to detect more vulnerabilities—which AI already enables at scale—but to understand how they emerge in daily practices: how teams use these tools, in which situations they make decisions, and how they balance efficiency and security.

This shift in perspective requires a specific effort: supporting usage rather than simply authorizing it.

This involves simple, accessible forms of learning, directly connected to everyday work. Not theoretical training, but concrete guidelines, examples, and situations that help people understand what is acceptable, what is not, and why.

Encouraging employees to learn, share practices, and gradually structure usage becomes a central lever—not to slow adoption, but to make it more robust.

This is the logic behind emerging approaches, particularly at Complement. There, AI is used as a lever to support teams, structure usage, and make situations more tangible. The goal is not to limit its use, but on the contrary, to enable employees to use it more thoughtfully by better understanding the implications of their decisions.

Artificial intelligence is not creating a cybersecurity crisis, it is accelerating existing dynamics. It increases our ability to detect vulnerabilities, but it also makes more visible a long-known reality: a system is only as secure as the ways it is used. And today, those usages are evolving rapidly, often diffusely, and sometimes without a shared framework.

This leaves us with a simple question:

In an environment where vulnerabilities are multiplying and usage is intensifying, do you have a clear view of how your teams are actually using artificial intelligence?