Artificial Intelligence, Cybersecurity, MXDR

Will AI Regulation Harm Cybersecurity and Help Hackers?

Table of Contents

Adopting and leveraging the advantages of AI is accelerating rapidly. Questions surrounding the potential impact of new AI regulations on cybersecurity innovation have sparked discussions within the industry. I was asked about this on our recent webinar about the 2024 threat landscape. In this piece, I aim to provide further analysis of this nuanced landscape, drawing upon my experiences as a seasoned professional in the cybersecurity sector.

The dual ecosystems

Let’s delve into the dichotomy I highlighted in my recent comments—the existence of two distinct ecosystems within cybersecurity. On one side, we confront well-funded entities like Octo Tempest and Scattered Spider. We also have a few nation-state-supported entities receiving over $400 million, as well as ransom money revenue. The ability of these entities to independently propel the creation of AI tools, including quantum computing, raises concerns about how this will challenge IT security, and how global regulations needs to consider guardrails and regulations on their trajectory.

The second ecosystem, in contrast, comprises a diverse array of cybersecurity entities, ranging from innovative startups to established companies dedicated to defending against evolving threats. This ecosystem is characterised by agility, adaptability, innovation, and a commitment to pushing the boundaries of critical thinking.

an image of futuristic white humanoid robot facing off against a futuristic black humanoid robot

Unlike the first ecosystem, which is marked by substantial funding from nation-states, this second ecosystem thrives on a combination of ingenuity, collaboration, and a shared commitment to cybersecurity excellence. The effectiveness of nefarious activities and targeting of specific cohorts and industries is escalating considerably. As I discussed, this is unlikely to decline in 2024.

Yet there is a sensitivity to ensuring appropriate but adaptive global collaboration on guardrails and guidelines. The challenge lies in ensuring that AI regulations do not inadvertently stifle the innovation or constrain development pathways. We can learn some really powerful lessons from the hacker mindset in “good enough”, critical process thinking, and silo exploitation to respond more effectively to emerging cyber threats.

The regulatory conundrum

We have observed the global challenges on freedom of speech and data privacy, and how this can reduce our ability to understand and more effectively protect others. The initial question that arises is: to what extent do AI regulations need to influence the capabilities of these well-funded actors?

With geo-political challenges, the likelihood of majority global alignment is unlikely. Without this, how effective will any regulation and protection afforded therefore be? As AI and quantum computing accelerate digital transformations, we need to be ready and prepared for significant evolution at a greater globally collaborative level. This must be supportive of positive innovation and developments yet offer greater levels of nation-backed individual and commercial protections.

The crucial role of international collaboration

an image of two people shaking hands in front of various country flags

Moving forward, I underscore the importance for enhanced international collaboration in tackling cybersecurity challenges, as well as combined commercial and political entities. The interconnected nature of cyber threats demands a consolidated response that transcends national borders. Guardrails at the country level will prove inadequate in the face of cybercriminals who operate seamlessly across borders. Strengthening collaboration needs to be backed by consistent political changes, which are supported by globally-informed policies.

The balancing act of policies in AI regulation

My concern is centred around the potential consequences of more stringent policy implementation that simply is not agile enough. A draconian approach, I argue, will hinder the very innovation and acceleration necessary for effective cybersecurity, AI and quantum computing – and the benefits this will bring.

Striking the right balance is key — regulations must adapt to the dynamic threat landscape without stifling the agility required to combat emerging challenges. Quantum computing technology may need licencing in the same way patents and drug developments are to regulate usage and purpose. AI developments will need increased privacy assurance testing and security validation. There also needs to be greater transparency from the tech companies as the personal data collected and analysed be that directly or indirectly could be acquired or exfiltrated without consent.

Empowering cyber communities

In my opinion, the power lies within cyber communities, governments, and expert cyber agencies. These collective communities, driven by a shared purpose to make the world a better place through collaboration and innovation, can harness the accelerating technologies of AI and large language models to strengthen cybersecurity.

the letters AI coming out of laptop screen

The delicate balance involves enabling these communities to leverage AI while ensuring responsible and ethical use. Ensuring the messaging is understood, continually evolves, and is adopted is a crucial part of future success.

Navigating the tightrope

There has always been a delicate balance between regulatory measures and fostering an environment conducive to innovation in the cybersecurity sector.

AI regulation has taken too long to agree and implement, let alone evolve. This balance is critical in ensuring the ongoing effectiveness of our cybersecurity efforts. Restricting innovation runs the risk of leaving us ill-prepared to face the ever-evolving tactics employed by cybercriminals.

Worst still, it puts businesses and individuals who cannot afford or do not understand how to improve their protection at greater levels of risk.

Innovation as a necessity

Let’s be clear—cybersecurity innovation is not a luxury but an imperative in today’s digital landscape. Our AI-powered cybersecurity solutions, such as the MXDR (Managed Extended Detection and Response), demonstrate the innovation necessary to stay ahead of sophisticated threats. Technology is going to progress much faster, defence mechanisms must evolve in tandem. AI regulation cannot hold that back.

introducing cloudguard's new mxdr platform

Global unity in cybersecurity

The call for international collaboration is more than a mere suggestion or wishful thinking; it is a fundamental recognition that cybersecurity is a collective responsibility.

There must be concerted, multi-national alignment to reduce weaponisation tactics and activities in the cyber threat landscape. No one entity or nation can stand alone against the rising tide of cyber threats. Collaboration involves not only sharing intelligence but also aligning policies globally to create a unified defence against adversaries. Learn fast. Then adapt policies and regulation from this continual learning. We need to make it part of the fabric of lives to ensure those that are most vulnerable, have access to protection.

The future cyber landscape

Looking ahead, I hope for a future where cybersecurity evolves alongside the advancements in AI and automation. However, this future hinges on the careful calibration of regulatory measures and collaboration. While oversight is necessary, a balanced approach—one that empowers the cybersecurity industry to proactively address and adapt to emerging challenges—is crucial.

My final thoughts on AI regulation

My insights provide a firsthand view of the intricate relationship between AI regulation and cybersecurity innovation. The delicate balance between regulatory measures and fostering innovation is vital to the continued effectiveness of our cybersecurity efforts.

As we navigate the evolving landscape of cyber threats, a consistent, collaborative, and more globally-informed learning approach, coupled with a commitment to innovation, will be crucial in safeguarding our digital futures.

Striking this balance requires a nuanced understanding of the challenges and opportunities that lie at the intersection of AI and cybersecurity—an intersection that defines the future of our industry.

To learn more about AI regulation, and the 2024 threat landscape as a whole, watch my webinar on demand. Here’s a snippet to get you started. Alternatively, check out our pags on cybersecurity for startups cybersecurity for maritime.

Author: Matt Lovell
Share:
Author: Matt Lovell
Share:

Related Resources

two men talking on a podcast posted on linkedin with a red arrow pointing towards a deepfake
Why Social Engineering Always Works: How Hackers Use Phishing & Deepfakes
We’ve all done the training, so why are attackers still getting through? Attackers no longer rely on bad spelling or suspicious links, they use AI-generated deepfakes and psychological profiling to manipulate people with astonishing precision. By exploiting the brain’s emergency response system, they trigger fear, urgency, or authority to override...
Dark purple background with claude logo and words pro, team and enterprise.
Claude Business Security: Choosing the Right Account for SMBs
When I shared my last article, a few people got in touch asking for a more practical follow-up, specifically around how small teams can use Claude Pro without putting business data at risk. This piece goes step by step through exactly that. Understand what you’re actually adopting Claude Pro is...
Two analysts looking surprised. Purple cyber background with phishing hook.
What Happens After a Phishing Attack? A Real Microsoft 365 Incident Walkthrough
If your organisation thinks a password reset or MFA alone are enough, think again. In this phishing attack breakdown by CloudGuard’s SOC team, Conor and Jon reveal the reality behind an actual breach involving a UK law firm, exposing how hackers use four methods to regain access long after initial...
purple background with computer that says threat from the field in cartoon like design
Cyber Threat Trends Q1 2026: Data Theft, AI Attacks and Emerging Risks
Executive Summary Every 90 days, we review the latest cyber threat trends to identify what IT leaders should learn, where resilience gaps are widening, and what practical actions organisations should take next.  The first quarter of 2026 has been intense. The UK threat picture is not defined by one single...
Microsoft Defender for Cloud
Microsoft Defender for Cloud Cloud environments change fast. New workloads, new services and new risks appear daily, often without full visibility or clear ownership. Microsoft Defender for Cloud provides continuous assessment across Azure, hybrid and multi-cloud environments to help organisations understand and reduce cloud security risk. CloudGuard ensures your cloud...
Woman looking at tablet with cyber imagery across the top.
The Limitations of External Penetration Testing (And What to Do About Them)
Core argument  Traditional internal penetration tests gives executives false confidence because it’s typically scope-limited, scheduled, doesn’t reflect real attacker behaviour and ignores the AI threats with user access. Would you feel comfortable boarding a plane if the pilot had practised emergency landings but had never actually simulated an engine failure?  So, why do businesses specifically exclude their...
CloudGuard logo and Stonewater Housing logo on a pastel purple background
Stonewater Housing Achieves 24/7 Security Monitoring Without Expanding Its IT Team
Image of man with half blue face on left and half red face on right. ÂŁ20 notes falling in the background.
Date | Time: 24/03/2026 | 12:00 pm
[On Demand] The AI-Enabled Insider Threat: When Trusted Access Becomes Competitive Advantage
Your most trusted employees can now distil years of institutional knowledge in days, sometimes without realising the risk they’re creating. Insider risk has fundamentally changed. We’re past the days of someone copying files onto a USB stick. Today, trusted employees are using AI tools to summarise reports, analyse strategy documents,...
Continuous Security Validation: How to Prove Your Cybersecurity Controls Actually Work
Core argument CISOs are increasingly measured not by the security they implement, but by the breaches they fail to prevent. Most cybersecurity investments create a false sense of protection because they’re never truly tested under realistic conditions.  Zero trust applied new controls but the new wave of Agentic AI solutions will fundamentally...
Get In Touch

Our Cybersecurity Services Can Instantly Improve Your Business’ Security Posture

Complete the form to find out more about any of our one-off or managed cybersecurity services. Not seeing what you’re looking for? Our cybersecurity consultants and MXDR experts are always on-hand to provide the guidance and support you need.