The rapid advancement of artificial intelligence (AI) is ushering in a new era of technological capabilities, transforming industries and reshaping the way we interact with digital systems. However, as these tools become more powerful, they are also amplifying the risks of cyberattacks. Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA) under President Trump, recently issued warnings about how these developments are impacting global cybersecurity threats—making nation-states, businesses, and even individuals increasingly vulnerable.

Next-generation capabilities, next-level risks

According to Krebs, the leap in AI technologies, exemplified by entities like OpenAI and Anthropic, is both “exciting and terrifying.” On the one hand, advanced AI systems are uncovering efficiencies and capabilities previously thought impossible. On the other hand, those same technologies are enabling adversaries—from nation-state actors to everyday cybercriminals—by making it far easier to discover vulnerabilities and automate complex attacks.

In particular, Krebs pointed to China-linked hackers embedding attacks into everyday devices and Iranian actors targeting critical infrastructure. What used to be the domain of well-funded state-backed groups is now accessible to small cybercriminal networks operating globally, bringing an unprecedented level of risk to both U.S. and European organizations.

“This is the next generation of technological advancement, and it sets the stage for automated, AI-driven exploitation of vulnerabilities,” Krebs said. “Organizations and governments alike are struggling to keep up.” Businesses, especially, are ill-equipped to respond to the heightened pace at which cyberattacks can now unfold.

Is the U.S. government prepared?

When asked about the preparedness of the U.S. government to handle these emerging threats, Krebs struck a cautious tone, noting significant gaps in both strategy and resourcing. To address these issues, he suggested three critical steps:

1. Empower key cybersecurity agencies and tools: Agencies such as U.S. Cyber Command and the National Security Agency need advanced tools and resources to detect and neutralize threats before they reach American organizations and individuals.

2. Improve collaboration with labs and AI developers: By working with labs developing high-power AI models, the government can better detect and remediate high-impact vulnerabilities. Porting identified vulnerabilities to actionable fixes should be a streamlined and collaborative effort.

3. Support state and local cybersecurity systems: Krebs underscored the need to equip underfunded state and local entities with affordable or free cybersecurity tools. These are often the weakest links in defense chains, and despite their local focus, they can become launch points for broader attacks. Yet, as he pointed out, the key agency responsible for this—CISA—faces budget cuts and staffing declines, undermining its ability to meet these challenges.

“When adversaries are moving forward while we’re losing headcount and funding, it feels like we’re taking steps backward,” Krebs emphasized.

A wider aperture: midsize organizations and local entities

While tech giants and large institutions like JPMorgan Chase invest billions in sophisticated defenses, smaller organizations often lack the resources to keep pace. Krebs focused on midsize enterprises, state agencies, hospitals, and utility providers—targets for which the stakes of a breach can be devastating.

For these entities, Krebs recommended leveraging the cybersecurity frameworks already provided by major tech vendors that partner with companies like Anthropic. However, he urged these organizations to self-evaluate their readiness:

• Can critical vulnerabilities be quickly patched?
• Have systems been automated for rapid incident response?
• Do you understand what unpatchable systems exist in your network, and can you isolate or retire them?

Now is the time for these organizations to take a "strategic pause" and reassess fundamental cybersecurity strategies. Without a solid foundation—namely the agility to fix issues at speed—they risk falling victim to the fast-moving exploits enabled by AI.

What individuals can do

Although much of the focus is on organizational and governmental readiness, Krebs also acknowledged the role individuals play in protecting against cyber threats. For everyday users, the steps are pragmatic but essential. He advised:

• Enable multi-factor authentication: Protect all online accounts by requiring more than a password for access.
• Manage privacy settings on AI tools: If using consumer-grade AI services like OpenAI or Anthropic, ensure that any data-sharing features are turned off to avoid contributing personal data to training models.
• Foster AI literacy: Knowing how to effectively and safely use AI tools will likely be as foundational a skill over the next decade as learning to drive.

“Not knowing how to work AI tools in ten years might feel as foreign as not knowing how to drive,” Krebs noted. Becoming AI-literate doesn’t just future-proof your knowledge; it ensures you use these tools safely and effectively.

Balancing progress with security

AI's transformative impact on technology industries is undeniable, but it's forcing a recalibration of how defense structures keep up with attackers. The collision between these new tools and existing vulnerabilities is creating a critical inflection point for governments, businesses, and societies to rethink their cybersecurity priorities. Without the right investment in detection, defense, and collaborative action, AI tools that were designed to improve human capabilities could just as easily undermine them.

For many, these questions amount to more than technical considerations—they’re about the resilience of everything from hospital IT systems to the broader national economy. As Krebs highlighted, the window to adapt is narrowing. All stakeholders, from top cybersecurity agencies to individual citizens, will need to move with urgency to meet the challenges of a rapidly evolving digital battlefield.