GLOBSEC study reviews NATO’s use of AI in cybersecurity

The GLOBSEC Initiative on the Future of Cyberspace Cooperation has released a new research paper examining NATO’s potential use of artificial intelligence in cybersecurity.

Prepared as part of GLOBSEC’s broader series on emerging technologies, the study considers the changing cyber threat landscape, the evolving role of AI for attackers and defenders, and NATO’s strategic response to these developments.

According to the GLOBSEC paper, NATO faces an increasingly complex environment. Since the start of the conflict in Ukraine, Russian state-linked actors have carried out cyber campaigns combining disruptive and espionage operations. These have included distributed denial of service attacks, wiper malware, and information theft. The research notes that criminal groups and hacktivist organisations have also expanded their activity, citing incidents such as the 2022 distributed denial of service attack on the European Parliament website. Another case highlighted by GLOBSEC is the 2022 attack on Albania, attributed to Iranian state actors, which showed the potential for long-term infiltration and widespread disruption.

The study emphasises that AI is influencing both sides of this landscape. On the offensive side, malicious uses include generative tools for phishing, disinformation, synthetic media and automated exploitation. On the defensive side, AI applications include faster analysis of large data volumes, anomaly detection and automation of repetitive tasks. According to GLOBSEC, these capabilities could help NATO and its members address persistent shortages in skilled cybersecurity professionals.

The GLOBSEC research also reviews NATO’s AI strategy, first adopted in 2021 and updated in 2024. The strategy focuses on responsible development, accelerating adoption, protecting AI systems, and countering malicious uses by state and non-state actors. It further stresses interoperability across allied systems and outlines guiding principles such as lawfulness, accountability, reliability and bias mitigation.

However, the study identifies several enduring challenges. NATO must balance secure data sharing with the capacity to analyse large volumes in real time, while guarding against reduced model accuracy caused by data drift. Differences among member states in rules and practices complicate cooperation. Interoperability remains difficult when allies use siloed systems, while resource disparities mean some states may struggle to adopt AI-based tools. The paper also flags the English-language focus of many models as a limitation for non-English-speaking members.

In terms of opportunities, the research highlights multidomain approaches to anomaly detection across networks and supply chains, closer engagement with private industry, and broader collaboration between governments, research institutions and companies. GLOBSEC notes that clearer communication with political leaders on the operational benefits, risks and ethical considerations of AI is also essential to informed decision-making.

The paper concludes with recommendations for a cautious approach. Deployment, it says, should be based on careful evaluation of maturity and reliability. Establishing baseline standards, improving interoperability, and strengthening cooperation with industry and research bodies are presented as key steps for NATO to integrate AI into its cybersecurity framework.

Copied