Introduction

As digital transformation accelerates, artificial intelligence (AI) is becoming increasingly visible across all stages of business processes. While organizations gain efficiency and automation, they are also confronted with increasingly complex cyber threats.

Since AI can now be used both as a defensive and offensive tool, cybersecurity is no longer merely a technical topic; it has become a core component of corporate governance, risk management, and data protection.

1. AI-Powered Threats: New Risk Dynamics

1.1. Rise in Identity-Based Attacks

Recent global reports show a significant increase in identity-based cyberattacks. According to IBM’s X-Force Threat Intelligence Index 2025, nearly 30% of these attacks stem from identity theft or authentication vulnerabilities.

AI-driven tools personalize phishing attempts, making them far more convincing. Beyond early offensive LLMs such as FraudGPT and WormGPT, new generations of autonomous and multimodal LLM-based attack tools emerging in 2024–2025 diversify impersonation techniques and make detection processes even more challenging.

1.2. Polymorphic Malware

Next-generation attacks leverage AI to bypass traditional antivirus systems. Polymorphic (shape-shifting) malware continually modifies its structure, making detection increasingly difficult. This highlights the need for security systems to develop not only signature-based detection but also learning-driven adaptation capabilities.

2. AI on the Defensive Side: From Reactive to Preventive Approaches

2.1. Anomaly Detection

AI can detect unusual access requests or network traffic within seconds. Modern solutions use hybrid models that combine supervised and unsupervised learning.

These models can identify behavioral and statistical patterns even within encrypted network traffic.

With federated learning, organizations can jointly train models without transferring their data to a central location. This protects privacy while enabling broader sharing of threat intelligence.

Lifelong learning capabilities help models adapt to new attack patterns by reducing the impact of concept drift.

2.2. Automated Response (SOAR Systems)

AI-enabled security systems do more than generate alerts — they can also take automated action through Security Orchestration, Automation and Response (SOAR) platforms.

Each incident is assigned a risk score:

• High risk → access may be temporarily suspended
• Medium risk → an alert may be triggered

This approach reduces false positives and protects operational continuity. As expert interventions are re-incorporated into the model, the system improves its accuracy over time.

2.3. Predictive Analytics

AI models trained on past attacks use time-series analysis and behavioral modeling techniques to anticipate future threat vectors.

“What-if” scenarios (hypothetical simulations that test how different variables influence outcomes) and adversarial machine learning (techniques that challenge models with attacker-like inputs) help systems proactively assess their own vulnerabilities.

This significantly strengthens defense capabilities against zero-day attacks (previously undiscovered security vulnerabilities with no existing patches).

2.4. Human-Assisted Oversight

Automation is powerful, but it cannot fully replace human judgment. For this reason, modern security architectures are built on Explainable AI (XAI) principles.

Systems can explain the rationale behind the alerts they generate, allowing analysts to understand and validate decisions.

Audit trails, traceability mechanisms, and alert prioritization are essential for transparency and regulatory compliance.

3. Legal and Regulatory Framework in Türkiye

3.1. National Cybersecurity Strategy (2024–2028)

Türkiye’s national cybersecurity strategy, published by the Ministry of Transport and Infrastructure, incorporates:

• Zero Trust architecture — a security model that assigns no automatic trust to any user or device regardless of location and requires continuous verification for every access request, and
• Security-by-Design principles

as part of the country’s national cybersecurity standards.

3.2. KVKK’s AI Recommendations (2025)

According to the Personal Data Protection Authority of Türkiye (KVKK):

• Human intervention is mandatory in AI-based decision-making systems.
• Decision processes must be explainable, fair, and auditable.
• Data processing activities must comply with purpose limitation and data minimization principles.

Together, these two key documents underscore the need to address cybersecurity through both technical safeguards and governance-oriented, ethical oversight.

4. Practical Corporate Strategies: Strengthening Security with AI

4.1. Risk Mapping and AI-Based Security Auditing

AI-driven anomaly detection can identify early signs of unusual behavior in network traffic and user activity.

Dark web monitoring and threat intelligence sharing support the early identification of potential data leaks.

4.2. Human-Centered Security Awareness

Because a significant portion of identity-based attacks stem from human error, regular awareness training and phishing simulations are essential.

Training should extend not only to IT teams but also to critical functions such as HR, legal, and finance.

4.3. Updating Data Access and Protection Policies

In line with KVKK principles, access permissions must be limited to job roles.

The least privilege approach reduces unnecessary data access.

End-to-end encryption, hybrid cloud security, and real-time monitoring form the foundation of effective data protection.

4.4. Modern Identity and Access Management

Multi-factor authentication (MFA) is an indispensable element of secure access.

The identity fabric approach consolidates fragmented identity systems and simplifies access management.

Regular identity audits help maintain integrity at an organizational scale.

4.5. AI Governance and Ethical Oversight

Effective governance requires transparency, accountability, and fair system design.

AI systems should undergo regular assessments for bias, data drift, and fairness.

4.6. Collaborative and Proactive Incident Response

AI-driven simulations and periodic drills help test organizational response to potential cyberattack scenarios.

Joint response planning with suppliers and public authorities strengthens organizational resilience.

4.7. Alignment With National Cybersecurity Principles

Zero Trust and Security-by-Design frameworks recommended by the national strategy should be systematically integrated into organizational structures to support long-term and sustainable security.

Conclusion

While AI offers significant opportunities for organizations, it also introduces new responsibilities.

An ethical, legally compliant, and sustainable AI ecosystem forms the foundation of digital security.

Cybersecurity is no longer merely an IT issue; it is a central pillar of corporate strategy.

The future of security will be defined by the balance between automation and human judgment, and between innovation and accountability.

References

• IBM (2025). X-Force Threat Intelligence Index 2025. https://www.ibm.com/reports/threat-intelligence
• Falade, P. V. (2023). AI-based Voice and Text Impersonation Models. https://arxiv.org/abs/2310.05595
• ENISA (2024). ENISA Threat Landscape 2024. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024
• WEF (2025). Global Cybersecurity Outlook 2025. https://www.weforum.org/publications/global-cybersecurity-outlook-2025
• OECD (2024). Digital Security Risk Management. https://www.oecd.org/en/topics/digital-security-risk-management.html
• Ministry of Transport and Infrastructure of Türkiye (2024). National Cybersecurity Strategy and Action Plan 2024–2028. https://www.uab.gov.tr/uploads/pages/siber-guvenligin-yol-haritasi-yerli-ve-milli-tekno/ulusal-siber-guvenlik-stratejisi-2024-2028.pdf
• KVKK – Personal Data Protection Authority of Türkiye (2024). Guidelines on the Protection of Personal Data in the Field of Artificial Intelligence. https://www.kvkk.gov.tr/SharedFolderServer/CMSFiles/25a1162f-0e61-4a43-98d0-3e7d057ac31a.pdf