The Paris AI Action Summit, held on February 10-11, 2025, in Paris, France, convened policymakers, technologists, and security experts from around the world to discuss the future of artificial intelligence (AI). While the event underscored AI’s vast potential, it also illuminated significant challenges in cybersecurity and open-source intelligence (OSINT). Among the many insights from the summit, three key themes stood out: the rapid evolution of AI capabilities, the potential for AI to be misused by malicious actors, and the growing need for a cybersecurity framework that adapts to AI-driven threats.

The AI Acceleration Problem: Are We Prepared?

AI is advancing at a speed that few had predicted even five years ago. Experts at the Paris summit warned that AI systems with capabilities rivaling highly intelligent entities could emerge by 2026 or 2027. This rapid acceleration is creating an unprecedented landscape of economic and security implications. As AI systems grow more sophisticated, they will not only automate tasks and transform industries but also challenge the way intelligence is gathered and cybersecurity is enforced.

For OSINT analysts, this means the digital information landscape will become increasingly unpredictable. AI-generated content—deepfakes, automated misinformation, and AI-generated reports—will make it harder to separate signal from noise. Analysts must adapt by integrating AI into their own workflows, using machine learning tools to filter and verify information at scale. But this also raises an uncomfortable question: If AI can create misinformation more effectively than humans can detect it, how do we ensure the integrity of intelligence? The summit highlighted emerging efforts to build AI-driven verification tools, but the race between information manipulation and detection remains tight.

The acceleration of AI also presents a dilemma for cybersecurity. Faster AI development means that vulnerabilities in critical systems could be discovered and exploited before security experts have time to counteract them. Imagine a scenario where AI models rapidly identify zero-day exploits and distribute them across global networks in minutes. The traditional cycle of cybersecurity, which relies on human analysis and gradual patching, will struggle to keep pace. To counteract this, experts at the summit called for AI-based cybersecurity systems capable of predicting and neutralizing threats before they manifest. AI-driven threat detection and response mechanisms, particularly those leveraging OSINT data, will be crucial in staying ahead of cyber adversaries.

AI in the Hands of Malicious Actors: A New Cyber Warfare Frontier

One of the most alarming discussions at the summit centered on the potential for AI to be weaponized. Rogue states, criminal enterprises, and even sophisticated lone actors are increasingly leveraging AI to develop more advanced cyberattacks. Unlike traditional hacking methods, which require expertise and manual effort, AI enables attackers to automate and scale their operations with unprecedented efficiency.

For example, AI-powered phishing campaigns can generate hyper-personalized messages by analyzing vast amounts of publicly available OSINT data. Instead of generic scam emails, future phishing attempts will be tailored with eerily accurate details, making them nearly indistinguishable from legitimate correspondence. AI can also be used to automate deepfake attacks, allowing malicious actors to impersonate trusted figures with convincing video and audio simulations.

The summit highlighted the risk of AI-powered cyber warfare, where nation-states deploy AI to disrupt financial systems, disable critical infrastructure, or manipulate political discourse. In this environment, OSINT becomes both a target and a weapon. On one hand, adversaries will exploit publicly available intelligence to refine their attacks; on the other, security experts can use OSINT to monitor for early warning signs of AI-driven cyber threats. Several participants advocated for increased collaboration between cybersecurity professionals and OSINT analysts to create real-time monitoring systems capable of identifying AI-generated threats before they cause irreparable damage.

Perhaps most concerning is the use of AI in autonomous cyberattacks. AI-driven malware could independently evolve and adapt to evade detection, rendering traditional cybersecurity defenses obsolete. The concept of ‘self-learning’ cyber threats—AI algorithms that improve their attack methodologies in real-time—was a particularly chilling topic at the summit. While cybersecurity experts are working on defensive AI tools to counteract these threats, the asymmetry between offense and defense in cyber warfare remains a pressing concern.

A Call for a Cyber Risk-Based Approach

As AI-driven threats become more sophisticated, the need for a robust cybersecurity framework is greater than ever. The summit underscored the necessity of shifting from a reactive to a proactive cybersecurity posture—one that integrates AI into security operations from the ground up.

One of the most discussed proposals was the adoption of a cyber risk-based approach, which prioritizes security efforts based on the likelihood and impact of AI-driven threats. Instead of relying on static defense measures, organizations must develop dynamic threat models that adapt to the evolving capabilities of AI-powered attacks. This means continuous monitoring of AI systems, real-time threat intelligence sharing, and the use of AI to detect vulnerabilities before attackers can exploit them.

The summit also emphasized the importance of securing AI supply chains. Many AI systems rely on third-party data, software, and cloud computing services, all of which introduce potential vulnerabilities. A compromised AI model—one trained on manipulated or poisoned data—could be used to spread misinformation or disrupt critical decision-making processes. To mitigate this risk, experts recommended implementing rigorous auditing protocols and ensuring transparency in AI development and deployment.

Furthermore, regulatory discussions at the summit highlighted the need for international cooperation in setting AI security standards. While nations have varying approaches to AI governance, there was broad agreement that cybersecurity frameworks should be harmonized across borders to prevent regulatory loopholes that adversaries could exploit. The call for an international AI cybersecurity coalition gained traction, with several governments expressing interest in coordinated threat intelligence sharing and joint security initiatives.

For OSINT practitioners, this new cybersecurity paradigm means greater reliance on AI-driven intelligence tools. Automated OSINT analysis, enhanced by machine learning, can help identify patterns in cyber threats before they escalate. However, this also means OSINT analysts must develop new skills to work effectively with AI—understanding its limitations, biases, and potential for exploitation.