Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
Time for government, business leaders to figure out AI cybersecurity regulation — Harvard Gazette
Publish Date: 2026-04-17 03:00:00
Source Domain: news.harvard.edu
As new agentic AI models continue to come online, cybersecurity experts laud their ability to sift through vast quantities of data quickly and autonomously — making them great tools to help fight cybercrime.
But, they warn, those attributes could also be put to work by bad actors to hack systems and risk our personal data, our economy, and our national security.
A group of cybersecurity experts were recently brought together for a Berkman Klein Center for Internet and Society discussion, during which all agreed that it’s high time for business and government leaders to regulate the tech — before it’s too late.
Cybercrime, recent data from IBM shows, is rising rapidly. According to a 2026 study, the company found that cyberattacks aimed at public-facing software and systems applications — many of which utilized AI — had a year-over-year increase of 44 percent.
High-profile attacks include the November data breach of Anthropic — the AI company behind the Claude Code assistant. Attackers were able to use their own AI models to scan for weak spots in its source code and publish its inner workings.
“The unfortunate thing is that the bad people only have to win once in some sense, whereas the defenders have to win all the time,” said James Mickens, Gordon McKay Professor of Computer Science. “To me, at least, that’s a concerning aspect of what it means to think about agentic cyber security, attacks and defenses.”
Moreover, cybercriminals have made alarming progress in phishing attacks over recent months, using AI to fine-tune targets and craft messages.
“A year ago, we still had email messages in our inbox that had misspellings that were not colloquial English, that were easy to identify if you were vigilant. Now, all those signals are gone.”
Robert Knake
“A year ago, we still had email messages in our inbox that had misspellings that were not colloquial English, that were easy to identify if you were vigilant….
