The GLOBSEC initiative on the future of cyberspace cooperation has released a new research paper examining the potential use of NATO's artificial intelligence in cybersecurity.
Created as part of Globsec's broader series on emerging technologies, this study considers the changing cyber threat landscape, the evolving role of AI for attackers and advocates, and NATO's strategic response to these developments.
According to a GlobSec paper, NATO is facing an increasingly complex environment. Since the onset of the conflict in Ukraine, Russian-related officials have been running cyber campaigns that combine destructive operations with espionage. These include distributed denial of service attacks, wiper malware, and information theft. The investigation points to criminal groups and hattivist organisations also expanding their activities, citing incidents such as the 2022 decentralized services attack on the European Parliament website. Another case highlighted by GlobSec was the 2022 attack on Albania, attributed to Iranian national actors, indicating the potential for long-term penetration and widespread disruption.
This study highlights that AI is affecting both sides of this landscape. On the offensive side, malicious uses include phishing, disinformation, synthetic media, and generation tools for automated exploitation. On the defense, AI applications include faster analysis of large amounts of data, anomaly detection, and automation of repetitive tasks. According to GlobSec, these features will help NATO and its members address a sustained shortage of skilled cybersecurity professionals.
GlobSec Research also reviewed NATO's AI strategy, first adopted in 2021 and updated in 2024. This strategy focuses on responsible development, accelerated adoption, protecting AI systems, and malicious use by national and non-state actors. It also highlights interoperability among related systems and outlines principles that guide principles such as legality, accountability, reliability, and bias mitigation.
However, this study identifies several persistent challenges. NATO must balance secure data sharing and massive analytical capabilities in real time, while preventing the decline in model accuracy caused by data drift. Differences between member states in rules and practices complicate cooperation. Interoperability remains difficult when allies use siloed systems, but resource disparities mean that some states may struggle to adopt AI-based tools. This paper also flags the English focus of many models as a limitation of English speaking members.
From an opportunity perspective, this study highlights anomaly detection across networks and supply chains, close engagement with private industry, and multi-domain approaches to broader collaboration between governments, research institutions and businesses. Globsec notes that clearer communication with political leaders about the operational benefits, risks and ethical considerations of AI is also essential for informed decision-making.
This paper concludes with recommendations for a careful approach. It states that deployments should be based on a careful assessment of maturity and reliability. Establishing baseline standards, improving interoperability, and enhancing collaboration with industry and research institutions are presented as key steps for NATO to integrate into the cybersecurity framework.
