International Research Journal of Engineering and Technology (IRJET)
e-ISSN: 2395-0056
Volume: 13 Issue: 02 | Feb 2026
p-ISSN: 2395-0072
www.irjet.net
Ransom ware and Advanced Persistent Threats (APTs): Evolution, Attack Methodologies, and Cyber security Response Strategies 1
2
3
4
Aksharbhai Miyani , Nikhil Ghelani , Pratik Solanki , Prof. Reena Desai 1,2,3
Student, Dept. of Computer Application, Gyanmanjari Innovative University (GMIU), Bhavnagar, Gujarat, India 4 (Guide) Assistant Professor, Dept. of Computer Application, GMIU, Bhavnagar, Gujarat, India -------------------------------------------------------------------------***--------------------------------------------------------------------
Abstract – The accelerating convergence of artificial intelligence (AI) and cyber security has fundamentally altered the
threat landscape, creating both unprecedented defensive capabilities and novel attack vectors that challenge decades of established security assumptions. This review synthesizes research across machine learning–driven in- trusion detection, AIpowered offensive tooling, adversarial machine learning, and automated threat intelligence to map the current state of knowledge at this critical intersection. Drawing on over seventy peer-reviewed studies, framework documentation from MITRE ATT&CK and ATLAS, and threat-intelligence reports from ENISA, NIST, Crowd Strike, and Mandiant, we trace how deep learning supplanted signature-based detection, how generative models now craft polymorphic malware and hyperpersonalized phishing at scale, and how reinforcement-learning agents autonomously probe network perimeters. We identify a persistent asymmetry: offensive applications of AI mature faster than their defensive counterparts, partly because adversaries face no regulatory or ethical constraints on model deployment. The review further examines adversarial machine learning—model poisoning, evasion, and extraction—as a meta-threat that undermines the very AI systems designed to protect digital infrastructure. Through comparative analysis of defensive architectures including AI-augmented Security Orchestration, Automation, and Response (SOAR) pipelines, Extended Detection and Response (XDR) platforms, and behavioral analytics engines, we evaluate the practical readiness of each approach. Real-world case studies of deepfakeenabled fraud, LLM- generated exploit code, and autonomous vulnerability discovery ground the discussion in operational reality. We conclude by charting critical research gaps—explain ability in security models, cross-domain transfer of adversarial robustness, and the governance vacuum surrounding dual-use AI—and propose a structured agenda for future investigation. This review is intended to serve as a unified reference for researchers, practitioners, and policymak- ers navigating the rapidly shifting terrain where artificial intelligence meets cyber security. Keywords – Artificial Intelligence, Cyber security, Threat Intelligence, Adversarial Machine Learning, Automated Attacks, Intrusion Detection, Deep fakes, Large Language Models, Cyber Defense, AI Governance
I. I NTRODUCTION Few developments in the history of information secu- rity have compressed timelines as violently as the main- streaming of large-scale artificial intelligence. Between 2020 and 2024, the cyber security community witnessed a qualitative shift: threat actors moved from experimenting with machine learning models to operationalizing them at scale [1, 2]. The 2023 Verizon Data Breach Investigations Report noted that social-engineering attacks—the category most amenable to AIdriven personalization—accounted for a record share of initial access vectors [3]. Concur- rently, defenders began deploying neural-network–based intrusion detection, behavioral analytics, and automated incident-response pipelines, creating an arms race whose dynamics are still poorly understood [4]. This convergence is not accidental. The same capabil- ities that make modern AI powerful—pattern recognition over massive corpora, language generation indistinguish- able from human output, policy optimization in adversarial environments—map directly onto both attack and defense requirements. A spear-phishing engine and a phishingdetection classifier share the same underlying transformer architecture; the difference lies in the objective function and the ethical frame of the operator [5, 6]. Recognizing this symmetry is essential to any serious analysis of the field. 1.1 The Weaponization of AI The notion that AI could be weaponized was anticipated well before the current wave. Brundage et al. warned in 2018 that advances in AI would “expand the set of actors who are capable of carrying out [cyber] attacks, the rate at which these actors can carry them out, and the set of plau- sible targets” [7]. That forecast has been largely validated. Seymour and Tully demonstrated automated spear phishing on social media as early as 2016 [8]; by 2023, researchers showed that GPT-class models could generate contextually convincing phishing emails at a fraction of the cost of hu- man operators [5]. The implications extend well beyond phishing. Pa Pa et al. examined ChatGPT’s capacity to produce functional malware components, finding that while safety filters block direct requests, prompt-injection and in- direct methods frequently
© 2026, IRJET
|
Impact Factor value: 8.315
|
ISO 9001:2008 Certified Journal
|
Page 260