Security in the Age of AI: How Much Privacy Are We Willing to Trade for Convenience?

Ransomware attacks, data breaches affecting global pharmaceutical and medical companies, vulnerabilities in AI-powered chatbots – these are just some of the headlines from recent months, clearly showing that the AI-driven cybersecurity landscape has moved beyond theory and into everyday reality.

DSC 2766
Antanas Čenys

Today, artificial intelligence is no longer just a tool for protection – it is increasingly becoming a powerful weapon in the hands of attackers, while so-called “shadow agents” are already capable of carrying out cyberattacks with minimal or no human involvement.

At the same time, a growing number of incidents reveal another side of the problem: the rapid deployment of AI solutions without proper security assessment can expose millions of users’ data, while regulators around the world are struggling to keep up, tightening rules at an accelerating pace.

 

How is the security landscape changing when code is increasingly fighting code – and how humans are forced to redefine their role in this rapidly evolving environment? We explore these questions with Dr Antanas Čenys, cybersecurity expert, professor at VILNIUS TECH, and member of the SustAInLivWork Centre of Excellence.

 

Let’s start with the basics: how should we define security today?

 

“I think the first – and one of the hardest – questions we need to ask is slightly different: what exactly are we trying to protect? We often use terms like ‘information security’ or ‘privacy’, but in reality they don’t say much, because in different situations we protect different things, and we do it with varying levels of effort.

It’s easy to say ‘information security’, but that can mean completely different things. In some cases, we want to protect our bank account; in others, our personal life. And between those extremes lies a vast grey area.

Today, protected information is no longer structured like layers of an onion – it’s more like a collection of separate bubbles, each with its own level of protection.

If you ask anyone whether privacy matters to them, the answer will always be yes. But if you ask a different question – what price are you willing to pay for it – the answers become much more diverse. And we’re not just talking about money; we’re talking about convenience.

Take paying with a bank card. In essence, it’s a voluntary and complete access granted to an institution into your financial life. We share data about what we buy, yet we still do it – because it’s convenient. And that clearly shows that privacy often loses to convenience.”

 

How is artificial intelligence changing this landscape?

 

„I sometimes say there is a world before ChatGPT and after ChatGPT. Before that, AI was interesting to a narrow group of specialists; now it concerns everyone. But the most important change is speed. In the past, technology would emerge first, and only later would we start thinking about security. Now everything happens at the same time.

In today’s AI ecosystem, two major risk directions are becoming increasingly visible.

The first is our own behaviour. We are more and more willing to share information with AI systems – uploading documents, generating content, analysing data – often without thinking about where that information ends up or how it might be used. Even if providers emphasise security, the user often loses control the moment data is submitted.

 

The second direction is more complex: so-called agent-based technologies. Here, AI doesn’t just analyse information — it starts acting on our behalf: booking tickets, making payments, taking decisions that used to be exclusively human.

In such cases, AI gains access not only to data but also to actions, fundamentally changing the nature of risk.

These two trends combine into a dangerous mix: we share sensitive information, grant access, and at the same time can no longer clearly distinguish where data ends and actions begin. This creates entirely new types of risks that simply did not exist before.”

 

Does this mean the rules of the game are changing?

 

“Yes – quite significantly. AI is changing not only what we do, but also how attacks and defence work. One of the most important shifts is the expansion of the so-called attack surface, meaning there are simply more entry points to exploit. But even more important is speed. AI allows massive amounts of data to be analysed in real time, which makes both attacks and defensive responses much more dynamic. Attacks can adapt, evolve, and respond to countermeasures almost instantly, while the time window to detect and stop them keeps shrinking.

In this context, security becomes a continuous, fast-moving process where technology is used on both sides. It creates something like an arms race, where attackers and defenders are constantly trying to gain an advantage.”

 

What does this mean for organisations actively adopting AI?

 

“Despite increasing automation, one thing remains unchanged: responsibility ultimately stays with the human. AI can generate decisions, but it is not infallible. The ability to critically evaluate its outputs becomes one of the most important skills.

This also means that the role of IT professionals is changing. They are becoming less creators and more evaluators – people who understand how systems work and can judge whether the results are reliable.

 

For organisations, the first step should be having at least a basic AI usage policy that defines boundaries. (Will people actually read those documents? That’s another question. But it’s important that they at least know what is allowed, what isn’t, and what risks exist.)

And even more importantly – such policies cannot be static. They must be continuously updated, because changes in this field are happening very fast.”

 

What are the simplest IT safety hygiene rules everyone should remember?

 

“The first rule is simple: anything you enter into a public AI system is no longer under your control. You don’t know where or how that information might be used.

The second rule: AI-generated answers are not guaranteed to be correct – they need to be verified.

Of course, if it’s something trivial, maybe that’s not critical. But if decisions have real consequences, verification becomes essential.”

 

You work with students – how do you prepare them for such a fast-changing world?

 

“I sometimes joke that I’m like a priest trying to convince them that cybersecurity is interesting. Because if this field were static, I wouldn’t be teaching it. But it’s constantly evolving – new threats, new defence methods – it’s a very dynamic system.

And I encourage them to start using AI now, because it will be part of their everyday life. My dream scenario is education where every student has a personal AI tutor or discussion partner. That’s why I tell them: discuss with AI. You have enormous possibilities – use them.”

 

Finally – what will the cybersecurity world look like in a few years? And where do projects like SustAInLivWork fit in?

 

“Speaking of the future: I don’t know. And that’s not an attempt to avoid the question – it’s just that things are changing so fast that making predictions is extremely difficult. You can listen to forecasts as an intellectual exercise – but not much more.

As for projects like SustAInLivWork, they are important because they don’t just focus on building technologies – they help us understand how to use them. Technology itself is neither good nor bad, it all depends on how we apply it.”

 

 

Palikti atsiliepimą

El. pašto adresas nebus skelbiamas.