AI-Powered Threats Require a Savvy Cybersecurity PR Agency

Ever since Robert Morris created the first computer worm program in 1988, companies have waged an ongoing battle against cyberattacks. Much as war itself has evolved from sticks and rocks to high-powered weaponry, today’s cybercriminals are leveraging AI in sinister and ever-evolving ways that humans are struggling to keep pace with.

AI-driven cyberattacks are being written and automated to look for vulnerabilities faster than teams can keep up. These technologies are lowering the barrier to entry for cyber criminals. Unique variants and attack vectors are increasing almost daily and security vendors are struggling not only on the defensive front, but are struggling to talk about the threats these technologies and bad actors pose.

While security teams and CISOs are rightly focused on the day-to-day security of their B2B tech companies, it is vital that they have an eye down the road for future threats. It isn’t enough to combat these threats head-on, brands need to be leading the conversation of how they are navigating this changing landscape.

A cybersecurity PR agency like Escalate PR can help cybersecurity companies sharpen their PR communications strategy by translating complex threats into clear, actionable narratives. From offering forward-looking perspectives on the evolving threat landscape to crafting compelling stories that build trust, a PR firm ensures your expertise resonates with both media outlets and buyers. The result is stronger brand authority, greater market visibility, and messaging that not only helps win new business but also reinforces your role in protecting clients.

What is AI-Generated Malware – and Why It’s a Cybersecurity PR Issue

While security vendors are using AI to enhance their own defenses, attackers are using it in far more nefarious ways. But what is AI-generated malware, and why is it more dangerous than “traditional” malware?

AI-generated malware is malicious software that has been created or enhanced by the use of AI which allows for rapid deployment, attack automation, evasion detection, and much more. By using AI tools such as large language models (LLMs), attackers can generate malware code in minutes with multiple variants, much faster than a human could ever write, test, and refine.

Notably, the entire attack lifecycle is being shortened by AI automation. In a 2025 simulation by cybersecurity firm Unit 42, researchers used AI to perform a full-chain ransomware attack—from initial compromise to data exfiltration—in just 25 minutes. By comparison, in 2021, the average time to exfiltrate data after a breach was nine days.

Below are a few ways cybercriminals are using AI to create more effective and evasive malicious software:

• AI-generated polymorphic malware: This sophisticated malware uses AI to continuously rewrite or regenerate its own code, changing its digital signature with each execution. This makes it extremely difficult for traditional antivirus software, which relies on signature-based detection, to identify and block it. An example is BlackMamba, a proof-of-concept AI keylogger that uses OpenAI’s API to dynamically generate code at runtime.
• Malicious LLMs: Criminal versions of large language models (LLMs) have emerged on the dark web, bypassing the safety restrictions of legitimate AI. Examples like WormGPT and FraudGPT are specifically designed to generate malicious code, craft convincing phishing emails, and automate other parts of the attack process.
• AI worms: This type of malware uses AI to self-replicate and spread by manipulating AI models. For example, the Morris II worm tricks generative AI systems into producing responses that contain malicious, self-replicating prompts. If a user interacts with the infected AI output, their machine can become infected.

This is a major cybersecurity PR issue that goes beyond what is objectively lost during a cyber breach. Most brands don’t know how to effectively talk about these attacks, and traditional messaging is falling well short of what is required to effectively convey the consequences of an attack. These threats demand faster, clearer, and more strategic PR responses.

Yes, part of the challenge lies in the technical complexity that AI has brought to bear. But how companies are preparing, or not preparing in this case, has resulted in a lot of self-inflicted wounds.

Many brands lack a formal and clear crisis communications strategy (if they even have one). A crisis communications strategy establishes the framework for how an organization prepares for, responds to, and recovers from unexpected events – better known as crises. It’s designed to align leadership, messaging, and action in real time, serving as a playbook that defines who speaks, what’s said, and how quickly a company responds when reputations are on the line.From here things cascade into poor stakeholder communication, delayed recovery efforts, and lost customer trust. When statements are made, they can be either too vague or overly technical, with the true story not being effectively understood.

Transparency, timeliness, and accountability helps contain negative fallout and increase the speed of recovery.

The speed and sophistication of these attacks often leaves companies defending with their backs against the wall. With no sign of AI-driven cyberattacks slowing down, all companies, regardless of industry, are facing a formidable and ever-evolving threat. This is where the value of having pre-planned crisis communication strategies comes into play.

The New Role of PR in Cybersecurity

With the speed that AI adoption is evolving, it is understandable that many people don’t fully understand what these technologies are capable of. In fact, no one truly knows what the upper limit is. When companies are uncertain, they are indecisive. With the help of a trusted cybersecurity PR partner, that uncertainty goes away. At a time when a more authoritative stance is needed, messaging and communication needs to be dialed in.

Here are some ways businesses can confront these evolving adversaries with the help of a cybersecurity PR agency:

• Build offensive-minded product messaging: Many companies talk about “defending,” “recovering,” or “protecting” against cyberattacks. Shift the language from a more defensive perspective to one that emphasizes initiative, speed, and foresight. AI-enabled cyberattacks require a heftier security strategy, and that means building confidence in your customer-facing storytelling.
• Showcase industry thought leadership: Lead discussions on what attackers are thinking about. An adversary-focused narrative is thinking beyond the day-to-day, and shifts the story to, “Here’s how attackers operate, and here’s how we dismantle their strategy.” Talking about the present moment while being mindful of future threats shows customers you are shaping the digital battlefield and not just guarding it.
• Create a crisis communications plan: Even with the best strategy, not all attacks and breaches can be 100% stopped. AI is enabling attacks to happen at such a speed and frequency that if an unprepared company is scrambling to respond to a recent breach, they aren’t thinking about the next one that is likely already in progress. A crisis communication plan helps provide order in the chaos, helps safeguard brand reputation, and lays out a framework for how to proceed in the event of a breach.
• Level up your spokespeople with media training: Ensure there is clear communication between spokespeople and the security/product teams so that you aren’t just delivering run-of-the-mill PR statements. Your team must be able to meet the fast-moving narratives of the industry. This is also a chance to provide value and unique insights to journalists and media outlets with your statements. Especially in an industry that is saturated with technical jargon and buzzwords, being clear, concise, and straightforward in your messaging is vital.

The goal of a communications team is to help restore trust as quickly as possible. Beyond helping with messaging and media placement, PR firms can bring full lifecycle support from proactive education, to post-breach cleanup, to reputation armor.

How Escalate PR Helps Cybersecurity Firms Stay Ahead

There’s no denying that AI is here to stay. As this technology proliferates (for good and not so good reasons alike), companies need to ensure their teams are aligned on messaging, have internal buy-in on security policies, and instill confidence in their customers. Escalate PR’s team brings real-world experience in the cybersecurity industry to your table.

With a specialty for creating engaging stories around technically complex topics, Escalate PR is the go-to cybersecurity PR agency to help teams refine their brand and product messaging, leverage a deep network of media professionals, build out crisis communications strategies, and create authentic thought leadership moments.

Here are some ways our team has brought a unique PR approach to previous clients:

• Valimail, the leader in email authentication, quickly responded to Google and Yahoo’s new bulk email requirements with a blog post explaining the changes and why they mattered. Partnering with Escalate PR, the message was amplified in industry publications, reaching an estimated 75 million unique viewers and driving significant brand visibility. The article featured Valimail CTO Seth Blank alongside Google leaders, reinforcing the urgency of strong domain authentication to combat malicious activity. The effort positioned Valimail as a go-to authority on email security while showcasing the impact of proactive, timely communication in shaping industry conversations.
• Resemble AI gained major visibility with its Q1 2025 Deepfake Incident Report, which revealed that deepfake-enabled fraud caused over $200 million in losses in just the first quarter of the year. Escalate PR helped secure coverage in Variety, with syndication to AOL.com which extended the report’s reach to more than 60 million impressions across consumer and tech audiences. The Variety article spotlighted the rising sophistication of deepfake attacks, including the alarming ease of voice cloning with just a few seconds of audio, and highlighted Resemble AI’s call for technical, legislative, and global responses. This early media win positioned Resemble AI as a leading voice in the fight against synthetic media threats and set the stage for ongoing thought leadership in AI security.

Let’s go back to the messaging portion of Escalate PR’s capabilities. When it comes to restoring trust after a breach, too many companies provide blanket statements that don’t actually say all that much. An effective and wide-ranging PR campaign can do far more to restore public and customer trust than just a security update.

Here is a sample framework our cybersecurity PR team would implement with a client:

1. Immediate response and transparency: Acknowledging the incident that occurred, with clear and concise communication. Share what is known and what is being done to rectify the situation.
2. Quick and decisive action: Communicate the measures that have been and will be implemented to contain the breach and any data leaked. Ensure customer support teams are well-staffed to handle high-priority issues that customers are facing. Provide other resources for affected customers as necessary.
3. Control the narrative: Get ahead of the story before others can jump to conclusions. Provide your executives and spokespeople as credible thought leaders who are leading the recovery process from the front. Leverage quotes and storytelling to reframe the moment as an opportunity for continuous improvement.
4. Long-term reputation rebuilding: Launch ongoing earned media campaigns securing media placements that spotlight new security protocols. Share regular updates to reinforce transparency, and position the brand as a proactive advocate for stronger cybersecurity practices.

Escalate PR’s ability to marry the technical with concise communication and engaging storytelling is what allows our customers to stand out in crowded industries.

Looking to the digital horizon

As cyber criminals and security teams fight (AI-generated) fire with (AI-generated) fire, it is clear that we are in the midst of uncertain times.

As attacks have become sophisticated, and amidst all the alarmism and daily bad news, “Security is more top of mind with the everyday employee,” says Escalate co-founder Jason Ouellette. While there are still improvements to be made, employees are more aware that their actions play a role in company security.

While going forward and confronting these threats head-on is daunting, that is exactly why our team of cybersecurity experts is here; to provide strategic guidance, support, and execution to help you succeed where it matters most.

Communicating AI-generated risks requires just as much evolution as detecting them. Come modernize your messaging with Escalate PR.