Cybersecurity in 'turbulent transition period' as AI changes game, KAIST professor says

Home > Business > Tech

Cybersecurity in 'turbulent transition period' as AI changes game, KAIST professor says

Published: 10 Dec. 2025, 18:10 Updated: 11 Dec. 2025, 18:28

Audio report: written by reporters, read by AI

Yun In-su, professor at KAIST, poses during an interview with the JoongAng Sunday at the university in Daejeon on Nov. 25. [JOONGANG ILBO]

The rising wave of hacking attacks in the era of advancing AI isn't a coincidence but evidence of a balance that has been broken — says "white hat hacker" turned KAIST professor, Yun In-su.

According to Yun, who teaches security and software systems and networking at KAIST, the recent waves of security breaches reflect the speed at which attackers adopt AI tools — opening up a new "turbulent transition period” as hackers use AI to strike more quickly and broadly than before.

"The real challenge lies in how organizations respond to repeated breaches that show no sign of slowing," Yun said, addressing the rising public concerns as hackers deploy AI to launch coordinated attacks on security systems.

“No matter how advanced technology becomes, the problem ultimately comes from people. We need to reassess the social attitude that ignores even the most basic security principles.”

Yun built his career as a white hat hacker and won the Capture the Flag (CTF) hacking competition at DEF CON, the world’s largest hacking competition, in 2015 and 2018. He earned a Ph.D. from the Georgia Institute of Technology and joined KAIST as a professor in 2021 at the age of 31.

He continues to work on the front lines of cybersecurity while teaching. In August this year, he led a team that won the AI Cyber Challenge (AIxCC), an event hosted by the U.S. Defense Advanced Research Projects Agency. He also serves as an adviser to the security subcommittee of the National Artificial Intelligence Strategy Committee.

The JoongAng Sunday sat down with Yun on Nov. 25 to discuss why AI now gives hackers an edge and what that means for Korea’s cybersecurity defenses.

Q. Recent cyberattacks have grown more severe. What accounts for the scale of these breaches?

A. Security breaches have always occurred, but the recent intrusions into major telecom, retail and financial companies, as well as government systems, carry a different level of shock. Public and private systems that people rely on every day hold vast amounts of personal data, and once that data leaks it can fuel new crimes. That is why anxiety inevitably grows. Cyberattacks no longer remain the problem of a single company or institution.

Even systems regarded as highly secure reported breaches. Why did those incidents strike such a nerve?

There is no shield that never breaks. No security system is an exception. Attacks eventually break through when repeated, and the issue ultimately becomes a matter of cost and efficiency. As AI becomes easier to use, hackers change their strategies.

How far has AI-based defense technology progressed?

A ChatGPT logo is seen in this illustration taken on Jan. 22. [REUTERS/YONHAP]

At AIxCC in August this year, teams submitted their systems and could not adjust anything afterward. That is because AI now detects vulnerabilities, defends and revises its own security responses on its own. Once that level of AI defense becomes commonplace, defense costs will fall and the advantages hackers currently enjoy will disappear. We must avoid the illusion that AI will solve everything. Hacking and defense both come down to people.

You mentioned the recent Coupang hacking incident. Why do you see it as significant?

A Coupang logo is seen in this illustration taken on Feb. 11. [REUTERS/YONHAP]

The case showed how difficult it is to prevent security breaches caused by one person’s abnormal behavior, indifference or small mistakes. Security incidents spread across both online and offline environments, so we need systems that respond not only to AI threats but also to human behavior.

Why is the recent Coupang data leak particularly serious?

Most hacks target known vulnerabilities to break into internal servers. The Upbit hack that occurred around the same time appears to be a technically advanced attack that exploited Upbit’s own vulnerabilities. But the Coupang case involved an insider, which is much harder to defend against. Once that trust breaks, defensive layers collapse. Designing security around distrust of insiders is not easy. It burdens companies with costs and hurts efficiency. But a company of Coupang’s size should have had safeguards in place, and those safeguards should have worked.

How are hackers using AI?

The OpenAI logo is seen on a mobile phone in front of a computer screen displaying output from ChatGPT on March 21, 2023. [AP/YONHAP]

AI now handles the tedious parts of hacking — writing code, gathering preliminary information and scanning systems for vulnerabilities. AI even modifies malware on its own. The key point is that hackers now face far less burden when they increase the number of hacking attempts.

Cybersecurity standards must shift. In cybersecurity, the proper level of defense is defined by whether the potential benefit of a successful hack outweighs the cost of attempting it. Since AI lowers that cost, we must raise the defensive threshold. AI-based scanning attempts reached 36,000 per hour worldwide last year, and Korea also saw sharp increases. Hacking attempts against central government ministries nearly doubled in one year to 160,208, according to the National Information Resources Service.

Can organizations use AI to strengthen defense?

Limitations remain. Companies hesitate to use commercial AI services such as ChatGPT or Claude because of concerns over internal data leaks. Security teams, therefore, hesitate to adopt new AI-based defense systems, even when the risks grow. The government needs to set standards before the situation worsens.

What is the most important step to prevent recurring security incidents?

We need to firstly recognize that basic security principles have collapsed. We continue to see organizations conceal breaches or discover weaknesses long after the fact. No matter what security system or AI tool we adopt, a society that disregards fundamental principles will inevitably face even larger breaches. Before it is too late, the public and private sectors must work together to build systems that ensure those principles are upheld.

This article was originally written in Korean and translated by a bilingual reporter with the help of generative AI tools. It was then edited by a native English-speaking editor. All AI-assisted translations are reviewed and refined by our newsroom.
BY HWANG KUN-KANG [[email protected]]