TechRadar Pro recently attended InfoSecurity Europe 2025, and we asked some of the experts at the event one crucial question; Who has the upper hand, cybersecurity teams, or hackers?’
By nature, security teams are on the defensive, so it’s probably not surprising some security experts think they’re playing catch up.
Criminals have the lead, but security teams are pretty confident in their new tools and strategies - so what do the experts say?
An uphill battle?
New proactive tools for security teams could be turning the tide, but very few are convinced that this will be enough.
Guido Grillenmeier, Principal Technologist EMEA at Semperis said it most concisely; “They have always had it, and they will continue to have it; the bad guys.”
However, it seems most experts agree they’re on the back foot. “We're always going to be playing catch-up,” explains Richard McKinley and I'm from Sonatype.
“Because they're going to be inventing new ways and there's always an element of responsiveness. We're obviously trying to get out ahead of the trends but we kind of have to respond to the trends. Honestly, the industry rather than the cyber security professionals [themselves] are behind.”
But, that might be a good thing, argues Adam Matthews, Senior Solution Engineer from Okta, who notes the 'underdog' mindset works in security team’s favor; “I think criminals always have the upper hand. If you think that way, then you're in a good spot. If think you're good, you're in trouble” he says.
Ian Higgison from ZeroFox points out new tools in the hands of cybercriminals are only making this worse; “I would say criminals [have the advantage] right now because AI is empowering people that are not as tech-minded to have an easy entrance into being a threat-actor.”
His colleague Fiona Lau adds criminals are “always one step ahead,” which means “security companies have to pivot” to make sure they’re on top of threats.
A turning tide
But criminals aren’t the only ones with new shiny tech - the advent of AI tools is being used on both sides of the security spectrum - and Hadrian’s Head of Demand Generation Ayanda Chiwuta thinks this could be what puts security teams back ahead.
“I think cybersecurity is always kind of been a race to keep up, and the criminals I think sometimes are one step ahead to an extent," he says.
"But I think with the use of AI models, we can start predicting a little more readily what might be the next attack vector that is exploited. And so I think it's a very logical time for us to be implementing many of the same methodologies that they [hackers] likely will be.”
“Overall, the defenders are doing a good job,” agrees DarkTrace’s Director of Product, Dr Oakley Cox, who argues growing government and public sector understanding, as well as new and stronger regulations, are contributing to a shift in security teams’ favour.
“They’ve got regulations, the governments are getting to grips with it, companies are improving. The problem is that attackers only need to get it right once, so there's always going to be a going to be an element of ‘we can always do better’, but I think overall we're in a good place.”
Moral restrictions
Brett Taylor, Solutions Engineering Director for the UK and Ireland for Sentinel One offers a slightly different perspective, explaining security teams are bound by different and much more strict moral obligations.
“Their only motivation is money, the mission, and getting either the intellectual property or disruption," he says. "They don't care, whereas we have more of an altruistic view and use of the technology. So we're always going to be on the back foot, but I think we're well positioned.”
Taylor adds in terms of resources and the ability to affect policy, defenders have the upper hand, because large infrastructure is needed to run and train AI - and governments have an element of control on the national level.
However once the model is built and published, defenders can’t control who makes use of them and the morality of that usage;
“Automation and the use of cloud assets to accelerate those things I was talking about earlier [brute force attacks]. Well, we have morality and a good line to tread, whereas I don't think the attackers care.”
So overall, we found most security experts definitely seem positive about the future - and we saw plenty of new tools and services at Infosec 2025 specifically designed to give security teams the edge over their adversaries, so it doesn't seem like they'll be too far behind for too long.
You might also like
- Take a look at our picks for the best AI tools around
- Exclusive: Dell CEO says AI can make us “more effective as a species” - but won't replace human workers
- Check out our choices for best malware removal tool
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.