At AI Everything Kenya x GITEX Kenya, taking place from 19–21 May, global cybersecurity firm Kaspersky highlighted the evolving threat landscape in Kenya and the wider East Africa region. The company warned that the rapid growth and adoption of artificial intelligence are driving innovation while also introducing new cyber risks for businesses and individual users.
Kaspersky noted that these risks range from AI-powered social engineering attacks and deepfake fraud to “Shadow AI” within organizations. The company urged organizations to implement clear policies, strengthen cybersecurity controls, and invest in employee training to ensure AI technologies are used safely and responsibly.
“As organizations in Kenya and the wider region accelerate digital transformation, cybersecurity is becoming a board-level priority. We are seeing growing awareness that innovation and security must develop hand in hand. Industry events such as GITEX play an important role in this process by helping businesses better understand both the impressive opportunities AI and digital technologies create, and the precautions needed to manage the evolving cyber risks that come with them,” said Chris Norton, General Manager for Sub-Saharan Africa at Kaspersky.
Cybersecurity threats across Kenya and the wider region continue to evolve alongside emerging technologies such as artificial intelligence. According to data from Kaspersky, password-stealing attacks in 2025 increased by 83 % year-on-year in Kenya and by 56 % across Sub-Saharan Africa. Spyware attacks also rose sharply, recording an 83 % increase in Kenya and 53 % regionally, while backdoor attacks grew by 25 % in Kenya and 8 % across Sub-Saharan Africa. Although exploit-based attacks recorded a slight decline, they remain a significant concern due to their ability to enable mass compromise and unauthorized system access. Ransomware also continues to pose a major risk, with 7.62 % of organizations across Africa experiencing ransomware detections in 2025.
However, Advanced Persistent Threats (APTs) remain among the most severe risks facing enterprises. The Kaspersky Security Services Global Report shows that APT groups were detected and blocked in 21 % of customers in 2025 and accounted for 23 % of all high-severity incidents. These groups are increasingly leveraging AI-enhanced techniques alongside social engineering and targeted intrusion methods to increase the effectiveness of their operations.
Cybersecurity experts at Kaspersky warn that AI is increasingly being exploited across multiple stages of cyberattacks, from reconnaissance and communication to the development of malicious tools, vulnerability scanning, and deployment. Attackers are also concealing the use of AI to make detection and attribution more difficult, while distributing malware disguised as legitimate AI tools to steal sensitive data.
Additionally, one of the growing concerns is the rise of deepfakes and AI-generated fraudulent content, which is making it increasingly difficult to distinguish authentic material from manipulated information. Researchers also caution that AI models may be exposed to “unintended memorization,” where sensitive data is inadvertently retained and later extracted by attackers. Other risks include tampering with training datasets, inserting malicious code into AI systems, and exploiting vulnerabilities in AI-powered platforms.
The emergence of autonomous AI agents introduces additional risks, as these systems can independently perform tasks on behalf of users. Kaspersky noted that such systems may be manipulated through adversarial inputs or misconfigured autonomy settings, potentially resulting in harmful real-world actions.
The company also highlighted the growing challenge of “Shadow AI,” where employees use public AI tools without IT oversight, leading to uncontrolled data exposure. A recent Kaspersky study titled Cybersecurity in the workplace: Employee knowledge and behaviour found that 87.8 % of professionals in Kenya use AI tools for work-related tasks such as writing, data analysis, and content creation, yet only 35 % have received AI-related cybersecurity training.
Kaspersky is urging organizations to take proactive steps to manage risks associated with artificial intelligence, including conducting regular AI risk assessments and implementing clear governance frameworks. The company is recommending defining approved AI tools, setting clear guidelines on data usage, and ensuring employees receive ongoing training on secure AI use, including how to identify fake AI services, malicious links, and prompt injection attacks.
Kaspersky also advises organizations to adopt a holistic cybersecurity approach that combines advanced security technologies, threat intelligence, strong internal processes, and continuous staff education. Solutions such as AI-powered Kaspersky SIEM and the Kaspersky Next product line provide real-time threat detection, visibility, investigation, and response capabilities.
For individual users, the company is recommending exercising caution when using AI tools, reviewing privacy settings, verifying the legitimacy of applications and double-checking outputs generated by AI systems before making decisions. It also encourages families to maintain open conversations with children about responsible AI use and online safety.
Go to TECHTRENDSKE.co.ke for more tech and business news from the African continent and across the world.
Follow us on WhatsApp, Telegram, Twitter, and Facebook, or subscribe to our weekly newsletter to ensure you don’t miss out on any future updates. Send tips to editorial@techtrendsmedia.co.ke
