AI-driven cyber threats rise amid global skills shortage

Kenya is experiencing rising cyber threats, with artificial intelligence increasingly identified as a major driver of change in the cybersecurity landscape. Experts are now warning that AI technologies are creating new vulnerabilities, underscoring the urgent need to strengthen digital systems against evolving cyber risks.

Speaking during the 2026 Cybersecurity Bootcamp award ceremony in Nairobi, the Communications Authority of Kenya said the country recorded more than 3.3 billion cyber threat events between January and March this year, with attacks targeting government agencies, banks, universities and internet service providers.

According to the authority’s National Kenya Computer Incident Response Team Coordination Centre (KE-CIRT/CC), system attacks accounted for the largest share of threats detected during the quarter, including malware attempts, brute-force attacks and attacks targeting web applications.

The authority also issued over 20 million cyber threat advisories during the quarter, representing a 5 per cent decrease from the previous reporting period.

The growing threat environment comes at a time when demand for cybersecurity professionals is rising globally, with Africa carrying a significant share of the workforce shortfall.

The world is facing a deficit of 4.8 million cybersecurity professionals, according to the International Information System Security Certification Consortium (ISC2), an organisation that provides professional training and certifications for cybersecurity experts. At the same time, the World Economic Forum says the cybersecurity workforce must expand by about 87 per cent to meet current demand.

Commenting on the shortage, Communications Authority Director General David Mugonyi said Kenya must invest in nurturing young professionals capable of protecting the country’s growing digital infrastructure as AI-facilitated attacks become more common.

“Locally, we are already seeing AI-assisted social engineering, highly personalised phishing, and automated tools that accelerate reconnaissance and exploitation. These developments lower the bar for attackers and speed up their operations,” he said.

“We cannot import our way out of this. Kenya must grow its own talent,” Mugonyi said in remarks delivered on his behalf during the event.

He warned that AI tools were lowering the barrier for cybercriminals by making attacks easier and faster to execute, increasing pressure on institutions to strengthen digital defences.

“AI can support threat hunting, anomaly detection and rapid triage – but it introduces fresh risks,” he said. “We need professionals who understand both offensive and defensive applications of AI, who can scrutinise model behaviour, and who can design safeguards.”

Mugonyi also challenged universities to align their academic programmes with emerging cybersecurity trends by incorporating more practical training, including hackathons, simulations and capture-the-flag competitions.

“Future training must prepare people for tomorrow’s battles, not only today’s,” he said. “Curricula should adapt faster and be co-designed with industry and regulators who see live threats every day.”

His remarks came during the conclusion of the annual Cybersecurity Bootcamp, a programme organised by the Communications Authority in partnership with Huawei. Mugonyi said the initiative was not merely a training programme, but a strategic effort aimed at strengthening Kenya’s national resilience.

The programme attracted more than 3,000 applicants, with 654 students qualifying for online training and more than 200 progressing to instructor-led practical sessions. Only 20 finalists advanced to the final stage, where they were recognised as top performers in a highly competitive process.

Participants drawn from leading universities and colleges across the country received training in network security, encryption, firewall management, public key infrastructure and threat detection.

Kaine Zhang, Country Cybersecurity and Privacy Officer at Huawei Kenya, reaffirmed the company’s commitment to supporting cybersecurity skills development through collaboration with government institutions, universities and the private sector.

Kenya has increasingly positioned cybersecurity as part of its broader digital transformation agenda as the country expands online public services, mobile money platforms and cloud-based systems.

Mugonyi said investments in cybersecurity skills would be critical in protecting public trust in digital systems as attacks become more sophisticated.

“Cybersecurity is ultimately about protecting people, their money, their data and their trust in digital systems,” he said. “The investments we make today in building this talent are the defences Kenya will depend on tomorrow.”