Kaspersky Detects 500,000 New Cyber Threats Daily Using AI and ML

With a half-million daily threat detections, Kaspersky Labs is doubling down on AI-driven cybersecurity — both in scope and sophistication.

The Scale and Stakes of Cyber Threat Detection

At the 2025 St. Petersburg International Economic Forum, Mikhail Gerber, Director of Consumer Business at Kaspersky Lab, revealed a startling metric: the company detects approximately 500,000 new cyber threats every day using machine learning (ML) and artificial intelligence (AI). This figure reflects not only the escalating complexity of digital threats but also the efficiency of AI-enhanced detection systems in mitigating them.

For end-users, this translates into stronger defenses against malware and faster alerts for ongoing attacks. For Russia, it reinforces the country’s leadership in cybersecurity software development and its broader digital transformation agenda. The success of Kaspersky’s ML/AI platforms also opens the door for global exports of advanced cyber defense technologies, supported by international partnerships such as Smart Africa and competitive SIEM configurations.

From Local Resilience to Global Ambition

Kaspersky’s AI-based systems are poised to become a major force in the global cybersecurity market. As the company accelerates deployment of these technologies, it reduces reliance on Western-made solutions — a strategic move amid mounting sanctions. Future plans include deeper integration of AI modules like KUMA SIEM and KIRA into infrastructure at government institutions, banks, and enterprises.

These tools are designed not just for detection, but also to reduce the manual burden on security teams. The goal is to automate routine processes and empower cybersecurity units to respond faster and more effectively.

A few years ago, most companies adopted security protocols primarily to meet compliance. But in the last three years, the surge in cyberattacks has forced organizations to adopt comprehensive systems that address both broad and highly targeted threats. Today, digital asset security is a top priority. While strategic planning is complicated by geopolitical instability, the complexity of attacks, and a cybersecurity talent shortage, we’re seeing a clear shift. From large enterprises to small businesses, more organizations are opting for integrated, systemic solutions. This leads not only to stronger resilience — it also improves profitability

Anna Kulashova

Vice President for Business Development in Russia & CIS at Kaspersky Lab

Machine learning, in particular, has become central to the field. As the number and complexity of cyberattacks grow, ML provides scalable, adaptive responses that go beyond traditional rule-based approaches.

A Retrospective on AI-Enhanced Security

In late 2024, Kaspersky integrated neural network capabilities into its Unified Monitoring and Analysis Platform (KUMA) via Sber’s GigaChat model. The enhancement, called KIRA — Kaspersky Investigation and Response Assistant — was designed to assist analysts by automating event analysis and minimizing human error.

KIRA uses machine learning to prioritize alerts based on asset-specific behaviors, covering everything from workstations to virtual machines. This collaboration between Sber and Kaspersky also includes exploration of generative AI (GenAI) models capable of threat prediction — stopping attacks before they begin.

From 2020 to 2023, Kaspersky expanded AI detection capabilities from zero-day exploits to advanced persistent threats. In June 2023, OpenAI’s rollout of function calling in GPT-3.5 and GPT-4 offered a glimpse at how even general-purpose LLMs could be operationalized in threat detection workflows.

Hardening Defenses Under Pressure

As sanctions intensify and cooperation with Western vendors wanes, Russia is prioritizing the localization of cybersecurity solutions. Yet significant challenges remain: there is still no fully automated system capable of detecting deepfakes in real time. Kaspersky continues to advise mobile users to avoid suspicious conversations, restrict social media profile access, and take proactive steps against impersonation-based scams.

The company’s massive daily threat monitoring effort is not just a technical feat — it underscores a broader strategy: maximize automation and scale AI integration in defense operations. In a threat landscape that evolves by the hour, this level of machine-assisted vigilance may prove to be a key competitive advantage.