Cybersecurity in the age of generative AI: A systematic taxonomy of AI-powered vulnerability assessment and risk management

Abstract

The article discusses the transformative impact of Generative AI (GenAI) to the field of vulnerability assessment (VA) and risk management (RM) right from the beginning of their life cycle to the end in cybersecurity (CS). Through a systematic review of over 100 publications (2021-2025), we develop a comprehensive taxonomy classifying GenAI's dual offensive and defensive applications in VA/RM. The survey spells out the dominant techniques of GenAI and also points towards challenging aspects, which include security, explainability, and trustworthiness. The resultant findings reinforce the belief that GenAI could help resolve many traditional VA/RM challenges, thus providing fertile ground for research and practice in this area.