Kaspersky used AI Everything Kenya x GITEX Kenya event in Nairobi to deliver a timely message to business leaders. Kenyan firms now use AI tools across daily work, but many still lack the security controls and staff training that this shift demands. Kaspersky said that the gap now gives attackers more room to steal credentials, run deepfake scams, push fake AI tools, and move through company systems with less resistance.
AI Everything Kenya x GITEX Kenya debuted in Nairobi from 19 to 21 May 2026 as a major regional tech event. Kenya wants a bigger role in AI, cloud, data, and digital services. That push creates new business value. It also raises the cost of weak cyber hygiene. Kaspersky made that point clear at the event and tied it to fresh data from Kenya and the wider region.
Kaspersky’s warning
At the event, Kaspersky pointed to AI-powered social engineering, deepfake fraud, and what it calls Shadow AI. That term describes staff who use public AI tools at work without IT approval. Chris Norton, Kaspersky’s General Manager for Sub-Saharan Africa, said cybersecurity now sits at the board level as more firms speed up digital transformation.
Microsoft said AI now helps fraud groups scale faster and look more convincing. Between April 2024 and April 2025, Microsoft said it thwarted 4 billion dollars in fraud attempts, rejected 49,000 fraudulent partnership enrollments, and blocked about 1.6 million bot signup attempts every hour. That tells business readers one simple thing. Scams now reach more people, cost less to run, and look more polished than before.
Password theft and spyware jumped in Kenya
Kaspersky backed its warning with local numbers that deserve attention. The company said password-stealing attacks in Kenya rose 83 percent year over year in 2025. Spyware attacks also rose 83 percent, while backdoor attacks climbed 25 percent. Across Sub-Saharan Africa, password stealing attacks rose 56 percent, spyware rose 53 percent, and backdoor attacks rose 8 percent. Kaspersky also said ransomware hit 7.62 percent of organizations in Africa in 2025. Those figures show a threat mix that targets both access and persistence. Attackers want usernames, passwords, browser data, and long-term control inside business systems.
That trend lines up with what Verizon found in its 2025 Data Breach Investigations Report. Verizon said ransomware appeared in 44 percent of the breaches it reviewed. The report also found that 54 percent of ransomware victims had domains that showed up in infostealer logs. In plain terms, stolen credentials still open many of the doors that criminals use. Verizon also said phishing held steady at about 15 percent of breaches. Businesses that ignore credential theft still leave one of the easiest entry points wide open.
AI scams now look more real
Kaspersky’s main concern at GITEX Kenya focused on how AI helps criminals sharpen old tricks. Attackers now use AI to write phishing emails, clone voices, fake faces, and tailor messages to specific roles inside a company. That makes social engineering harder to spot, especially in busy teams that rely on email, chat, and video calls to move work quickly.
The company also warned that criminals hide malware inside fake AI tools. In a separate 2026 release tied to the same event, Kaspersky said its systems detected more than 92,000 attacks worldwide that used fake AI services or unwanted applications as bait between January and early May 2026. Fake ChatGPT apps made up 49 percent of those detections, while fake Claude and Gemini lures each accounted for 18 percent. Kaspersky also said it found more than 15,000 malware samples that posed as agentic AI software. Many employees now search for new AI tools on their own and install them before security teams can review them.
Verizon added another warning sign. The firm said the share of AI assisted malicious emails doubled over the last two years and moved from about 5 percent to about 10 percent. That rise does not mean AI replaced old attack methods. It means AI now strengthens them. Attackers still chase logins, cookies, session tokens, and internal access. They now just do it faster and with better wording.
Staff use AI faster than security teams can train them
One of the clearest signals in Kaspersky’s presentation came from employee behavior. The company said 87.8 percent of professionals surveyed in Kenya use AI tools for work tasks such as text editing, email writing, analytics, and content creation. Yet only 35 percent said they had received cybersecurity training related to AI use. That gap creates real risk. Staff often paste data into public tools, trust generated output too quickly, or install apps that look useful but hide malicious code.
Verizon found a similar pattern in enterprise environments. Its 2025 report said 15 percent of employees accessed generative AI systems on corporate devices, and 72 percent of those users signed in with non corporate email identifiers. That kind of behavior weakens visibility and control. Security teams cannot protect data well if they do not know which tools staff use, which accounts they connect, or which files they share.
Simple rules will do more than panic
Kaspersky did not argue for slowing AI adoption. It argued for better control. The company urged businesses to set clear AI governance policies, define approved tools, limit the kinds of data employees can feed into AI systems, and train staff to spot fake AI services, malicious links, and prompt injection risks. That advice sounds basic, but it matches what the industry now recommends. Microsoft said businesses should build fraud checks into product design, strengthen authentication, use role based access, and train employees to spot red flags in support requests, job scams, and account messages.
For Kenyan businesses, the practical takeaway is is that, AI now sits inside email, support, marketing, analytics, and software tools. That means cyber risk now travels with everyday work, not just with obvious security failures. Firms that set rules early, train staff often, and watch for credential theft will be safer than those that treat AI as a free utility with no guardrails. Kaspersky’s message at GITEX Kenya was a call for discipline. That is the kind of message growing businesses need right now.
