By Linet Amuli - Reporter
Kenya, 27 November 2025 - As Kenya’s digital economy grows, artificial intelligence (AI) is playing an increasingly dual role in the country’s fight against cybercrime.
While AI strengthens defenses, it also equips cybercriminals with tools to launch faster, more sophisticated attacks, according to the Africa Cybersecurity Report Kenya 2024/2025 by the Africa Cyber Immersion Centre (ACIC).
The report estimates that Kenya lost roughly KSh 29.9 billion to cybercrime in 2024/2025, part of Africa’s $5 billion annual digital crime losses.
Rapid digital adoption in fintech, mobile money, and online services has made the country a prime target for hackers.
AI is transforming the cybersecurity landscape in multiple ways. On the defensive side, organisations are using AI-driven monitoring to detect anomalies, automate threat response, and strengthen system recovery.
Conversely, cybercriminals are harnessing AI to automate intrusions, create convincing deepfakes, mimic voices for social engineering, and exploit vulnerabilities more efficiently.
Identity-based attacks such as phishing, credential theft, and Business Email Compromise (BEC) continue to dominate the threat landscape, accounting for nearly half of all incidents in Kenya.
AI is making these attacks more precise, enabling criminals to tailor attacks to high-value targets in the financial and telecom sectors.
More from Kenya
Ransomware and supply-chain disruptions, while less frequent, result in the largest financial losses per incident. The report notes that AI is accelerating the sophistication of these attacks, making recovery more challenging.
“Artificial intelligence is reshaping both sides of the cybersecurity equation,” the report states.
“Organisations must adopt AI-powered defenses while preparing for AI-enabled attacks that are faster, smarter, and more automated than ever before.”
Kenya’s digital infrastructure remains exposed, with many systems accessible through unencrypted remote-access services such as Telnet, FTP, and RDP.
Operational errors and system misconfigurations further compound vulnerabilities, leaving organisations increasingly dependent on intelligent monitoring and automated recovery systems.
The report urges a shift from traditional risk management to measurable cyber resilience.
This includes routine recovery testing, immutable backups, and AI-assisted incident detection to ensure rapid restoration and continuity after attacks.
As Kenya continues to embrace AI across both business and cybercrime landscapes, the report emphasises that leveraging technology wisely, both defensively and strategically, is critical to safeguarding the nation’s fast-expanding digital economy.
