Clear Sky Science
Evidence-based, jargon-light explanations

Clear Sky Science · en

A generative AI-driven cybersecurity framework for small and medium enterprises software development: an ANN-ISM approach

· Back to index

Why small companies should care about smarter digital shields

For many small and medium-sized businesses, software is now the backbone of daily work—but so are online crooks who see these firms as easy targets. This paper explores how new forms of artificial intelligence, called generative AI, can help smaller companies protect their software from scams, ransomware, and other digital break-ins without needing a huge budget or a large security team.

Figure 1
Figure 1.

The growing danger to everyday businesses

Small and mid-sized companies are hit hard by cyber-attacks because they often lack specialist staff, advanced tools, and formal security processes. As more work moves online, criminals use smarter tricks such as automated phishing emails, fake videos that imitate real people, and malware that constantly changes its behavior. Traditional defenses that rely on fixed rules or known attack patterns struggle to keep up with this fast-moving landscape. When these attacks succeed, they can shut down operations, leak customer data, and damage hard-won trust—risks that can be existential for a smaller firm.

Using learning machines to spot trouble early

The authors propose a framework that combines two complementary AI ideas to tackle this problem. First, an artificial neural network (ANN) learns patterns from past data—such as logs, code scans, and records of incidents—to predict which cyber threats are most likely to appear in a given software project. Second, generative AI models, including Generative Adversarial Networks, can create realistic examples of attacks, such as synthetic phishing emails or fake malware traffic. These artificial examples make it possible to train the ANN and other detection tools even when a company has only limited real-world data, a common situation for small organizations.

Mapping how different risks influence one another

On top of prediction, the framework uses a method called interpretive structural modeling (ISM) to organize threats and defenses into a clear hierarchy. Expert input, survey data from 85 practitioners, and a wide literature review are combined to identify ten major AI-related threats faced by small software developers, including automated phishing, ransomware, data poisoning of AI models, supply chain attacks, and AI-crafted zero-day exploits. ISM then arranges these threats into levels, showing which ones trigger or amplify others. For example, automated vulnerability discovery can feed into ransomware or AI-generated exploits, while weaknesses in the supply chain can open doors for several attack types at once. This layered map helps managers see which root problems to fix first.

Figure 2
Figure 2.

Turning analysis into practical defense steps

The hybrid ANN–ISM model is not just a theory exercise; it is turned into a four-level roadmap that companies can use to judge how far along they are in protecting their software. At the most basic level, firms begin with better safeguards against common threats such as phishing. Higher levels address more advanced dangers like deepfakes, AI-powered malware, and data poisoning of machine-learning systems. For each threat category, the authors list concrete AI-supported practices, such as automated code review, AI-assisted penetration testing, anomaly detection in network traffic, and AI-generated training simulations for staff. A case study with an AI-focused software vendor shows that many of these practices can already reach a mature stage, especially for phishing, ransomware, and supply chain risks, while defenses against zero-day exploits and evasion techniques are still developing.

What this means for the future of secure software

In plain terms, the study concludes that generative AI can give smaller companies access to security capabilities that once belonged only to large enterprises. By teaching machines to anticipate attacks and by structuring the web of related risks, the proposed framework offers a scalable, relatively low-cost way to strengthen software throughout its life cycle. The authors argue that, if adopted and refined, such approaches could help many more small and medium-sized businesses stay online, protect their customers, and keep pace with attackers who are increasingly using AI themselves.

Citation: Awan, M., Alam, A., Khan, R.A. et al. A generative AI-driven cybersecurity framework for small and medium enterprises software development: an ANN-ISM approach. Sci Rep 16, 9813 (2026). https://doi.org/10.1038/s41598-026-37614-8

Keywords: SME cybersecurity, generative AI, software security, neural networks, ransomware and phishing