AI's impact on various aspects of our lives is undeniable, especially in cybersecurity. However, its significance in defending against cyber threats is particularly noteworthy. Over the years, AI has evolved through three waves in cybersecurity. The initial wave (2000–2010) saw AI aiding in spam filtering, showcasing its potential to combat evolving threats efficiently. The second wave (2010–2020) addressed the dynamic IT landscape with SaaS, cloud computing, and sophisticated threats, leading to AI becoming indispensable in defending against complex attacks like Stuxnet and ransomware. The current wave (2020-present) reveals a dual role for AI, serving as both a shield and a spear. The democratization of AI technology introduces risks, with adversaries using AI for malicious purposes, such as generating convincing phishing campaigns, automating vulnerability scanning, and leveraging deepfakes for social engineering.