Kenya's 2027 Election Faces a New Kind of Threat: Cybersecurity and AI-Driven Disinformation

Overview

As Kenya begins preparing for its 2027 General Election, the Independent Electoral and Boundaries Commission (IEBC) has flagged cybersecurity, along with AI-powered misinformation and deepfakes, as among the most serious risks to the credibility of the vote. This warning, laid out in the commission's Election Operations Plan 2025-27, lands alongside a separate report from the National Kenya Computer Incident Response Team – Coordination Centre (KE-CIRT/CC) documenting more than 3.36 billion cyber threat events against the country's digital infrastructure in just three months. Taken together, the two reports paint a picture of an electoral system increasingly exposed to digital risk at precisely the moment it is expected to rely more heavily than ever on technology.

Why This Threat Is Different From 2022

Kenya's electoral technology has already been tested in court. During the 2022 presidential election petition, the integrity of the electronic results transmission system became a central point of dispute before the Supreme Court, with petitioners alleging that the Kenya Integrated Election Management System (KIEMS) and the transmission infrastructure had been compromised, that IEBC servers were accessed without authorization, and that results forms had been tampered with. Those allegations were ultimately unsuccessful in overturning the outcome, but they exposed how quickly questions about system integrity can escalate into questions about the legitimacy of an election itself.

What makes the 2027 risk landscape distinct is scale and sophistication rather than novelty. The threats facing voter registration, election management, results transmission, and public communication are no longer just about server access or data manipulation — they now include AI-generated phishing, automated attack tools, and deepfake content capable of shaping public perception in real time. This shifts the challenge from a narrowly technical one (can the system be hacked) to a broader one (can the public be deceived into distrusting a system that worked correctly, or trusting manipulated content over verified results).

The Numbers Behind the Warning

The Communications Authority's cybersecurity report, covering January through March 2026, offers a concrete sense of the threat environment IEBC is operating in. The 3.36 billion cyber threat events detected during the quarter, despite representing a 26.15 percent decline from the previous quarter, still translated into more than 20.58 million advisories urging organizations to patch systems, adopt multi-factor authentication, and harden network defenses.

The breakdown of incident types is worth examining closely:

System attacks dominated the threat landscape by a wide margin, accounting for over 3.23 billion of the total incidents — suggesting that most of the activity was automated, large-scale probing rather than targeted, high-effort intrusion attempts. Malware attacks numbered 68.7 million, brute-force attacks 46.4 million, web application attacks 12.1 million, and DDoS attacks — designed to knock services offline rather than steal data — exceeded 8.2 million.

Government institutions were singled out as among the most targeted organizations across several of these categories, with attackers focusing on authentication credentials, database servers, web applications, and network infrastructure. This matters directly for IEBC: an electoral commission's servers, voter databases, and results-transmission systems fall squarely within the profile of infrastructure already drawing sustained attacker interest.

The AI Dimension

What separates this threat environment from earlier election cycles is the explicit role artificial intelligence now plays on the attacker's side. The Communications Authority's report describes a shift toward AI-assisted phishing campaigns, AI-generated emails, deepfakes, automated attack tooling, and AI-powered malware — all of which make attacks more convincing, more scalable, and harder to detect using traditional defenses. Phishing campaigns aimed at governments and financial institutions across Africa are becoming more sophisticated through AI-generated content and spoofed websites built to harvest credentials or gain initial footholds into secure systems.

For an electoral commission, this AI dimension cuts two ways. First, it lowers the technical bar for credential theft and system intrusion, since AI tools can generate more convincing phishing lures at far greater scale than manual efforts. Second, and arguably more consequential for democratic legitimacy, it enables disinformation campaigns — fabricated statements, manipulated video or audio of candidates and officials, and synthetic "leaked" content — that can spread faster than fact-checking efforts can contain them. The IEBC's own operations plan explicitly names this risk, warning of a proliferation of misinformation, disinformation, hate speech, fake news, deepfakes, and propaganda during the election period.

IEBC's Planned Response

In response to these layered risks, the commission has outlined a multi-pronged strategy. On the infrastructure side, it intends to establish a dedicated ICT Security and Network Operations Centre, upgrade server and backup systems, and conduct comprehensive audits and certification of election technology. On the governance side, it plans to strengthen data protection measures, review its data protection framework, train staff on privacy and cybersecurity practices, and carry out data mapping exercises to identify and safeguard sensitive electoral information.

On the disinformation front, the commission's approach leans more on communications strategy than technical countermeasures: strengthening strategic communications, deepening collaboration with media organizations, and expanding voter awareness campaigns to promote verified electoral information. This is a reasonable starting point, but it places a significant burden on public trust-building to outpace the speed and reach of AI-generated disinformation — a race that has proven difficult to win in other recent elections globally.

Notably, the Communications Authority's recommendations for organizations broadly — regular security audits, stronger authentication, continuous monitoring, enhanced incident response, and improved inter-agency information sharing — closely mirror the safeguards IEBC says it is adopting. This alignment suggests the commission's plan is at least directionally consistent with national-level cybersecurity guidance, though the report does not address how the commission will keep pace with the rate of change in AI-enabled attack methods, which evolve faster than the typical audit-and-certify cycle election technology assessments tend to follow.

What Remains Unaddressed

Several open questions emerge from comparing the two reports. The commission's plan identifies delays in acquiring election technology and inadequate network connectivity as additional strategic risks, which raises the question of whether infrastructure upgrades — including the proposed Security and Network Operations Centre — can realistically be completed and stress-tested well ahead of the 2027 vote, rather than rushed in the final months. The 2022 petition experience demonstrated that disputes over system integrity often hinge not just on whether a breach occurred, but on whether the commission can transparently demonstrate the auditability of its systems after the fact; it is not yet clear from the operations plan how the new infrastructure will be designed with that kind of post-election verifiability in mind.

There is also a structural mismatch between the technical sophistication of the threats described — AI-powered malware, automated attack tools, deepfakes — and the comparatively conventional toolkit of awareness campaigns and media partnerships proposed to counter disinformation specifically. Effective deepfake detection and rapid-response debunking infrastructure, which other election bodies internationally have begun investing in, is not explicitly detailed in what has been reported of IEBC's plan so far.

Bottom Line

Kenya's electoral commission is contending with a threat environment that has fundamentally changed since the last general election. Where 2022's disputes centered on allegations of server access and form manipulation, 2027 is shaping up to be a contest fought partly in the realm of synthetic media and AI-scaled social engineering, layered on top of an already massive volume of conventional cyberattacks targeting government infrastructure. IEBC's operations plan shows clear awareness of this shift and has proposed sensible institutional responses — but the gap between the sophistication of AI-driven threats and the relatively traditional countermeasures proposed for disinformation suggests this is an area likely to need further investment and specificity as 2027 approaches.

This analysis is based on IEBC's Election Operations Plan 2025-27 and the Communications Authority's cybersecurity report covering January–March 2026.