With the advent of large language models (LLMs) and generative AI, cybersecurity has been transformed, changing the game's rules, adding new opportunities for threat detection, and simultaneously escalating the cyber surface being attacked. This study examines the challenge of the dual use of generative AI in cybersecurity by demonstrating how LLaMA2, GPT-3.5, and Falcon models could be used on offensive (red-team) and defensive (blue-team). By utilising two publicly accessible Kaggle datasets and running experiments on Google Colab, the study establishes that LLMs can be used to create advanced phishing attacks that evade conventional detection tools, as well as lead to better accuracy in threat classification and decrease the triage time should they be deployed defensively. To deal with such dual-use capabilities, the study is based on a formatted approach that considers the notions of transparency, intent awareness, and risk stratification. As a new metric, the Dual-Use Risk Index (DURI) is proposed to rate generative works live, backed by guard violations built into the governance by design structure. The framework is consistent with the top regulatory efforts, including the NIST AI Risk Management Framework and the EU AI Act. The findings show that, even though generative models promise operational improvement by a wide margin, they also necessitate strong policy implementation, an auditing system, and adaptation per sector. Within the context of using generative AI safely and ethically in information system contexts, this paper helps to contribute empirical experience and an operational model of governance that organisations may apply in implementing quickly, secure, and responsible generative AI.