When executives from tech giants Amazon, Google, Meta, and Microsoft met with President Joe Biden last month, they pledged to comply with artificial intelligence security measures before releasing their AI tools to the public.
Their efforts include exhaustive testing of AI systems to protect against cybersecurity, one of the most important risk areas.
The role generative AI is playing in making ransomware and phishing attacks easier and more pervasive escapes the attention of chief information security officers and other cyber executives trying to track this rapidly evolving technology.
“Cyber vulnerabilities are becoming more and more democratized,” said Collin Walke, director of cybersecurity and privacy practice at Hall-Estill Law Firm. “More and more people with hacker skills are using things like ransomware as a service and AI. For CISOs and other cyber leaders, the rapid adoption of generative AI is shaping the threat landscape,” he said.
For example, the use of generative AI has made phishing attacks look simpler and more authentic. “In the past, when an employee received a phishing email, it was easy to tell it was a fake just because there was something wrong with the wording,” Walke said. With generative AI, non-English-speaking perpetrators can almost certainly translate emails into any language instantly, making it harder for employees to spot fakes.
But cyber experts say organizations looking to improve their cybersecurity capabilities can also use the same AI tools that enable hackers to act quickly. “Yes, attackers can be automated, but defenders can also be automated,” says Stephen Boyer, co-founder and chief technology officer of cyber risk management firm BitSight. “The AI makes a bad attacker a more skilled attacker, but it also makes an OK defender a very good defender.”
Boyer said AI will allow engineers writing code to automatically check for vulnerabilities, resulting in more secure code. “There are tools to do it today, but AI will make it incredibly fast,” he said.
In fact, using AI to improve the speed and scale of cybersecurity is one of the biggest benefits experts expect soon.
Michael McNerney, chief security officer at cyber insurer Resilience, said using the technology for difficult and time-consuming tasks would be a huge benefit for CISOs. “Creating an inventory of every device, every endpoint, and application is extremely complex, cumbersome, and, frankly, tedious. I can imagine a future that helps us understand,” he said.
He added that a large part of cybersecurity is about hygiene, so using AI to streamline understandable and highly repetitive tasks is of great value.
Walke said, “Just two months ago, OpenAI suffered a data breach hack, so if they’re vulnerable, one CISO in a company cannot handle the complications and potential risks of AI.”
McNerney said, “We’re at the peak of the hype cycle, but I also think that’s natural. We have a very exciting, powerful emerging technology that few people truly understand. I think over the next year, cyber leaders are going to figure out where AI is really useful and where it’s not.”