In recent months, the buzz around AI technology has grown rapidly, due in large part to the release of ChatGPT. This brings with it new security challenges.
The program is being made available to the public free of charge and has been the subject of a seemingly endless public debate about its implications since its launch last November.
The AI technology turns out to be quite intelligent. It's sort of a contemporary evolution of the concept of a search engine — users can type in and within moments get a well-crafted, accurate, and seemingly trustworthy answer from sources across the web.
AI writes and improves malicious programs
However, there are already reports of dangerous uses of AI, which raises important questions: How exactly does AI affect cybersecurity? Can threat actors use it to launch cyberattacks that keep improving themselves? Theoretically yes. In recent weeks and months, malware written or enhanced by artificial intelligence has been observed to an increasing extent, and it can be assumed that this trend will increase. Since there are already reports that speak of AI-to-AI communication, I can certainly imagine a scenario in the not too distant future in which malicious code generated by AI is improved by another AI. Therefore, it is important that security vendors apply AI themselves to counteract this trend.
New challenges through AI
Tech companies have been using AI and machine learning (ML) to improve parts of their platforms for years. Everyday objects such as navigation apps and autocorrect functions use AI. Numerous software vendors are using AI across all kinds of industries to optimize every facet of their platforms.
The technology builds on our human intelligence. Experienced cyber threat analysts combine their knowledge of threat actor habits, activities, attack methods, and behavior to create the framework for effective detection systems. This automatically monitors threats emerging on the open, deep, and dark web. The nuances of human experience and intelligence, coupled with the power of machine learning, allow it to seamlessly scale and detect threats for any number of organizations.
Faster and more efficient attacks
Unfortunately, AI isn't just useful on the cybersecurity side. The technology is also used to circumvent the protective systems created with its help. It is constantly evolving, and with the introduction of new AI-based tools, threat actors will be able to execute their attacks much faster and more efficiently than before. This poses a serious problem for security teams as they cannot scale infinitely due to their limited resources and are left behind.
What does this mean for security teams?
AI is not fundamentally changing the way threat actors execute attacks. The biggest risk remains a well-known one: Attackers can use AI to increase the volume of their attacks, for example by automating the process of deploying a phishing kit. The problem itself remains the same, but the scale is significantly larger. Tools like 10Web (Automated Website Builder), which allow users to clone websites en masse, will help increase the number of phishing websites using fake domains significantly.
The good news is that cyber threat intelligence providers seem to be a step ahead for now. Many companies have been investing in AI and machine learning since the early days, long before AI made its public debut in the past year. Significant research and development resources are already being devoted to learning as much as possible about phishing infrastructures and evasion mechanisms, which are continuously fed into automated monitoring and detection mechanisms. There are also machine learning algorithms that can detect similar domains, similar logos and graphics, proprietary HTML code and intellectual property infringement, fake social media profiles, and more.
Conclusion
Currently, AI applications are only as intelligent, predictive, and powerful as their human creators allow them to be. The use of AI by threat actors will certainly pose additional challenges for security teams, but that usually also leads to helpful innovations for the future. As long as humans remain in control, AI can be an extremely useful tool for security professionals to face the growing threat landscape and advance cybersecurity. According to Markus Auer, Security Advisor and Sales Director DACH at BlueVoyant.
More at BlueVoyant.com
About BlueVoyant
BlueVoyant combines internal and external cyber defense capabilities in an outcomes-based, cloud-native platform by continuously monitoring your network, endpoints, attack surface, supply chain, and the clear, deep, and dark web for threats. The full-spectrum cyber defense platform quickly illuminates, validates, and remediates threats to protect your organization. BlueVoyant leverages both machine learning-driven automation and human-led expertise.