There has been a good deal of publicized chatter about impending cyberattacks at an unprecedented scale and how Artificial Intelligence (AI) could help stop them. Not surprisingly much of the discussion is led by AI vendors in the cybersecurity space. Although they have a vested interest in raising an alarm, they do have a point. But it is only half the story.
There is a new ‘largest’ cyber-attack almost every year. Sometimes it is an overwhelming Distributed-Denial-of-Service (DDoS) attack, other times it has been a deeper penetrating worm, more powerful botnet, massive data breach, or a bigger financial heist. This is not unexpected. Rather it is a result of the world embracing Digital Transformation (DT) with more assets and reliance on the growing digital ecosystem.
Although I do not think there will be some cataclysmic cyber-attack that brings everything down in the foreseeable future, we are likely to experience an ever-increasing rate and impact of attacks. I find the AI discussions to be interesting, not for the arguments for how AI can help, but for what is omitted.
You see, AI is just a tool. A powerful one which will be used by both attackers and defenders.
AI can greatly enhance cybersecurity prediction, prevention, detection, and response capabilities to improve defenses, adapt faster to new threats, and lower the overalls cost of security. Attackers are also attracted to AI capabilities because of the very same attributes of speed, scale, automation, and effectiveness that empowers them to relentlessly pursue targets, gain access, seize assets and undermine attempts by security to detect and evict them. AI can be used to attack and undermine other AI systems, which is becoming a problem. Adversarial attacks are one such class of exploitation where the inputs to an AI system are modified by the opposition in such a way that the output is intentionally manipulated. These and other types of offensive systems that undermine AI represent a serious and growing risk to consumers, militaries, critical infrastructure, and transportation.
Yes, AI can help with the next ‘largest’ attacks, but it is also very likely that AI will be behind those attacks as well. So, let’s have a balanced discussion about the risks that increase every day, for all of us with roots in the digital domain. AI will grow and play a pivotal role in how technology influences the lives of every person on the planet. It will be very important to both cybersecurity and cyber-attackers in how they can maneuver. The game is on and the stakes are high.
Welcome to the new AI cyber-arms race.
Interested in more? Follow me on LinkedIn, Medium, and Twitter (@Matt_Rosenquist) to hear insights, rants, and what is going on in cybersecurity.
Comments
Interesting. AI for AI. It's the human factor, how these solutions are trained and leveraged, which will make the real difference