Artificial intelligence technology has been a buzzword in cyber security for a decade now \u2014 cited as way to flag vulnerabilities and recognise threats by carrying out pattern recognition on large amounts of data. Anti-virus products, for example, have long used AI to scan for malicious code, or malware, and send alerts in real time.<\/p>\n\n\n\n
But the advent of generative AI, which enables computers to generate complex content \u2014 such as text, audio and video \u2014 from simple human inputs, offers further opportunities to cyber defenders. Its advocates promise it will boost efficiency in cyber security, help defenders launch a real-time response to threats, and even help them outpace their adversaries altogether.<\/p>\n\n\n\n
\u201cSecurity teams have been using AI to detect vulnerabilities and generate threat alerts for years, but generative AI takes this to another level,\u201d says Sam King, chief executive of security group Veracode.<\/p>\n\n\n\n
\u201cNow, we can use the technology not only to detect problems, but also to solve and, ultimately, prevent them in the first place.\u201d<\/p>\n\n\n\n
Generative AI technology was first thrust into the spotlight by the launch of OpenAI\u2019s ChatGPT, a consumer chatbot that responds to users\u2019 questions and prompts. Unlike the technology that came before it, generative AI \u201chas adaptive learning speed, contextual understanding and multi\u00admodal data processing, and sheds the more rigid, rule-based coat of traditional AI, supercharging its security capabilities,\u201d explains Andy Thompson, offensive research evangelist at CyberArk Labs.<\/p>\n\n\n\n
So, after a year of hype around generative AI, are these promises being delivered upon?<\/p>\n\n\n\n
Already, generative AI is being used to create specific models, chatbots, or AI assistants that can help human analysts detect and respond to hacks \u2014 similar to ChatGPT, but for cyber security. Microsoft has launched one such effort, which it calls Security Copilot, while Google has a model called SEC Pub.<\/p>\n\n\n\n
\u201cBy training the model on all of our threat data, all of our security best practices, all our knowledge of how to build secure software and secure configurations, we already have customers using it to increase their ability to analyse attacks and malware to create automated defences,\u201d says Phil Venables, chief information security officer of Google Cloud.<\/p>\n\n\n\n
And there are many more specific use cases, experts say. For example, the technology can be used for attack simulation, or to ensure that a company\u2019s code is kept secure. Veracode\u2019s King says: \u201cYou can now take a GenAI model and train it to automatically recommend fixes for insecure code, generate training materials for your security teams, and identify mitigation measures in the event of an identified threat, moving beyond just finding vulnerabilities.\u201d<\/p>\n\n\n\n
Generative AI can also be used for \u201cgenerating [and] synthesising data\u201d with which to train machine learning models, says Gang Wang, associate professor of computer science at the University of Illinois Grainger College of Engineering. \u201cThis is particularly helpful for security tasks where data is sparse or lacks diversity,\u201d he notes.<\/p>\n\n\n\n
The potential for developing AI cyber security systems is now driving dealmaking in the cyber sector \u2014 such as the $28bn acquisition of US security software maker Splunk by Cisco in September. \u201cThis acquisition reflects a wider trend and illustrates the industry\u2019s growing adoption of AI for enhanced cyber defences,\u201d says King.<\/p>\n\n\n\n
He points out that these tie-ups allow the acquirer to swiftly expand their AI capabilities while also giving them access to more data, to train their AI models effectively.<\/p>\n\n\n\n
Nevertheless, Wang cautions that AI-driven cyber security cannot \u201cfully replace existing traditional methods\u201d. To be successful, \u201cdifferent approaches complement each other to provide a more complete view of cyber threats and offer protections from different perspectives\u201d, he says.<\/p>\n\n\n\n
For example, AI tools may have high false positive rates \u2014 meaning they are not accurate enough to be relied upon alone. While they may be able to identify and halt known attacks swiftly, they can struggle with novel threats, such as so-called \u201czero day\u201d attacks that are different from those launched in the past.<\/p>\n\n\n\n
As AI hype continues to sweep the tech sector, cyber professionals must deploy it with care, experts warn, maintaining standards around privacy and data protection, for example. According to Netskope Threat Labs data, sensitive data is shared in a generative AI query every hour of the working day in large organisations, which could provide hackers with fodder to target attacks.<\/p>\n\n\n\n
Steve Stone, head of Rubrik Zero Labs at data security group Rubrik, also notes the emergence of hacker-friendly generative AI chatbots such as \u201cFraudGPT\u201d and \u201cWormGPT\u201d, which are designed to enable \u201ceven those with minimal technical\u201d skills to launch sophisticated cyber attacks.<\/p>\n\n\n\n
Some hackers are wielding AI tools to write and deploy social engineering scams at scale, and in a more targeted manner \u2014 for example, by replicating a person\u2019s writing style. According to Max Heinemeyer, chief product officer at Darktrace, a cyber security AI company, there was a 135 per cent rise in \u201cnovel social engineering attacks\u201d from January to February 2023, in the wake of the introduction of ChatGPT.<\/p>\n\n\n\n
\u201c2024 will show how more advanced actors like APTs [advanced persistent threats], nation-state attackers, and advanced ransomware gangs have started to adopt AI,\u201d he says. \u201cThe effect will be even faster, more scalable, more personalised and contextualised attacks, with a reduced dwell time.\u201d<\/p>\n\n\n\n
Despite this, many cyber experts remain optimistic that the technology will be a boon for cyber professionals overall. \u201cUltimately, it is the defenders who have the upper hand, given that we own the technology and thus can direct its development with specific use cases in mind,\u201d says Venables. \u201cIn essence, we have the home-field advantage and intend to fully utilise it.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"
Artificial intelligence technology has been a buzzword in cyber security for a decade now \u2014 cited as way to flag vulnerabilities and recognise threats by carrying out pattern recognition on large amounts of data. Anti-virus products, for example, have long used AI to scan for malicious code, or malware, and send alerts in real time. […]<\/p>\n","protected":false},"author":2,"featured_media":22962,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"none","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","footnotes":""},"categories":[2],"tags":[],"class_list":["post-22960","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"rttpg_featured_image_url":{"full":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",1400,788,false],"landscape":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",1400,788,false],"portraits":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",1400,788,false],"thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33-150x150.jpg",150,150,true],"medium":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33-300x169.jpg",300,169,true],"large":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33-1024x576.jpg",1024,576,true],"1536x1536":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",1400,788,false],"2048x2048":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",1400,788,false],"post-thumbnail":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",746,420,false],"graptor-sq-xs":["https:\/\/web3unplugged.io\/blog\/wp-content\/uploads\/2024\/01\/Untitled-33.jpg",100,56,false]},"rttpg_author":{"display_name":"Admin CG","author_link":"https:\/\/web3unplugged.io\/blog\/author\/admin-cg\/"},"rttpg_comment":0,"rttpg_category":"news<\/a>","rttpg_excerpt":"Artificial intelligence technology has been a buzzword in cyber security for a decade now \u2014 cited as way to flag vulnerabilities and recognise threats by carrying out pattern recognition on large amounts of data. Anti-virus products, for example, have long used AI to scan for malicious code, or malware, and send alerts in real time.…","_links":{"self":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/22960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/comments?post=22960"}],"version-history":[{"count":1,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/22960\/revisions"}],"predecessor-version":[{"id":22963,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/posts\/22960\/revisions\/22963"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media\/22962"}],"wp:attachment":[{"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/media?parent=22960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/categories?post=22960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/web3unplugged.io\/blog\/wp-json\/wp\/v2\/tags?post=22960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}