Interest in generative artificial intelligence (AI) has peaked alongside broader concern about artificial intelligence, as evidenced by an open letter calling for an end to AI research. But how real is the AI ​​threat? And what threat, if any, does generative AI pose, especially in terms of cybersecurity?
The general threat of AI – understanding AI to apply it appropriately
Artificial intelligence is already driving change in many industries, and its growing sophistication suggests the potential for major disruption – a prospect that has workers fearing replacement. We’re already seeing this starting to play out in content creation with generative AI, for example.
AI is here and many of its use cases are discovered over time. So, as with any new technology being used, the industry needs to better understand it to find ways to use it appropriately.
The fear of replacement is not new. We have seen such concerns arise with the advent of assembly lines and the introduction of robots into manufacturing. To be fair, however, there is one fundamental difference between AI and previous technological innovations: its inherent ability to adapt. This introduces an element of unpredictability, which makes many feel uneasy.
As generative AI becomes more and more sophisticated, it will become increasingly difficult to separate the human from the AI. Current iterations of generative AI have already demonstrated their ability to pass the Turing test, the assessment of an AI’s ability to trick a human into believing they are human.
What do you do when you can’t tell the human from the artificial? How to trust identities, data or matches? This will require a zero-trust mindset, where all users must be authenticated, authorized, and validated at all times.
It remains to be seen how AI will evolve – and at what rate – but there are some current and potential cybersecurity implications to consider in the meantime.
Scaling cyberattacks
A few years ago, we were introduced to AI-generated art, which made many artists cringe. Some, however, believed that AI could help artists create more by performing repetitive tasks. For example, an illustrator can use AI to repeat a pattern they created to speed up filling in the rest of an illustration. This same principle can be applied by a malicious actor who multiplies cyberattacks.
Most hacks are done manually, which means large-scale cyberattacks require dozens of people. Threat actors can use AI to reduce monotonous and time-consuming elements of hacking, such as collecting data on a target. Nation-state actors, among the biggest cybersecurity threats, are more likely to possess the resources to invest in sophisticated AI to scale up cyber incursions. This would allow threat actors to attack more targets, potentially increasing their chances of finding and exploiting vulnerabilities.
Bad actors and generative AI
Users can ask the generative AI to create malicious code or phishing scams, but the developers say the generative AI won’t respond to malicious requests. Still, bad actors may be able to find indirect ways to coax generative AI code. Generative AI developers should continually review its settings to ensure that no new vulnerabilities have been exploited; such is the dynamic nature of AI that constant vigilance is required.
Threat actors can also use generative AI to exploit human error, which greatly contributes to security vulnerabilities. These malicious actors could use AI to exploit people through social engineering, which refers to a wide range of malicious activities leveraging psychological manipulation through human interactions to coerce security breaches. The massive natural language processing capabilities of generative AI could be very effective in streamlining these social engineering attempts.
AI is a tool: defending against generative AI
While many are quick to jump at the potential risk generative AI poses, it’s equally important to recognize the human element inextricably linked to it: a cyber defender can use this tool as a defense mechanism, just like a bad actor can use it. to launch an attack.
One of the key takeaways from Verizon’s Data Breach Investigation Report (DBIR) is the important role the human element plays in cybersecurity breaches, whether it’s the use of stolen credentials, phishing, or basic human error. People are susceptible to social engineering tactics, which generative AI, driven by threat actors, can implement at scale. This ability to expand sophisticated digital fraud can increasingly expose citizens, consumers and businesses. The threat is compounded by changing workplace layouts, which complicate the management of login credentials as workers alternate between work and home, and between work and personal devices.
The specter of a pervasive threat bolsters the case for zero trust, which takes a “never trust, always verify” approach to cybersecurity – a model that acknowledges the reality that security threats can come from anywhere. anywhere, including from within an organization. A zero-trust approach not only requires strict user authentication, but it also applies the same degree of discrimination to applications and infrastructure, including supply chain, cloud, switches, and routers.
While building zero-trust architectures and application technologies requires a Herculean effort, AI could greatly simplify the process. In other words, technology that has the potential to create an expansive threat can also streamline the implementation of far-reaching security protocols needed to keep such attacks at bay.
AI is ready to use
The reality is that there is no way to put AI back in the box. AI is a tool, and like any tool, it can be used productively or destructively. We need to use it to our advantage while anticipating how bad actors might exploit the technology.