COMMENT
Cyber security has always been a cat and mouse game between the “good guys” and the “bad guys”. With the growing prevalence of artificial intelligence, including new forms such as Generative AIthis ongoing chess game has only become more intense, and it is increasingly clear that AI will act as a powerful “queen” that can tip the game in favor of whoever wields this piece most effectively.
Cyber attacks are more sophisticated than ever
Bad actors have wasted little time finding ways to incorporate generative AI into their businesses. They were able to take their phishing efforts to a whole new level: the messages now arrive as thin, flowing prose, free of spelling or grammatical errors.
A clever scammer can even “trick” generative AI models into taking on a persona to make the phishing email more convincing; for example, “Make this email appear to come from the accounting department of a Fortune 500 company” or “Imitate the writing style and mannerisms of Executive X.” With this type of highly targeted, AI-enhanced phishing attack, bad actors increase their chances of stealing an employee’s login credentials so they can access highly sensitive information, such as a company’s financial details.
Threat actors are also developing their own malicious versions of traditional GPT tools. DarkGPT, for example, is able to tap into all corners of the Dark Web, making it very easy to gather information and resources that can be used for nefarious purposes. There is also FraudGPT, which allows cyber criminals to create malicious code and viruses with just a few keystrokes of the keyboard. The result? Devastating, efficient ransomware attacks that are easier than ever to launch, with lower barriers to entry.
Unfortunately until these illicit activities give way produce results, there will continue to be bad actors looking for creative ways to use new technologies like generative AI for sinister reasons. The good news is that companies can leverage these same capabilities to strengthen their security strategies.
Context is key
In the same way that DarkGPT and FraudGPT can serve malicious resources faster than ever, a responsibly deployed GPT tool can serve useful resources: providing the context needed to help evade potential attacks and facilitate a more effective response to any threat.
For example, let’s say a security professional detects irregular activity or anomalous behavior in their environment, but is unsure what the next steps are for an appropriate investigation or resolution. Generative AI can very quickly extract relevant information, best practices and recommended actions from the collective intelligence of the security field. Having this complete context allows professionals to quickly understand the nature of the attack, as well as the respective actions to take.
This ability becomes particularly powerful when security teams can look at their environment holistically and analyze it All of the available data.
See the full picture
Previously it was standard to observe a single system for normal behavior or, perhaps more importantly, abnormal behavior. Now you can examine multiple systems and configurations, including how they interact Together – to provide a much more detailed picture of what is happening in the environment. As a result, professionals can have a much deeper and more contextual understanding of the evolving situation and make better, more informed decisions.
Plus, generative AI doesn’t just help security professionals create Better decisions, it also helps them make Faster decisions, with less manual effort.
Today there is a lot of hard work to do to gain visibility into the technology stack and digital footprint within the organization, pull the data together, and try to understand what is happening. Given the scale and complexity of today’s technology environments and the volumes of data involved, it has historically been impossible to provide holistic security coverage or identify every single blind spot, and this is largely what bad actors are taking advantage of.
Generative AI not only helps aggregate all this data but also democratizes it. This allows security professionals to perform analysis on massive amounts of information in near real-time and identify potential threats based on changes in the landscape that they previously might have only stumbled upon by chance. This alone can reduce the dwell time of any bad actors from days to just minutes – a significant advantage for the good guys.
There is reason for optimism
When automobiles became more common in the early 1900s, it was customary to have some carrying a red flag on the road in front of the car to warn other travelers in advance that something new and unexpected was coming and to be aware of their surroundings.
Obviously, society has long gotten used to having vehicles on the road. They have simply become part of the fabric of the world we live in, even as they have become increasingly sophisticated and powerful.
When it comes to artificial intelligence, we are in a moment of alarm: we must proceed with awareness and attention. Whether it’s cars or artificial intelligence, there is always some risk. But just as we’ve added more advanced safety features to vehicles and increased regulations, we can do the same with artificial intelligence.
Ultimately, there is reason for optimism here. The cat and mouse game between hackers and defenders will continue, as it always has. But by using AI, and generative AI in particular, as a way to strengthen their overall security posture and fortify their defenses, the good guys will be able to take their game to the next level and improve the their ability to keep the bad guys in their place. : under control.