As artificial intelligence (AI) tools are increasingly used in content generation, work applications, and even web search, hackers have figured out ways to misuse this technology. AI-generated deepfakes are one of the important areas of concern for cybersecurity experts.
Cybersecurity firms have been investing in machine learning, a subset of AI, for quite some time now to counter such threats. These investments are coming to fruition with the launch of AI models that can predict vulnerabilities and warn users about threat actors. Hacking threats, as predicted by an AI model built by cybersecurity firm Tenable, is “at about 25%,” said Glen Pendley, CTO of Tenable.
Technologies like Security Data Retention (SDR) and ML are used to predict and identify threats, especially those that are anomalous, Pendley added.
“ML is critical, and implementation of AI in cybersecurity takes their use to a different level,” said Vishal Salvi, CEO of Quick Heal Technologies.
(For top technology news of the day, subscribe to our tech newsletter Today’s Cache)
Apart from threat prediction, cybersecurity firms are also deploying AI where there is a lack of experienced human resources.
Despite apparent benefits, “it [AI] should be used with caution” said Pendley. “Like any other tool, while it can be useful, it can also be dangerous. I wouldn’t recommend people shy away from it. I would just say treat it like you would any other tool and try to maximize efficiency through its use.”
An example of why caution is recommended is companies releasing AI-based tools to the public without taking moral or social responsibility. These products, which lack proper security measures, can be misused by criminals. And, while it is difficult to anticipate the misuse of a tool, companies should limit the input into prompts to control the output. “From a responsibility perspective, it is absolutely necessary,” said Pendley.
AI does not change the nature of the cybersecurity industry which has always been in a cat-and-mouse game. According to experts, AI is not a new vector in cybersecurity.
Industry players are using AI to build additional models to give insights on attacks, provide quick responses on known vulnerabilities, and conduct comprehensive tests that can be automated to reduce human error, Salvi said.
But, the cybersecurity industry is playing catch up with threat actors that use generative AI to create deepfakes. “I don’t think the world is ready for that”, Pendley said.
While AI tools used by the cybersecurity industry are really good at recognizing text and images, the existing tools are not yet designed to correctly identify deepfake voices and videos.
In terms of consolidation in the industry, there appears to be a consensus among industry leaders. They envision the consolidation of data could help them apply different generative AI models on the amalgamated data set. The consolidation therefore is seen more in the form of integrated platforms and the consolidation of databases “but there will never be one product to rule them all,” Pendley said.
