Artificial intelligence and machine learning (AI/ML) are sophisticated technologies that organizations and individuals alike can use to their advantage. In recent years, the increasing availability and popularity of generative AI tools like ChatGPT has put AI in the spotlight, both within the tech industry and in mainstream culture.
In cybersecurity, AI is a double-edged sword, aiding cybercriminals and security professionals at the same time. Bad actors are always trying to use the latest technologies to enhance their tools, optimize their attacks, and maximize payouts. Alongside and in response to these more effective AI-enhanced threats, cybersecurity experts are also attempting to leverage AI for protection against cyberthreats.
How Cybercriminals Leverage AI
Bad actors are able to use AI to launch attacks that are often more convincing, more effective, and more numerous than those without AI. They also may be able to use AI earlier and more extensively than their cybersecurity industry counterparts, as cybercriminal operations are generally less scrupulous about the integrity and reliability of their tools and methods.
With the use of AI, cybercriminals are able to automate some of the processes involved in a wide range of cyberattacks. In phishing, generative AI can be used to compose more convincing messages without the telltale signs of a scam that people are generally on alert for, like spelling and grammar errors. This also enables them to send out more phishing lures than ever before.
One of the most prominent uses of AI in cyberattacks is the increasing popularity of deepfake cyberattacks. These convincing AI-developed audios, videos, and images can be used for in-depth phishing scams targeting individuals and businesses. Beyond this, AI tools can also help cybercriminals to find vulnerabilities to exploit, craft misinformation campaigns, and adapt their tactics to evade known security measures.
How Cybersecurity Professionals Leverage AI
The versatility of AI offers a variety of potential avenues for protecting against cyberthreats. While there are still security operations that can only be carried out by humans, AI tools can automate some of the more tedious and time-consuming processes involved in threat prevention and protection, including:
- Aggregating, analyzing, and grouping security alerts from different sources to reduce alert fatigue
- Categorizing and prioritizing risks, tasks, and other elements to cut down on the effort required of human workers
- Analyzing large datasets to check for policy enforcement and regulatory compliance
- Detecting anomalies in network traffic, user actions, and more through behavior-based analysis
- Reducing false positive alerts by honing the ability to distinguish real threats over time
- Improving incident response capabilities by automating parts of the containment, prevention, and remediation of security incidents
The use of AI in cybersecurity can help organizations protect against AI-empowered attacks. As cyberattacks grow more sophisticated, advanced, and effective, it is vital for cybersecurity capabilities to do the same, including by leveraging the same AI and ML technology.
Notable AI-Empowered Attacks and Defenses
The issue of AI-enhanced cyberattacks is not a theoretical one. Cybercriminals have been using AI tools and capabilities in their attacks for years, including some high-profile incidents. As far back as 2018, online marketplace TaskRabbit was breached by attackers using AI to compromise nearly four million people’s personal and financial information.
More recently, 2023 saw a few notable AI-enhanced cyberattacks. Restaurant company Yum! Brands was hacked in January, with both corporate and employee data being compromised as the result of an AI-empowered ransomware attack. In December, video game giant Activision experienced a similar breach of employee information due to an insider falling for an AI-enhanced phishing message.
To defend against these and other attacks, organizations can implement AI-empowered cybersecurity measures to automate many security processes. Cybersecurity professionals can use AI for a wide range of functions, including encryption, malware detection, behavior analytics, incident response and mitigation, risk assessment and management, and threat intelligence.
Considerations for the Future of AI in Cybersecurity
According to Steve Stone, SVP of Threat Intelligence and Managed Hunting at SentinelOne, cybercriminal use of AI is only expected to continue expanding and diversifying. The AI tools and measures used for defense are also evolving to become more reliable and effective, so looking forward is crucial in the AI discussion.
Stone cites securing datasets from threat actors and enforcing data regulations as important considerations for the future of AI policy and governance. Data security and regulatory compliance are timeless concerns, as important now as ever, posing significant challenges in many areas of cybersecurity, even without AI. The addition of AI enhancements to attacks and defenses requires large datasets, leading to an “increase in complexity and severity” of the challenges associated with data security.
One of the most important ways for organizations to manage the combined risks and advantages of AI is to stay informed on the digital landscape, cybersecurity market, and latest threat trends. Armed with this knowledge, organizations can ensure that their security strategies are developed with evolving threats in mind, and that AI-empowered defenses are implemented and managed effectively and securely.