Will Artificial Intelligence make us more or less secure?

New Zealand Security Magazine - February 2023

AI
Artificial Intelligence tools up the cyber arms race.

In the short term, AI will expose cyber vulnerabilities, but there are positives long term, writes Monica Oravcova, COO and Co-founder of cyber security firm Naoris Protocol.

AI that writes and hacks code could spell trouble for enterprises, systems and networks. Current cybersecurity is already failing with exponential rises in hacks across every sector, with 2022 reportedly already 50% up on 2021.

With AI maturing, the use cases can be positive for the enterprise security and development workflow, which will increase the defence capabilities above the current (existing) security standards.

AI can help organisations improve their cybersecurity defences by enabling them to better detect, understand and respond to potential threats. AI can also help organisations respond to and recover from cyberattacks more quickly and effectively by automating tasks such as incident response and investigation, freeing up human resources to focus on more high-level, strategic tasks.

By analysing large volumes of data and using advanced machine learning algorithms, AI could (in the future) identify patterns and trends that may indicate a cyberattack is imminent, allowing organisations to take preventative measures before an attack occurs, minimising the risk of data breaches and other cyber incidents.

The adoption of AI could help organisations stay one step ahead of potential attacks by integrating AI into an organisation’s production pipeline to create smarter and more robust code, with developers instructing AI to write, generate and audit code.

AI will positively impact the CISO and IT team’s ability to monitor in real time. Security budgets will be reduced, cybersecurity teams will also reduce in numbers. Only those who can work with and interpret AI will be in demand.

However, bad actors can increase the attack vector, working smarter and a lot quicker by instructing AI to look for exploits and vulnerabilities within existing code infrastructure. The cold hard truth could mean that thousands of platforms and smart contracts could suddenly become exposed leading to a short term rise in cyber breaches.

As ChatGPT and LaMDA are reliant on large amounts of data to function effectively, if the data used to train these technologies is biased or incomplete, it could lead to inaccurate or flawed results.

Another issue is that AI is not fool proof and can still be vulnerable to cyberattacks or other forms of manipulation. This means that organisations need to have robust security measures in place to protect these technologies and ensure their integrity.

It is also important to consider the potential ethical implications of using ChatGPT and LaMDA for cybersecurity. For example, there may be concerns about privacy and the use of personal data to train these technologies, or about the potential for them to be used for malicious purposes.

Conclusion

AI will require enterprises to up their game. They will have to implement and use AI services within their security QA workflow processes prior to launching any new code / programmes.

With regulation working several years behind technology, we need organisations to implement a cyber secure mentality across their workforces in order to combat the increasing number of evolving hacks. The genie is now out of the bottle and if one side isn’t using the latest technology, they’re going to be in a losing position. So if there’s an offensive AI out there, enterprises will need the best AI tool to defend themselves with. It’s an arms race as to who’s got the best tool.

Babcock
RiskNZ