The Convergence of AI and Cybersecurity Is Here | Cybersecurity

Depending on how you look at it, artificial intelligence (AI) can be the best thing cybersecurity has ever done, or the worst. Either way, expect the two to be relentlessly intertwined for a very long time. So, it’s time for MSPs and other technology companies to understand how to work together, operate and monetize it, and be ready to explain to their customers what that means.

AI innovations, including ChatGPT chatbots and other large language model (LLM) breakthroughs over the past few months, are poised to completely disrupt cybersecurity, business, and everything. At the RSA Conference 2023 in San Francisco, the cybersecurity and technology leader said:

“Success, survival or failure depends on getting this transition right. Chambers said: RSA keynote“We moved from the internet age to the cloud age, and now the same thing is happening with AI, in the last six months. will be.”

have a lasting and profound effect on all

According to Vivian Schiller, executive director of Aspen Digital at the Aspen Institute, AI and cybersecurity will affect everything we do in the future, so we need to plan and respond appropriately.

“This is not just about the U.S. military. This is about every area of ​​our society. We have to think about how it affects every aspect of our lives.”

The convergence of AI and cybersecurity could even have a severe impact on our critical infrastructure and military, General Richard D. Clarke, veteran, said in a keynote address with Chambers and Schiller. said.

To thwart physical and virtual nation-state threats, it is imperative that the United States is and remains the leader in both AI and cybersecurity innovation.

“We expect AI to provide more autonomy, for example one person can fly 20 planes. We have to envision ways to combat autonomous things,” Clark said. “I don’t think we won until we got to that point and started pointing out where the threat was coming from.”

Amid concerns that AI can be used to create deepfake videos and spread misinformation, Clark said the same technology can also help identify fakes and avoid escalation. increase.

“We have to think about how we share information and how we highlight deep fakes. Companies that can access and find deep fakes and share them will make a difference,” he said. said.

Leveling the playing field of threats

Whether AI-powered capabilities will ultimately help or hinder the cybersecurity landscape is debatable. After all, if cyber companies can leverage AI to thwart the current threat landscape, why can’t malicious actors also leverage her AI to find new attack strategies?

The answer, cyber experts agree, is that AI will dramatically reduce the time it takes for new malware and other threats to become viable on the market. According to CrowdStrike CEO George Kurtz, it should eventually level the playing field and positively impact businesses around the world.

“The cost of cyberattacks is expected to reach $24 trillion by 2027 (according to Statista). Imagine what you could do if you could invest $24 trillion,” Kurtz said. RSA keynote.

If we can learn how to harness the power of LLM combined with the vast amount of data that is constantly being created by every click, transaction, incident, response, etc., we might be able to invest some of that, Kurtz said. I’m here.

“We need to understand these actors. Security-specific AI comes into play when threat intelligence meets hyperscale and AI,” said Kurtz. “This helps us defend at machine scale and machine speed. Generative AI can be built by interacting with LLMs. What used to take months is now done in minutes.”

With security-specific AI, you can respond faster and more accurately to new threats, reducing the impact and damage they can cause in their early stages.

AI can help transform a defensive-oriented approach to an offensive-oriented, predictive-oriented one. LLMs also help reduce cybersecurity skills gaps as they help personalize cyber education and training to suit an individual’s learning preferences and abilities.

“We all learn differently. What if you could learn cyber in a language you understand? It enables you to do things in minutes that humans have never been able to do before,” RSA keynote said Michael Sentonas, President of CrowdStrike.

“Technology can be overwhelming. I will return it to you,” said Saint Nas.

Proceed cautiously, cautiously

Perhaps the most insightful guidance on how to manage AI innovation and expectations in the near future is to ensure that consumers of AI-generated content understand that flaws are and always will be. After all, AI models are based on human-provided coding and data, and contain our biases, our stupidity, and… our humanity.

“There is no perfect model or platonic ideal for any system. Security as Part of Responsible AI: At Home or at the Odds? “We don’t have such expectations of software or toothbrushes. We must have reasonable expectations. We know that nothing is perfect.” ”

In a responsible AI session, Vijay Bolina, CISO of Deep Mind, said that advocating for responsibility at the level of governments, businesses and even individuals will be very important.

“AI requires cross-collaboration with a wide range of expertise. Within a quarterly timeframe, all groups investigating these technologies should understand what the threat models are and be prepared for the appropriate risks. It’s very important to have controls to manage short-term and long-term risks,” Bolina said. “In the near future, humans will always need to be involved to validate what we are getting from the system, whether it is recommendations or summaries.”

Daniel Rohrer, vice president of software product security at NVIDIA, added: But these (LLMs) are expensive to run, so most use cases don’t need them (LLMs). Other small models are suitable for execution. What if he asks the same question for three days in a row? Do you get the same answer? We want consistency and accuracy. This is a big change. ”