AI Continues to Reshape Cybersecurity Landscape
In February, the App Security Project discussed the increasingly crucial role artificial intelligence (AI) is playing in cybersecurity. That trend has not ceased, and technological development raises the stakes for both security experts and policymakers. Security experts must respond to increasingly sophisticated threats, while the latter must take care to avoid enacting policies that could be deleterious to cybersecurity.
Unsurprisingly, AI is benefitting both good guys and bad guys. “Malicious actors are using AI and genAI to create more insidious malware, more convincing phishing emails, and more realistic deepfakes,” reports technology writer Neal Weinberg. “At the same time, vendors are fighting back by incorporating AI capabilities into their cybersecurity tools.”
Besides facilitating more potent malware, AI better positions criminals to exploit the greatest cybersecurity weakness of all – human error. Criminals can use generative AI to create realistic phishing emails deepfakes “to impersonate a trusted source.” Weinberg writes that “the video might pose as a corporate executive or supervisor to trick a target employee into sending money to a fake account. Or it could impersonate an IT employee to trick end users into revealing passwords and other credentials.”
AI tools also present opportunities for cybersecurity professionals. “AI is the hottest trend to hit the cybersecurity industry,” Richard Stiennon, chief research analyst at IT-Harvest, told Weinberg. It can be used to detect even faint signs of trouble and respond accordingly, with far superior capacity to non-AI tools. Moreover, given personnel shortages in the cybersecurity field, AI that is used in concert with human brainpower has the fill badly needed security capacity.
To adapt to the ever-changing and ever-increasing complexities of cybersecurity, technologists must have the flexibility to innovate freely, without fear of scrutiny by regulators. This includes the freedom to innovate new models of partially closed systems, which, in comparison to fully open systems, offer significant cybersecurity benefits.
As government regulates on economic and other issues, it must ensure it does not degrade Americans’ safety in the digital world.
Published on August 7, 2024