The impact of artificial intelligence (AI) across all industries has been highly touted as the catalyst for immense amounts of growth and positive development. There's no doubt that software capable of constant self-improvement, automating functions previously done by human effort and recognizing more complex patterns will revolutionize many industries. When it comes to cyber security, however, will it still be seen as a force for good? Or will AI render our security systems obsolete? Unfortunately, the answer isn't clear, but let's break down how AI could potentially be both the ultimate asset to cyber security or the greatest threat.
How might AI improve cyber security?
AI-based systems can operate faster than those monitored by humans. Make no mistake, AI will become the new gold standard in cyber security due to its potential to not only automate functions at scale but also make real contextual decisions based on what it learns over time. This will have big implications for security personnel; all too often, companies simply don't have the resources to sift through the vast number of anomalies that take place in order to find the ones backed by malicious intent.
For instance, if a worker normally based in New York suddenly logs in from Philadelphia one morning, that constitutes an anomaly — and AI can tell as much because it's learned to expect that specific user to login from New York every day. Similarly, if a login in Philadelphia is followed by another login out of Denver from the same user within a few minutes, that's likely a malicious red flag.
Security isn't the only IT sector to be heavily impacted by AI. Mark Hurd, the CEO of Oracle, said at this year's Open World conference that “sixty percent of the IT jobs ... that will be out there by 2025 haven't been invented yet." It's a growing field that will require experts and engineers who are up-to-date on new developments so they can be set up to work in unpredictable fields.
Machine learning-based software is also particularly efficient at spotting the similarities between the various cyber threats, and it really shines when cyber attacks are coordinated by other automated programs. Newer AI-based algorithms are getting better at understanding the data that comes from various threatening tools and spotting those critical correlations and patterns that humans might miss.
Biometrics is another area wherein AI is gaining prevalence. AI-powered biometrics can identify, measure and analyze not just physical and facial features but actual specific human behaviors that the system has been taught to regard as suspicious. These systems can help identify someone planning a robbery and help local security forces prevent it before it even happens. There will need to be many more legal and moral discussions around the implications of such technology, of course, but its development is significant.
AI-powered biometrics can work alongside text analytics and natural language processing (NLP). These two technologies use machine learning to understand and analyze complex text, as well as understand the structure of sentences and their intentions.
How might AI threaten cyber security?
While AI will help most industries work smarter and more efficiently, it's important to understand that when it comes to security, neutral machines have no moral obligations to remain exclusively on the side of either good or evil. The algorithms do what they are told whether they're given instructions to protect your network or to hack into it.
AI can easily become a threat in the wrong hands, as it is a potent weapon with the ability to pierce even the most seemingly-impenetrable cyber defenses. One consoling notion in the past was that corporate security teams usually outnumbered their attackers. However, if the level of automation leveraged by AI can increase the scale of their attacks, especially if they're also able to recruit vast armies of machine learning-powered bots, IoT botnets will be a much larger threat.
Another huge problem when AI is deployed maliciously is that it's a much more serious threat to the average user than to cyber security experts within companies and governments, making the digital world a far less secure place to roam. For example, not many people know that even some of the best VPNs leak their DNS through Chrome extensions. If all the data that's leaked every day by millions of users is collected through automation, an efficiently powered AI tool can make all the correlations required to coordinate a massive number of attacks against defenseless users.
Some experts even worry that vendors aren't paying enough attention to the risks associated with relying heavily on these AI technologies. "What's happening is a little concerning, and in some cases even dangerous," warns Raffael Marty of security firm Forcepoint.
According to the Malicious Use of Artificial Intelligence report, AI can increase the effectiveness of attacks through the automation of "spear-phishing," using real-time speech synthesis for impersonation attacks and fraud or for carrying out activities such as packet-sniffing and vulnerability-hunting at scale. The report also noted that AI could be used to exploit existing software vulnerabilities on a mass level (e.g., automated hacking of tens of thousands of machines per day). The authors of the report goes on to say that "the use of AI to automate tasks involved in carrying out cyber-attacks will alleviate the existing trade-off between the scale and efficacy of attacks."
So will AI improve cyber security? In a vacuum, yes. But in a world where it's still lucrative to steal data, hackers will deploy the same techniques as the good guys who are trying to protect it. If anything, AI will level the playing field between attack and defense, which is a loss for defenders who used to have a clear advantage with the resources they could deploy. There's still a lot of development to be done, but cyber security in an AI-driven world will prove to be a continuous arms race.
Author Bio- Brian Thomas is a Contributor to Enlightened Digital, long-distance cyclist, and lifelong advocate for women in business from Philadelphia. Tech and business are my lifeblood, but I'm also a fanatic of brewpubs and just about every sports team in Philadelphia.