AI has transmuted the game for attackers and defenders within the past three years. Threat actors haven’t hesitated to adopt AI-powered methods. Defenders have the opportunity to respond in kind with AI-powered solutions.
While emerging on the market, these solutions have yet to be adopted across the board. However, given the risks created by large language models and other advanced technologies, AI-powered security tools may quickly become more than nice: they may become necessary.
Threat Actors are Leveraging AI in Powerful Ways
GenAI provides a host of new tools for attackers to use. The end result is that it allows unskilled attackers and opportunists to launch sophisticated AI exploits at scale. This gives defenders a lot more to worry about and fundamentally changes the cybersecurity landscape.
We see how AI is being used to bypass established security controls. Using AI, attackers create malware, phishing emails, deepfakes, and more. All of these highly effective techniques required specific expertise to execute in the past. Today, GenAI tools have democratized the process.
They have also instantly broadened the reach of malicious campaigns, automating the attack process. All the steps in the cyber kill chain can now be performed by AI: probing target systems, mapping internal technologies, discovering and exploiting vulnerabilities, and post-exploitation.
Discovering zero-day vulnerabilities is an especially dangerous AI capability. Just a few months ago, Google used AI to find a zero-day within SQLite, a popular database engine used in billions of applications around the world. What is available to Google is available to attackers when it comes to AI technology, and the implications are sobering.
What Defenders Can Do
Like any technology, AI can be used not only by attackers but also by defenders. Just as Google leveraged AI to discover a zero-day threat, organizations can implement the same methods to discover similar vulnerabilities before attackers do.
In this way, AI democratizes cybersecurity as well as cybercrime. By enabling less skilled analysts to perform highly skilled tasks, AI-based tools force-multiply the reach of overworked security teams.
AI is used to reduce noise and false positives, cutting down on alert fatigue and saving SOC cycles. Because of its capacity for reasoning, forensics, and reporting, it allows cyber professionals of any ability to investigate complex security issues using natural language. This bridges the gap between the additional workload created by AI and the ongoing cyber talent crisis, and the level of protection organizations need.
In the Thales Imperva product line, the Explainability Model within the WAF enables operators to click on any security event and get a human-readable explanation of what happened, why it happened, and how it can be prevented. Chatbots in development will facilitate in-depth reporting and forensics using human language alone.
Using GenAI, security teams no longer need to access the product documentation or learn the entire API to investigate complex issues. According to some, this has the potential to put them on par with their cybercriminal counterparts in terms of agility and ability.
AI Firewalls and Large Language Models
The need for ubiquitous AI-driven security is evidenced in the protection of large language models. Traditional WAFs use static rules to prevent code injection, cross-site scripting, SQL injection attacks, and more.
GenAI introduces language as the new attack surface. The capabilities of traditional WAFs are insufficient to secure LLMs against language-based compromise. AI firewalls understand the intent, context, and semantics of language inputs and defend against a new breed of attacks: prompt injection, overusage of LLM calls, and so forth.
AI-powered Security by Default
The evolution of AI-powered cyber threats challenges today’s traditional security defenses. The capabilities of AI-wielding cybercriminals serve as a wake-up call to today’s defenders, who may still be fighting back with their human skillsets and limited expertise.
It is up to today’s organizations to decide if AI-powered cybersecurity solutions must be the modus operandi from now on. Attackers have already made their choice.
An ardent believer in personal data privacy and the technology behind it, Katrina Thompson is a freelance writer leaning into encryption, data privacy legislation, and the intersection of information technology and human rights. She has written for Bora, Venafi, Tripwire, and many other sites.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.