As is the case in recent months I find myself participating in virtual events. On May 14, I had the privilege of moderating a panel on the topic of “Offense: Hackers perspectives on AI.” This online discussion was hosted by Ai4 under their “The State of AI in Cybersecurity” series and was particularly interesting as we discussed how attackers are leveraging and abusing technology that we as a security industry are more used to using for defence – that of AI, machine learning, statistics and its many derivatives.
I was joined by colleagues from Intel, JPMorgan Chase and Cisco Umbrella. Asked to describe the relationship between cybersecurity and AI the panel arrived at the adjectives fast-moving, opportunity, complexity, and excitement. But attackers are seeing this promising future too.
As we explored the subject we were able to list examples of attackers applying AI technology to achieve “success” in their objectives – think of Deepfakes and Domain Generation Algorithms, which seem to be getting smarter in recent months. We spoke of how attackers have been seen to manipulate the output from AI-type tools by manipulating the input into those systems – the so-called GIGO problem. The example of manipulating road signs as input to self-driving cars was cited.
I’d be interested to know if you have your own examples of attackers abusing AI technology or manipulating AI-based technologies?
One of the interesting conclusions that we reached as a panel was that attackers’ use of AI is sometimes not transparent to us defenders; understanding “how” they are operating is different (and more difficult) to observing “what” they are doing.
I encourage you to listen to the recording to hear what other areas the cybersecurity industry needs to consider going forward.
Interested in hearing the discussion around a particular panel question? Here are the timestamps for the questions I asked the panel. The timestamps correlate with the YouTube video embedded below:
- 00:00 Introductions
- 07:19 Question - From a high-level, what does AI mean in the context of cyber adversaries?
- 13:29 Question - How is this ‘AI’ different from what we have seen hackers use before? What new things are they using against us?
- 31:55 Question - Flipping it around. We seem to hear more and more security products are using AI. Does this use of AI put us at a disadvantage? If so, why?
- 43:32 Question – How are things going to change in the next five years?
- 45:52 End.
The video recording of the panel can be found here:
Artificial intelligence in cybersecurity is a topic discussed in Forcepoint's To The Point podcast. Just earlier this week, Martin Stanley from the Department of Homeland Security recently shared his perspective of the role of artificial intelligence from a government perspective. Listen to episode 82 by clicking the link or by clicking the Listen to the Podcast button on the right.
Hope to catch you on the next (virtual) conference.