AI and Cybersecurity

This piece on the future of AI and Cybersecurity was created by Matthew Redabaugh, Cybersecurity Instructor at Flatiron School.

There’s a fascinating conversation happening today about AI and the impact it may have as it gets adopted. There’s a wide variety of opinions on the 5 Ws.

1. Who will be impacted? 
2. Who might lose their job or have their jobs adapted? 
3. Will particular industries need more personnel thus the impact of AI will create more jobs? 
4. What will change in everyday life as the technologies we have been accustomed to change due to AI?
5. Will that change be subtle or drastic?

These are the kinds of questions that people are asking, especially in the field of cybersecurity. The main question I want to answer today is, “What is the relationship between AI and cybersecurity and how might the industry change with AI advancements?”

In this blog post, we’ll delve into the intricate relationship between AI and cybersecurity, debunk common misconceptions, and explore how AI is reshaping the landscape of digital defense.

What is Artificial Intelligence?

Let’s begin by addressing some common misconceptions about what AI is. 

The primary goal of AI is to give computers the ability to work as a human brain does. While this definition isn’t particularly narrow, AI’s scope is also quite broad. For a computer to be considered AI, it must encompass the ability to reason, learn, perceive, and plan. This is often accomplished through the development and implementation of algorithms that rely on statistics and probability to achieve a desired outcome.

Applications for Artificial Intelligence

Some use cases for AI that are being actively worked with are speech recognition and understanding languages, as well as the AI that is being used for travel assistance (updating maps, using AI to scan roads and create efficient routes.) AI empowers cybersecurity professionals to enhance their security posture through automated responses to attacks, to identify phishing schemes, to detect anomalous activity on networks (previously done manually), by analyzing weak passwords and then requiring users to update them, and more.

Is AI Conscious?

A common misconception about AI is that it is currently conscious or will become so in the near future.

One of the most interesting use cases for AI is Sophia, a humanoid robot introduced in 2016. It is the first robot to have been granted personhood and citizenship status in Saudi Arabia. Sophia can hold simple conversations and express facial expressions. Her code is 70% open source and critics who have reviewed her code have said that she is essentially a chatbot with a face because her conversation is primarily pre-written responses to prompted questions. Her existence has sparked an interesting debate over the possibility of having AGI (artificial general intelligence) in the future.

While Sophia’s sophistication in robotics is undeniable, the notion of her “consciousness” remains contested.

AI vs. ML vs. DL

There are two other terms that are often misconstrued or used interchangeably with AI. These are Machine Learning (ML) and Deep Learning (DL). It depends on use context and who may be using these terms as to what their more specific definition is. I consider them as subsets. ML is a subset of AI and DL is a subset of ML.

What is Machine Learning?

Machine Learning is set apart by its ability to learn and respond differently and uniquely by ingesting large amounts of data using human-built algorithms. This is done through either supervised learning, where the computer is given specific parameters by the developer to compare data inputs. Or unsupervised learning, where the computer is fed data and the algorithms allow for the computer to find relationships on its own. 

Applications for Machine Learning

In our daily lives, Machine Learning shapes experiences on music platforms like Spotify and Soundcloud. These platforms use algorithms to predict the best song choice for a user based on their preferences. Youtube employs a similar video-generating algorithm to select a video after one is finished.

Machine Learning in Cybersecurity

Machine Learning is used a lot in the cybersecurity world. Its tools may be used to ingest large amounts of data from networks and highlight security risks based on that data, like malicious access to sensitive information from hackers. This makes threat hunters’ jobs much more manageable. Instead of having to set security alerts and then respond to those alerts, we can use machine learning tools to monitor our environment. Based on prior attacks and knowledge of an organization’s systems and networks we better understand that an attack might be taking place in real time. As you can imagine, these tools are far from perfect, but they’re definitely a step in the right direction. 

What Is Deep Learning?

Deep learning is again an even more precise subset of Machine Learning. It functions in nearly the same way as ML but is able to self-adjust whereas ML requires human intervention to make adjustments.

Applications For Deep Learning

Some examples that are being used today are computers that can do image and pattern recognition. We’ve also seen this done with computers being able to ingest hours and hours of sound from an individual and then mimic their speech patterns. Self-driving cars would also fall into this category as they actively ingest data about the conditions of the road and other cars and road hazards to correct the car’s driving.

The common large language models like ChatGPT and Google’s Bard are considered deep learning as well.

Deep Learning In Cybersecurity

The ability for DL tools to mimic speech poses a genuine concern for cybersecurity professionals as it will allow for attackers to perform spear phishing attacks that are much more convincing.

Using AI For Good In Cybersecurity

Elevating Cybersecurity Blue Teams

One of the most important tools in the field of cybersecurity is something we call a SIEM. This stands for Security Information and Event Management. Traditionally a SIEM tool would be used by security operations center analysts to give us a clear picture of what is happening on an organization’s computer networks and applications, detect any malicious activity and provide alerts to the analysts so that they can respond accordingly. 

With Machine Learning, these tools have been upgraded so that if a security event occurs, the response is automated instead of the security team having to do this manually. 

These new tools we call SOARs: Security Orchestration, Automation, and Response. To give you an example, if a user in your organization was hacked and their account was being used by someone else, with a SIEM, if it’s working as intended, it may alert the security team that an account is being used maliciously. The analyst would inform the necessary parties and take that account offline or take the network down where that compromised account is being used. 

With a SOAR, whatever response that would be taken by the security analyst to remediate the issue, is now automated. SOARs use the concept known as playbooks, prebuilt and automated remediation steps that initiate when certain conditions are met. This transition not only expedites incident response but also minimizes potential human errors, significantly enhancing an organization’s cybersecurity posture. This still requires human intervention because this technology is still far from perfect.

Combat Phishing Attacks & Spam

AI is being used in the cybersecurity field to help our security personnel identify and classify phishing attacks and spam. It’s also being used to help with malware analysis where we can run the code of a discovered exploit through an AI tool and it may tell us what the outcome of that malware would have on our environment.

Expedite Incident Response

We can use AI to help us with Incident Response, as I mentioned earlier, with the automated remediation efforts that can happen with SOAR tools. AI can also be used to gather data to predict fraudulent activity on our networks which can help the security team address a potential liability before data is stolen or malware is installed on a system.

Prevent Zero-Day Attacks

With Machine Learning, cybersecurity professionals have a much better chance of protecting themselves against zero-day attacks. This is when a system or application vulnerability was previously unknown to the application’s developer. With Machine Learning, that vulnerability could be identified before an exploit occurs. In addition, machine learning could identify an intrusion before data is stolen or an exploit is carried out.

AI Uses for Bad Actors

Even with all the positive possibilities of AI and Cybersecurity, there is a dangerous side. The same technologies being used to protect our networks can and are being used to make hacking easier. 

Trick Network Security

If machine learning tools are implemented on a network, proficient hackers may be able to identify this. They can then act accordingly to deceive the machine learning tool into thinking that the hacker is a regular user.

Elaborate Phishing Campaigns

A very scary use case for AI being used by hackers is to create far more convincing phishing campaigns. The major cause of breaches is still mainly a human element. And, phishing is still one of the most common ways that hackers cause data breaches.

At the moment, phishing attacks are generally pretty easy to identify. International hackers may use bad grammar or send from an obviously fake email. They may try to hide links to websites that can easily be determined to be falsified. But with the introduction of AI, all of these mistakes can be fixed. 

ChatGPT can easily pass as a human. It can converse seamlessly with users without spelling, grammatical, and verb tense mistakes. That’s precisely what makes it an excellent tool for phishing scams.

Convincing Impersonations Of Public Figures

Another thing cybersecurity professionals are worried about is AI being used to mimic speech patterns, which would make spear phishing campaigns much more difficult to detect. I can easily imagine a world in which Twitter employees are being bombarded with fake emails from Elon Musk, or fake phone calls because his voice would be so easily recreated by AI. And this could happen with just about any CEO or any personnel from any organization.

The Road Ahead

AI is going to make us more efficient and more productive, as almost all technologies have done throughout history. But, as we navigate the evolving landscape of AI in cybersecurity, it is paramount to remain vigilant against its misuse.

I’ll leave you with this quote from Sal Khan, the CEO and founder of Khan Academy:

“If we act with fear, and say, ‘hey we just need to stop doing this stuff’ what’s really going to happen is the rule followers might pause, might slow down, but the rule breakers, the totalitarian governments, the criminal organizations, they’re only going to accelerate. And that leads to what I am pretty convinced is THE dystopian state, which is the good actors have worse AIs than the bad actors. We must fight for the positive use cases. Perhaps the most powerful use case, and perhaps the most poetic use case, is if AI (artificial intelligence) can be used to enhance HI (human intelligence), human potential, and human purpose.”

Disclaimer: The information in this blog is current as of August 30, 2023. Current policies, offerings, procedures, and programs may differ.