AI: Friend or Foe? How artificial intelligence is changing the cybersecurity landscape

Artificial intelligence (AI) has made significant strides in many fields, but its impact on cybersecurity is particularly transformative. Our Chief Information Security Officer (CISO) at BlackDice, Paul Jenkins, recently shared insights on how AI is reshaping the cybersecurity landscape in a webinar hosted by the Education & Training Foundation (ETF), and aimed at teachers delivering cyber qualifications.

This blog explores the key points from his presentation, offering a comprehensive look at how AI is both enhancing, and challenging, our security frameworks.

First, let’s define what we mean by AI in cybersecurity

When discussing AI in the context of cybersecurity, we predominantly refer to machine learning (ML). ML is a subset of AI that trains algorithms to learn from data, recognise patterns, and make decisions with minimal human intervention.

Generative AI, a more recent development, leverages ML for data processing and pattern matching, creating coherent outputs based on context and instructions. This capability is widely seen in tools like OpenAI’s ChatGPT and Google’s Gemini project.

AI as a defensive tool

AI has become integral to modern cybersecurity defences, and is being used in various ways:

• Automated threat detection: AI systems continuously analyse vast datasets to identify patterns and anomalies that might indicate threats. This is crucial as traditional methods often miss new or sophisticated exploits. For instance, AI can detect unusual activities such as unauthorised access attempts or malware distribution by learning from historical data

 

• Proactive security posture: By understanding the tactics, techniques, and procedures (TTPs) of past attacks, AI systems adapt to new information, allowing for proactive rather than reactive security measures. For example, if an employee’s account accesses sensitive data at odd times or from unexpected locations, AI can flag this for further investigation

 

• Network security for telecoms: AI helps establish a baseline of normal network behaviour, detecting deviations that warrant user investigation. This capability is critical in maintaining secure telecom networks, ensuring that any abnormal activity is quickly identified and addressed

 

The dual use of AI

AI in the context of cybersecurity, can be viewed as something of a double-edged sword. This is because, while it enhances defence mechanisms, it’s also exploited by cybercriminals, and believe me when I say, the types are vast and are increasing in frequency every day.

Some of the most prevalent ways that cyber criminals exploit AI include:

• Enhanced attacks: Cybercriminals use AI to automate reconnaissance, identify vulnerabilities, and craft sophisticated phishing campaigns. AI-generated phishing emails mimic legitimate communications, increasing their effectiveness

 

• Advanced malware: AI is used to create adaptive malware that changes its behavior to avoid detection by traditional security systems. This polymorphic malware can remain undetected longer, causing more damage.

 

• Social engineering and deepfakes: AI can analyse social media and public data to craft highly personalised attacks. It also creates realistic deepfake audio and video, which can be used in social engineering attacks to impersonate trusted individuals.

AI systems as attack vectors

AI systems themselves are even potential targets. Prompt injection attacks, for instance, manipulate AI model outputs, particularly those relying on natural language processing (NLP). These attacks can cause models to behave unpredictably, generating harmful or misleading responses. To counter this, explainable AI (XAI) aims to make AI models more understandable and their decisions more transparent.

The arms race: AI vs. AI

In cybersecurity, we see an ongoing ‘arms race’ where both attackers and defenders use AI to outsmart each other. Cybercriminals enhance their tactics with AI, while defenders use AI for automated threat detection, monitoring network traffic, and recognising malicious behaviour. This continuous cycle of attack and defense pushes the boundaries of cybersecurity technologies, and fuels continuous innovation in our field.

Ethical considerations

Understandably, AI’s use in cybersecurity raises several ethical issues. For instance, bias in AI systems can lead to unfair targeting or overlooking threats. The collection of large datasets for AI training must balance respect for individuals’ privacy rights with regulatory compliance. Moreover, there is a risk of job displacement due to AI automation, necessitating reskilling and upskilling opportunities.

 

Despite these challenges, AI’s future in cybersecurity is promising… here’s why:

• Enhanced threat detection and response: AI systems will become more sophisticated in identifying and neutralising threats quickly
• Predictive capabilities: AI will advance to predict cyber-attacks before they occur, shifting security strategies from reactive to proactive
• Integration with emerging technologies: AI will integrate with blockchain, IoT, and quantum computing, creating more robust security systems
• Collaboration and information sharing: AI will facilitate real-time sharing of threat intelligence, enhancing coordinated responses to large-scale attacks

Final thoughts

AI is set to play a central role in the future of cybersecurity, helping organisations stay ahead of increasingly sophisticated threats. While there are challenges, the continuous evolution and improvement of AI technologies promise a more secure digital landscape.