The Future of Cybersecurity with AI

The Future of Cybersecurity with AI

In the realm of cybersecurity, many questions are being raised about the impact of artificial intelligence (AI). How will AI affect cybersecurity? How will it benefit companies' cybersecurity processes? Will attacks increase? Will cybersecurity experts find jobs in the future? What do the managers of cybersecurity companies think?

Cyber Security Companies C Level Managers Thoughts about AI

George Kurtz - CrowdStrike

CrowdStrike CEO George Kurtz discusses the role of virtual assistants and collective wisdom in AI, emphasizing its transformative potential in cybersecurity. He highlights how AI can significantly enhance threat detection and response times, making it a critical component of modern security strategies​ (CNBC)​.

Shawn Henry - CrowdStrike

CrowdStrike CISO Shawn Henry predicts an increase in cyber attacks due to AI advancements, highlighting concerns about democracy, elections, and misinformation. He stresses the need for continuous adaptation of defense strategies to counter AI-driven threats​ (YouTube)​.

Nikesh Arora - Palo Alto Networks

Palo Alto Networks CEO Nikesh Arora points out that AI will lead to more attacks and ransoms, emphasizing the importance of data sharing for training models, which introduces new attack vectors. He also notes that AI can generate malware and teach models to bypass security measures, fundamentally changing the threat landscape​ (YouTube)​.

Ken Xie - Fortinet

Fortinet CEO Ken Xie mentions integrating AI across Fortinet's product line to enhance security measures and operational efficiency. He introduces the concept of "Work from Anywhere" (WFA) to adapt to evolving cybersecurity needs, leveraging AI for better threat detection and response​ (CDSA Online)​​ (SiliconANGLE)​

Eva Chen - Trend Micro

Trend Micro CEO Eva Chen states that AI is being used in their products to enhance security measures and streamline processes. She highlights the role of AI in automating mundane security tasks and improving advanced security actions​ (NewsRoom)​.

Kevin Mandia - Mandiant

Mandiant CEO Kevin Mandia believes that AI won't replace analysts yet, but attackers will increasingly use it. He emphasizes the critical need for collaboration between public and private sectors to counter sophisticated cyber threats, particularly from nation-state actors​ (SiliconANGLE)​.

AI will Increase Cyber Attacks

However, the potential for AI to increase cyber attacks cannot be ignored. 

AI can write code, reduce the need for technical knowledge, create realistic sounds, video, content and automate processes. 

This makes it easier for attackers to conduct more sophisticated and widespread attacks using AI. 

Experts povide various insights about the role of AI in cybersecurity. They agree that AI offers significant opportunities for both defenders and attackers. However, it is crucial to use AI ethically and correctly.

The integration of AI into cyber attacks is becoming increasingly prevalent. 

According to the ISC2 report, 54% of respondents noted a substantial increase in cyber threats over the past six months, with 13% directly linking this to AI-generated threats. 

AI enables attackers to automate and enhance the sophistication of their attacks, making them faster and harder to detect. 

Cybersecurity professionals also fear that AI will be used for misinformation campaigns, social engineering, and deepfake technology​ (Home | ISC2)​.

In the next section, we will examine the impact of AI on cybersecurity jobs.

AI effect on Cyber Security Jobs

The general consensus is that the need for cybersecurity experts will increase with AI. 

AI may change security testing but we will still be security experts.

For example, a query previously might have used parameters like "id=3&project=s4e&user=admin&tools=dns", whereas now it could be more natural language like "Can you fetch the DNS scan results for the admin user related to the s4e project?". 

This will require security experts to interact more with AI and develop new skills.

Next, let's look at the security of AI models.

Securing AI models: OWASP Top 10 for LLM 

Testing AI models is a crucial step to ensure their robustness and reliability.

 Large Language Models (LLMs) present unique security challenges and attack vectors. 

To address these, OWASP has identified and categorized the top risks associated with LLMs. Understanding these risks is essential for securing AI models effectively.

The OWASP Top 10 for LLM includes:

1. Model Theft: Copying the AI model.
2. Adversarial Attacks: Inputs specifically designed to deceive the AI.
3. Model Manipulation: Altering the content of the model.
4. Data Poisoning: Corrupting the training data.
5. Model Inversion: Inferring original data from the model's outputs.
6. Privacy Risk: Exposure of personal information.
7. Misleading Model Performance: Misrepresentation of the model's performance.
8. Algorithmic Bias: AI bias against certain groups.
9. Security Vulnerabilities: Security flaws in AI software.
10. Model Reliability: Inconsistent and unreliable AI results. (OWASP)

Companies Approaches on AI

According to the "Creating Effective AI Policy" section from ISC2, the graphics show:

• 80% of companies plan to integrate AI into their cybersecurity strategies.
• 60% state that AI holds a significant place in their security budgets.
• 50% use AI in threat detection and response processes.

Only 27% of surveyed organizations have a formal policy on the safe and ethical use of AI, and only 15% have policies covering securing and deploying AI technology. Around 39% are still developing their AI policies, while 18% have no plans to create one.

When it comes to allowing access to generative AI tools, 12% of companies have blocked all access, 32% allow some access, and 29% allow full access. About 17% are not discussing the issue at all​ (ISC2)​.