Defending At Machine-Speed With AI-Based Security

With the specter of artificial intelligence impacting jobs looming everywhere, consider the opinion that in security and in life, it’s not about what technology can do but it’s about what humans can do when they are empowered by technology.

By Daksha Bhasker, CISSP
7 July 2023

Looking back at this year's RSA conference, artificial intelligence (AI) was one of the dominant themes on both the show floor and across the conference and the keynote presentations.

Vasu Jakkal, Corporate Vice President at Microsoft Security, delivered a timely and pertinent keynote that focused on the integration of AI with security. Her opening statement – "In security and in life it's not about what technology can do but it's about what humans can do when they are empowered by technology" – set the stage for a highly topical look at the technology and its cybersecurity implications.

She addressed squarely the swirling fears in the industry: that recent advances in AI will replace humans with machines: "Human essence and human expertise after all was, is, and will continue to be the most precious resource." This statement offered much-needed reassurance in the face of the unknown and fascinating technology.

Cutting the Cost of Cybercrime with AI

Vasu presented AI as a technology that brings hope and optimism to the security industry; that it will empower defenders in a multitude of ways, by augmenting their skills and enhancing productivity. She offered the cost of cybercrime – a hefty $24 trillion in 2027 – as the potential dollar value that could be repurposed for a greater economic good by integrating AI technologies with cybersecurity.

While reflecting on innovation through the centuries, Vasu suggested we are on the cusp of Industrial Revolution 5.0 - the point at which AI becomes mainstream. The speed of innovation adoption has become increasingly quick: ChatGPT, the new generative AI model, reached 100 million users in a mere three months from its release. This contrasts starkly with mobile phones, which took 16 years to reach 100 million users, and even the internet, which took seven years to reach 100 million users.

Vasu argued that the convergence of three technologies means the timing is perfect for security specific AI models:

1. Artificial Intelligence (AI): specifically, generative AI models, large language models (LLM), natural language Processing (NLP) and foundational models that build on each other.
2. Hyperscale data: i.e., high resolution data that is generated world over from sensors everywhere, in factories, buildings, workplaces that can be parsed by AI for context, insights and value. This, coupled with cloud computing, offers economies of scale and reduces cost per query.
3. Threat Intelligence (TI): When TI meets hyperscale data and AI augmented with all the security skills built-in, it allows threat analysts to discover tactics, techniques, and processes that they could not before without significant resources and effort. It is a radical uplift in productivity and a shift in productivity paradigm.

Among the multitude of ways AI-based security models will propel the cybersecurity industry forward, Vasu offered the following:

• Speed to defend: by catching what we have historically missed, by discovering and building kill chains in minutes, analyzing threat signals, and offering insights rapidly.
• Addressing the talent gap: ease of onboarding new talent, personalized training, augmenting security experts' skills with AI. The scale of the talent gap has been identified by the (ISC)² Cybersecurity Workforce Study.
• Simplifying the complex: security experts work with a multitude of tools, datasets, conducting painstaking analysis that can be laborious, whereas security-specific AI can surface insights with context - simplifying the work. It can also take over repetitive tasks freeing up humans for higher-level strategic thinking.
• Breaking down barriers of diversity: AI breaks down the barriers of diversity as it augments an individual at a personal level. It can augment skills from various domains, from social scientists to language experts, while using natural language. It enables inclusivity like never before.
• Shifting to predictive: over time, AI security models will be able to detect patterns and insights that can shift the paradigm to predictive, protection and prevention, i.e. from defensive to preventative and predictive.
• Creating new roles: new roles such as prompt engineers are now needed, both to design the questions to which the AI model will respond and to optimize its NLP.

Vasu named several key ingredients as imperative for successfully harnessing the power and potential of AI:

• Trust: adoption of new technology begins with trust. People need to be able to explain the tailored insights AI offers by understanding how and what it is doing - the "trust with verification" approach.
• Privacy: since AI offers personal, tailored insights, we cannot overlook the privacy and personal data it needs to do this.
• Curiosity of people: embrace it, engage with AI, be fascinated and have a growth mindset as it will uncover new paradigms and possibilities.
• Responsible AI: with powerful technologies comes great responsibility to do it right.
• Diversity: AI needs to include diversity to prevent the building-in of unconscious biases. This technology requires the participation of everyone.
• Ethics: ethics must remain at the core of AI.

As security practitioners, it's our responsibility to harness technologies that help us be better defenders. As AI/ML solutions go mainstream into the DevSecOp cycles, don't forget to augment your security threat models for AI-related vectors. As technologies converge, keep an eye on quantum computers, the evolution of which could further disrupt AI models. And, if you haven't tried out ChatGPT, then try it and be fascinated by what you find it can do.

Daksha Bhasker has over 20 years of experience in technology and telecommunications service provider industries. She's held roles in both business management and technology development, accountable for complex solution architectures and security systems development. Daksha's security work spans carrier scale voice, video, data, and security solutions.