Just how Threat Actors Will Maltreatment AI To Defeat Web Security
“There are no silver bullets in web security, ” is old but accurate advice. Therefore CISOs who hoping that artificial intelligence/machine learning will do more than simply take the load off an already over-worked security team are dreaming. AJAI won’t be the silver precious metal bullet that creates an impenetrable wall around the enterprise.
In fact, alerts SecurityWeek columnist Kevin Townsend today, AI is merely as likely to be used against an enterprise — and AI-based products by using — by destructive actors as it is to prevent attacks.
His column is an enlargement and commentary on an academic article last month on the actual malicious misuses of artificial intelligence. Quickly, the paper states what every infosec practitioner should know: Any tool will be turned against you. CISOs probably don’t believe about it, but AI techniques and algorithms will have vulnerabilities that can be exploited. And it is not only that threat actors can use AI/ML to systemize processes, the report remarks. The technology shows signs of being able to generate synthetic images, textual content, and audio tracks which may be used to impersonate others online, or to swing public view by releasing AI-generated content through cultural media channels.
Think imitation news is common now? Just wait.
“There is currently a great offer of interest among cyber-security researchers understand the security of ML systems, inches Townsend quotes the newspaper as saying, “though at present there seem to be to be more questions than answers. “
Townsend quotations securities vendor who remarks the report doesn’t refer to an example of a potential attack: Using AJAI to undo the de-anonymization of data.
Still, the paper does speak about many other attacks likely to be seen soon if enough defenses aren’t created. It also warns that once governments realize the implications they will be tempted to part of. Since a result the writers urge policymakers to work together closely with technical analysts to review, prevent, and offset potentialmalicious uses of AJAI. Additionally, they say AJAI researchers and developers “should take the dual-use character of their work seriously” and consider how their work could be mistreated.
The good news is the cyber security industry is aware of the problem, says Townsend. AJAI can be leveraged to daily (or hourly) review the configuration of an environment for changes or compliance with security best practices, says one merchant.
In the meantime what can a CISO do? Last year I offered a column with a security vendor who advised questions infosec leaders should ask of providers whoever solutions include artificial brains. That’s a good start. Another is reading the research paper.https://en.wikipedia.org/wiki/Computer_security