View all on-demand sessions from the Intelligent Security Summit here.
Is generative AI good for security teams? Since the launch of ChatGPT in November, there has been a heated debate over whether artificial intelligence (AI) will tilt the threat landscape in favor of threat actors or defenders.
An offensive versus defensive AI war is underway where cybercriminals can use technologies such as generative AI to generate malicious code, while security teams can use it to identify vulnerabilities.
VentureBeat recently hosted a Q&A with David Reber, chief security officer Nvidia and ex-senior director of cybersecurity nutanix. He shared his thoughts on the impact generative AI and tools like ChatGPT will have on the threat landscape in 2023.
Below is an edited transcript:
Contents
Event
Intelligent Security Summit on demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out on-demand sessions today.
Look here
VB: Why is AI needed to stop AI-driven cyberthreats?
Reber: Understanding your opponent’s limitations will give you insight into where they may or may not go. One of the opponent’s traditional constraints has been tailoring attacks to scale and knowledge.
With advancements in generative AI, finely tuned and targeted attacks are within reach of the least sophisticated attackers.
Machine scale is the competition. Speed and complexity of attacks exceed human capacity. This is where AI for the defender comes into play. How do we use their tools against them? It’s a cat-and-mouse game that will be around forever. Continuous adjustment on both sides, now machine scale adjustment.
VB: What challenges do security teams face when using defensive AI against offensive AI?
Reber: Ten years ago, the industry switched to a strategy of ‘presume infringement’. We recognized the dichotomy that the opponent has to be right once, while the defense has to be right every time.
Our adversaries understand our limitations: human capacity, regulations, competing priorities. As we increasingly face stricter regulations for commercial cyber practices, the need to get it right is only increasing.
The challenge with AI is fundamental trust. How do we know that redirecting human capacity elsewhere works? Essentially it’s AI until we trust it, then it becomes automation.
We have a self-driving car, but do we trust it to get us to our destination? The offense is in a demolition derby. As long as they make an impact, they win. They have no rules, boundaries or the legal oversight to prevent things from going wrong.
VB: How can CISOs/security leaders use AI to ‘outfox’ the use of malicious AI?
Reber: It is estimated that by 2022, more than 14 billion devices will be connected to the internet. To outsmart the use of malicious AI, security leaders must be less interesting than the average target or increase the cost of the attack. While we’re in the formative stage of generative AI, we can look at traditional stall tactics.
Create a more interesting target on your network, [a] honey pot, who knows how to handle in return. The goal is to force the opponent to make more noise and waste time on less valuable agents. Disguise fake data as intellectual property. It’s a battle of deception. The game hasn’t changed, the toys are just different.
Reber: It will democratize offensive security. Previously, crime was limited by real-time scale customization and technical know-how. ChatGPT has the potential to remove this limiting factor.
It will spawn a new generation of script kiddies, more of a fleet of prompt kiddies. The opponent’s restrictions are now removed. It is also a chance for the defender to predict what is to come. Look around the unexplored corners of their attack surface.
Reber: The market is flooded with niche solutions. Everyone is trying to find their piece of the next generation of computers. With the current economic situation, we all need to find ways to do more with less. This will lead to more unification of technology stacks and less investment in point solution tools.
History still teaches us the power of collective defense. As we embark on the new generation of democratized offenses, we need to come together as an ecosystem.
Interoperability to transport information exchange is how we stay ahead of the competition. If you are the one in 14 billion, share your knowledge. Enable the industry to move faster than the opponent.
VentureBeat’s mission is to become a digital city plaza where tech decision makers can learn about transformative business technology and execute transactions. Discover our Briefings.
Janice has been with businesskinda for 5 years, writing copy for client websites, blog posts, EDMs and other mediums to engage readers and encourage action. By collaborating with clients, our SEO manager and the wider businesskinda team, Janice seeks to understand an audience before creating memorable, persuasive copy.