The Good, the Bad, and the Ugly: Discussing the Future of AI

This is a recap of part three in our three-part series, The Convergence of AI + Cybersecurity. Read the recaps of part one and part two here.

Cybercriminals have eagerly embraced AI to create convincing email attacks capable of outsmarting legacy security systems and, in many cases, humans. As a result, the cybersecurity landscape has been permanently transformed, and we’ve now entered an era where the efforts of both attackers and defenders are driven by AI.

Over the past month and a half, we’ve explored the ways AI and cybersecurity are colliding in our limited series, The Convergence of AI and Cybersecurity.

During the third and final chapter, our panel of AI and cybersecurity experts discussed the recent ubiquity of AI, positive and malicious use cases for the technology, their predictions for the future of AI, and how organizations can protect themselves from novel threats.

Here are a few important insights from the webinar.

While AI and machine learning still feel novel, these technologies have been around in some form for decades. The difference now is that the computational costs are decreasing and new algorithms are more accessible. This creates positive, negative, and sometimes surprising effects.

Even when ChatGPT skyrocketed in popularity one year ago, the technology wasn’t entirely new. Many of the capabilities existed previously; it was simply the application layer that was original and developed to be user-friendly for a wider audience.

“These new technologies are available to everyone, [including], unfortunately, the bad guys. We’re in this age where these powerful technologies and tools can be used by everyone for both good stuff and bad stuff. I'm really excited to see how AI will improve all of our lives.”
—Evan Reiser, CEO, Abnormal Security

“AI is a scientific pursuit, and the people building these systems want to share their knowledge. You don't see this sort of advancement this quickly in any other industry that isn't sort of academic in nature, that doesn't want to share its learnings with each other.”
—Zack Kass, Former Head of GTM, OpenAI

AI is developing rapidly, which means its use cases are still coming into focus. Evan Reiser, CEO of Abnormal Security, says it may take 10 years to fully understand how AI will change our lives.

Today, on an individual level, AI enables us all to consume and process information in a faster, more impactful way. From an organizational standpoint, enterprises can leverage AI to respond to growing business demands without increasing labor costs. Rather than replacing employees, AI can be a force multiplier that can maximize the productivity of an existing workforce.

“There's a massive amount of information that all of us are trying to synthesize, and there are limited hours in the day. It's like this universal translator between the digital world and the analog world which we live in to help us succinctly consume information and take action.”
—Evan Reiser, CEO, Abnormal Security

“We can put this [technology] into our tools and it absolutely helps people on a day-to-day basis do more. They can do things faster and do things that previously weren't possible with this human-level analysis. It's not replacing humans, but it's a new way for you to get more out of the humans on your staff.”
—Mike Petronaci, CTO, Proactive Security, CrowdStrike

Threat actors already use generative AI to target organizations with convincing phishing and social engineering attacks. Even inexperienced cybercriminals can use AI to craft advanced email attacks in seconds. While social engineering is already a leading form of cybercrime, AI tools make these attacks more accessible, targeted, and sophisticated.

The same can be said for malware. Cybercriminals can now execute an attack operation at a speed and complexity that's not been seen before. Bad actors can even embed malicious artifacts into AI models, which could respond to attackers’ prompts and offer backdoor access.

“This used to be the tradecraft of the most sophisticated actors in the world and now it has become a very scalable and accessible thing to do high-fidelity social engineering. That obviously affects how people operate their business and how they operate their IT team.”
—Mike Petronaci, CTO, Proactive Security, CrowdStrike

“As AI becomes more mainstream for cybercrime, we're going to need good AI to stop the bad AI. The optimist in me says AI can play a big role in the defensive side for us to stop those new attacks.”
—Evan Reiser, CEO, Abnormal Security

Cybersecurity is like a chess game. Both security professionals and attackers are trying to stay several moves ahead of their competition. The adversary often enjoys an innovation advantage because it takes people a while to observe, respond, and ultimately prevent attacks. However, although AI poses significant threats, it can also be harnessed as a powerful tool for defense against these threats.

That being said, incorporating AI into your security operations requires a strategic and informed approach, with security leaders needing to understand how AI will be used both offensively and defensively. Reiser highlighted the importance of understanding the changing threat model in cybersecurity and preparing for a future where personalized attacks become more prevalent due to AI technologies.

“If you're not using AI in six months, if it's not deeply integrated into your business, and if your key vendors are not adopting it in strategic material ways, your business is in an enormous amount of trouble.”
—Zack Kass, Former Head of GTM, OpenAI

“I encourage security leaders to have a real conversation with any vendor that's saying they use AI and ask them how they assure your privacy, assure the accuracy of what's coming out of [their platform], and assure safety.”
—Mike Petronaci, CTO, Proactive Security, CrowdStrike

“Cybersecurity technology that was great in 2020, it's not going to work anymore in 2030. For the sake of our civilization, I want all of our security leaders in the world to think about how they can prepare for the future because it's going to be rough before it gets a lot better. But it will get better.”
—Evan Reiser, CEO, Abnormal Security

For additional insights into the future of AI, watch the on-demand recording of Securing the Future with AI: A Discussion Among Leading AI Experts.