chat
expand_more

How CISOs Are Staying Ahead of Bad AI with Good AI

Learn how CISOs are using good AI to fight bad AI in this recap from Chapter 2 of our Convergence of AI + Cybersecurity series.
October 26, 2023

This is a recap of part two in our three-part series, The Convergence of AI + Cybersecurity. Read the recap of part one here.


Cybercriminals can and are using artificial intelligence for the same reasons that non-criminal organizations are: to augment and enhance human potential. Leveraging generative AI and large language models, threat actors can craft more complex, personalized email attacks at scale.

During the second chapter of The Convergence of AI + Cybersecurity web series, a panel of Fortune 1000 CISOs shared how they are fighting back in kind, tackling the malicious use of AI by adopting AI-native cybersecurity solutions.

Here are a few important insights from the webinar.

Generative AI Enables Novice Cybercriminals to Uplevel Attacks

Cybercriminals have harnessed large language models and generative AI to enhance the sophistication and scalability of their email attacks. Utilizing this technology to collect real-time data on their targets and convincingly impersonate individuals, threat actors of all skill levels can increase the effectiveness of their attempts to acquire sensitive information or funds.

Although legitimate tools like ChatGPT have built-in measures to prevent malicious use, these safeguards can be circumvented. Additionally, tools like FraudGPT further facilitate hacking by lowering the barrier of entry for less advanced attackers.

“For all the reasons we want to use AI for good, they're using it for bad, and they're focusing on where they can get sort of better bang for their buck. We see bad actors using technologies like FraudGPT to create things like phishing-as-a-service.”
—Gary Brickhouse, CISO and Vice President, GRC Services, Guidepoint Security
“We had this in the mid-2000s when hacker and fraud forums popped up and they were all teaching each other. It made us really, really nervous about how quickly a lay hacker could get up to speed. This is just another iteration of that [except] much, much faster and much, much better.”
—Stephen Ward, Managing Director, Insight Partners

AI Empowers Security Teams to Be More Effective and More Efficient

AI is perfectly suited for sifting through large amounts of data very quickly and automating complex actions, which means it excels in reliable threat detection. By combing through an organization’s network, AI-powered solutions create a baseline of good behavior and trusted devices. The AI then flags any deviations that might indicate a threat.

Additionally, the panelists agreed that AI has the potential to significantly enhance the efficiency and effectiveness of security operations. By using AI to filter out false positives and automate routine tasks, security teams can focus on more strategic and value-added work.

“We're now feeding the contents of suspicious inbound email messages into a large language model to discern whether they were created by generative AI. This helps us detect more sophisticated phishing and BEC messages that lack some of the indicators of human-created attacks. Sometimes it takes generative AI to detect a generative AI-created threat.”
—Bradley Schaufenbuel, CISO, Paychex
“We're reducing the time that an analyst spends chasing down a given threat by using the AI engines. That's measurable, and it benefits the entire organization.”
—Patrick Hellman, Vice President and Chief Security Officer, Arrow Electronics

Enterprises Must Embrace the Paradigm Shift

AI is still an emerging technology, and even the experts aren’t certain where it will go in the years to come. But for these CISOs, it’s clear that AI is here to stay, and embracing it is essential in order to stay ahead of threats.

Further, while AI is undeniably powerful, the panelists emphasized the need to ensure your organization isn’t just using AI for AI’s sake. They highlighted the importance of understanding the specific functionality of AI-powered tools and the outcomes they aim to achieve, such as reducing false positives, decreasing response times, and improving overall threat detection.

“Necessity prompted us to start using AI-enhanced security tools. The more cybercriminals leverage AI, the more sophisticated attacks become, and the lower the efficacy of our traditional security tools.”
—Bradley Schaufenbuel, CISO, Paychex
“Innovation requires bravery. We're very lucky to be a part of this moment. There's going to be a lot of bravery that's needed over the next 10 years to really see where this takes us. But it's an incredible time to be in this space.”
—Stephen Ward, Managing Director, Insight Partners
“Using AI to fight AI is the key. Our teams loved jumping in and seeing what the tools could do. And with that, we have to apply some guardrails. But don't be afraid of the tool. Get in, use it, and see how it can help you do your job and fight the bad guys.”
—Patrick Hellman, Vice President and Chief Security Officer, Arrow Electronics

For additional insights into the evolving threat of AI, watch the on-demand recording of Fighting AI with AI: A CISO Panel on Security Best Practices.

Watch the Webinar
How CISOs Are Staying Ahead of Bad AI with Good AI

See Abnormal in Action

Get a Demo

Get the Latest Email Security Insights

Subscribe to our newsletter to receive updates on the latest attacks and new trends in the email threat landscape.

Get AI Protection for Your Human Interactions

Protect your organization from socially-engineered email attacks that target human behavior.
Request a Demo
Request a Demo

Related Posts

B Proofpoint Customer Story Blog 8
A Fortune 500 transportation and logistics leader blocked more than 6,700 attacks missed by Proofpoint and reclaimed 350 SOC hours per month by adding Abnormal to its security stack.
Read More
B Gartner MQ 2024 Announcement Blog
Abnormal Security was named a Leader in the 2024 Gartner Magic Quadrant for Email Security Platforms and positioned furthest for Completeness of Vision.
Read More
B Gift Card Scams Tricker to Spot Blog
Learn why gift card scams are becoming more difficult to identify, how cybercriminals evolve their tactics, and strategies to protect your organization.
Read More
B Offensive AI 12 16 24
Learn how AI is used in cybersecurity, what defensive AI vs. offensive AI means, and how to use defensive AI to combat offensive AI.
Read More
B Proofpoint Customer Story Blog 7
See how Abnormal's AI helped a Fortune 500 insurance provider detect 27,847 threats missed by Proofpoint and save 6,600+ hours in employee productivity.
Read More
B Cyberattack Forecast Emerging Threats Blog
Uncover the latest email threats and strategies to strengthen your cybersecurity and prepare for 2025.
Read More