As both businesses and individual users grow more comfortable using generative AI, there will be a
            significant spike in activity associated with those crawlers. Imperva Senior Product Manager Lynn Marks
            agrees, noting that data scraping is “becoming more of an issue for organizations” as their data is used
            to train the large learning models (LLMs) that inform generative AI tools.

            Triebes points out that generative AI will make its presence felt in other areas, as well—including a shift
            toward AI-based coding in the future. Director of Technology within the Office of the CTO Peter Klimek
            agrees and says that “new and/or junior developers will benefit greatly” from AI-enabled development
            tools, increasing productivity and output by automating routine tasks. However, he acknowledges that
            those same tools will “help script kiddies graduate into skilled hackers capable of carrying out more
            complex exploits.” In the near term, Triebes believes generative AI will primarily be used to perpetrate
            fraud.

            “It will be much easier for fraudsters to masquerade as somebody else—at least online,” explains Triebes.
            “AI will lead to a new breed of fraud and social engineering attacks. A fraudster could scrape the internet
            for information about you and then weaponize a voice recording of you. Through generative AI, they can
            create a pseudo version of you. If they package that effectively, they could contact your bank and request
            a password reset.”

            Ron Bennatan,  Imperva  Fellow,  Data  Security agrees.  He  expects  to see  an  increase  in attacks as
            attackers leverage AI to fool their victims, noting, “because LLMs are so good at both understanding
            humans and creating text communications that really look like they were created by humans, attackers
            will be able to target and ‘hack’ individuals far better than before.”

            Alan Ryan, AVP, UK & Ireland, notes that as attackers invest in AI, so too must defenders. Bad actors
            are investing heavily in AI in an attempt to gain an upper hand over defenders, which means organizations
            need to ensure they are investing in these solutions as well. Ryan says AI doesn’t necessarily “change
            the balance of ‘good vs. evil,’” but instead just represents the next evolution of the ongoing cat and mouse
            game between attackers and defenders.



            API Security Will Take on Greater Prominence

            As attackers target APIs with greater regularity, organizations will be forced to take a more proactive
            approach toward identifying, classifying, and protecting all API endpoints in production. This is particularly
            true for large organizations: enterprises with a revenue of at least $100 billion USD are between three
            and four times more likely to experience API insecurity than small or midsize businesses.

            Unfortunately,  while  API  ecosystems  are  expanding  rapidly,  most  organizations  are  still  in  the  early
            stages of understanding how to effectively protect them. Although it’s common for today’s businesses to
            have between 50 and 500 APIs in production, many don’t know where they are deployed or what data
            they are accessing. That put the organization, and their valuable data, at extreme risk.










            Cyber Defense eMagazine – December 2023 Edition                                                                                                                                                                                                          37
            Copyright © 2023, Cyber Defense Magazine. All rights reserved worldwide.