Page 40 - Cyber Defense eMagazine July 2024
P. 40
Artificial intelligence represents the advanced technology that allows computers and machines to mimic
human intelligence and solve intricate problems efficiently. This innovation, often integrated with tools
like sensors and robotics, enables the performance of tasks traditionally requiring human thinking. From
the widespread use of digital assistants to the precision of GPS navigation and the independence of self-
driving cars, AI has manifested in numerous domains of our modern life. As AI continues to integrate into
various industries, the conversation around ethical AI and responsible usage, and maintaining security
becomes increasingly critical. [3].
Despite the widespread claims of AI adoption, many companies may not be utilizing true artificial
intelligence but rather relying on machine learning techniques. While these terms are often used
interchangeably, they represent different scopes and capabilities within the realm of advanced
technology. As AI encompasses a broader scope of capabilities, machine learning operates as a subset
within AI, focusing on the autonomous process of enabling machines to learn and improve from
experience. Rather than relying on explicit and hardcoded programming, machine learning utilizes
algorithms to analyze lengthy datasets, extract insights, and then make informed decisions.
As the machine learning model undergoes training with increasing volumes of data, its proficiency and
effectiveness in decision-making progressively improve. While many companies harness the power of
ML algorithms to optimize processes and drive insights, the utilization of true artificial intelligence is
somewhat limited in adoption. Consequently, the threats and vulnerabilities associated with each differ
significantly; machine learning systems are often susceptible to data poisoning and model inversion
attacks, whereas AI systems face broader issues like hallucinations and adversarial attacks.
For instance, Jonathan Dambrot, CEO of Cranium, discussed how AI systems can "hallucinate,"
generating inaccurate outputs or falling prey to prompt-based threats. He stresses the importance of
balancing the drive to adopt AI with a thorough understanding of its security implications. Organizations,
fearing obsolescence, rush to implement AI without fully considering these risks, thereby exposing
themselves to potential threats.
Brandon Torio, an AI expert and Senior Product Manager at Synack, identifies prompt injection as the
most pressing threat to AI today. He distinguishes between security content management and traditional
cybersecurity, emphasizing that to mitigate these risks, organizations must adopt a proactive approach.
Torio advocates for "shifting left" in the development process, meaning thorough pre-deployment testing
to catch vulnerabilities early. He acknowledges AI's benefits, such as making data more digestible and
streamlining mundane tasks like simple script writing. However, he asserts the irreplaceable role of
human oversight in contextualizing and interpreting AI-generated results.
In another conversation with John Fokker, Head of Threat Intelligence at Trellix, he noted that attackers
are not leveraging AI as extensively as often portrayed or believed. He argues that while AI can assist
attackers with tedious tasks like exploit development or creating deepfakes, it is not essential for most
cybercriminal activities. "A human is more creative than a machine," Fokker states, underscoring the
continuing superiority of human ingenuity over AI in crafting sophisticated attacks.
After attending and experiencing RSA 2024, and having had the opportunity to interview industry experts,
my concluding thoughts are this: to harness AI's potential effectively, a balanced approach that includes
Cyber Defense eMagazine – July 2024 Edition 40
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
