The Impact of AI on Cyber Security

Benjamin Baugnies
Benjamin Baugnies Security Analyst @ Belnet

Regardless of opinions on AI, it is undeniable that this technology is hugely popular and shows no signs of slowing down. People use it in a wide variety of jobs or situations, from students writing essays to software developers writing code or journalists writing articles.

With such a large adoption it makes sense to wonder how AI will impact cyber security. If you work in the field of security or even IT in general, you've probably already seen marketing for AI security tools. You might have even deployed some already. But are hackers using AI as well? 

In this blog, we'll discuss different ways in which good and bad actors can use AI and how this can affect our industry. 

Bad actors 

The most straightforward use case for bad actors using AI is in phishing and other forms of social engineering. Generative AIs such as ChatGPT can already produce a pretty realistic conversation. This can allow even low-skilled hackers to drastically improve the language they use in phishing attempts, removing typical spelling errors and poor grammar these attacks usually suffer from. AI can even be used to create images, videos, or other documents to trick their victims. 

In fact, the UK's National Cyber Security Center (NCSC) published a report on the near-term impact of AI on the cyber threat, where it concludes that AI will provide a "significant uplift" to phishing for lower-skilled cyber criminals. 

Hackers of different skill and capabilities will likely profit from AI in different ways. AI might make it easier to identify highly sensitive information within a target's network, making exfiltration faster and more efficient. They can also use AI like any other developer would to assist in writing code and automating parts of their attack. Highly skilled threat actors, the NCSC warns, may even leverage AI to find new 0-day vulnerabilities and write exploits and malware abusing them even faster.

The cyber security industry 

On the other hand, cyber security professionals are also taking full advantage of AI. For every security tool usually used in a corporate environment, there are now AI powered solutions. While the antivirus industry has long used heuristics in addition to traditional signatures, they are now increasingly using AI as the solutions become increasingly integrated with our environments. Functionalities such as behavior-based protection have become the norm as we have moved from traditional antivirus to EDR (Endpoint Detection and Response) and XDR (Extended Detection and Response). 

Security information and event management (SIEM) solutions are also prime candidates for the use of AI, with the huge amounts of data that they gather, and the many rules and alerts that need to be fine-tuned and maintained. In addition to improving detections and analytics, some vendors are even integrating generative AI to help security analysts navigate the data in the SIEM or generate reports. 

Even vulnerability management can benefit from the technology. There are already some AI powered web application scanners, while others propose automatic remediation. Additionally, just like for bad actors, vulnerability research can receive a boost from AI by making it easier to analyze applications and their code to find vulnerabilities. 

Beyond security products, there are countless ways in which security teams are using and deploying AI systems within their organizations to increase security. Pretty much every security conference today will have speakers give examples of this. Frameworks maintained by the security community are being extended or created to include threats from or to AI systems, such as Mitre Atlas. 

Conclusion

It is undeniable that AI is already being used in the field of cyber security. Actors on both sides, good and bad, can find a wide variety of uses for this technology. The actual benefits will be much harder to quantify and will likely vary based on the skills and knowledge of those using it. In many ways, AI is simply another tool in the ongoing arms race between hackers and defenders.

Benjamin Baugnies
Benjamin Baugnies Security Analyst @ Belnet

Benjamin Baugnies studied civil engineering in Louvain-la-Neuve and has been working as a security analyst at Belnet for 7 years. In addition to day-to-day security operations, he has worked on projects such as vulnerability scanning, netflow monitoring, and DDoS protection. Outside of work, he can often be found on a tennis court, in the kitchen, or on some on-line game.

Copyright © 2024 Belnet.