AI in Cybersecurity: A Double-Edged Sword
Like it or not, AI is here to stay. From scheduling assistants to algorithms that suggest personalized ad content, AI has been effortlessly integrated into our daily lives. Businesses across industry verticals have also recognized the benefits of AI and have rapidly adopted AI-driven solutions into their technology stacks. As the efficiencies afforded to us by AI are undeniable, so too are the impacts of AI in cybersecurity.
AI poses as much risk to cybersecurity as it does benefit. Both cyber attackers and cyber defenders are utilizing AI tools to bolster the speed, efficiency, and accuracy of their operations. A recent joint report from Microsoft and OpenAI identifies five nation-state-affiliated threat actors that are utilizing artificial intelligence to enhance their reconnaissance, technical skills, and tool kits, as well as their social engineering capabilities. In order to combat the emerging threats posed by AI, defenders must outpace attackers in the race to embrace AI.
In this blog, we will discuss how cyber attackers and cyber defenders benefit from the use of AI in cybersecurity, and how organizations must implement AI-driven cybersecurity solutions to keep up with the rapidly expanding threat landscape.
How Cyber Attackers Leverage AI
Attackers are utilizing both publicly available generative AI platforms and specially crafted, adversarial (“evil”) AI platforms to improve their capabilities. These technologies have lowered the barrier to entry to enable hackers with minimal technical expertise to be successful. AI tools have also dramatically improved the quality of social engineering campaigns by nearly eliminating language barriers and grammar errors that assisted in scam identification.
Evil AI
Cyber attackers have created their own sophisticated generative AI platforms that aim to democratize the ability to conduct cyberattacks. Platforms such as WormGPT are trained off vast amounts of threat intelligence and provide fingertip access to a wealth of threat actor knowledge. These solutions provide even non-technical aspiring hackers with the ability to generate malware, sophisticated exploit kits, and instructions for cyberattacks.
LMG Security’s Director of Research and Training, Matt Durrin, obtained a subscription to WormGPT, which he says is the most advanced Evil AI option on the dark web. “WormGPT has access to the internet, unlike many of the other options. This means that you can run dark web searches directly from its interface,” he explains. “And with a simple prompt, it can write malware in whatever language you want in seconds.”
The image below shows how Matt easily obtained sample ransomware source code from a simple prompt:
Screenshot of WormGPT writing malware.
Weaponization of Publicly Available AI
Threat actors are not only utilizing their own evil software options to wreak cyber havoc; they are also exploiting publicly available, mainstream generative artificial intelligence options such as OpenAI’s ChatGPT. These options won’t write malware, but they are extremely useful in conducting reconnaissance and generating content for use in social engineering campaigns, and can be exploited through jailbreaks and prompt injection attacks.
Generative AI solutions are vulnerable to attacks that exploit user prompts to make the system provide dangerous content or follow dangerous instructions. Prompt injection attacks, similar to SQL injections, inject malicious commands that instruct the system to do something nefarious. Recently, researchers created a generative AI worm through what they are calling an “adversarial self-replicating prompt.” Though we have yet to see attacks solely carried out by AI, this research suggests that we may see them in the near future.
How Cyber Defenders Leverage AI
Though AI in cybersecurity poses significant risks, it also offers cybersecurity defenders powerful tools to identify gaps in their security, detect attacks before chaos ensues, and respond to threats more effectively. “AI disproportionately helps the people defending because you’re getting a tool which can impact it at scale versus the people who are trying to exploit,” said CEO of Google, Sundar Pichai. By enhancing speed, automating tasks, and improving efficiencies, these tools are invaluable and may level the playing field between defenders and attackers.
In the face of a cyberattack, time is everything. Adding AI in cybersecurity solutions significantly speeds up the cyber defender’s ability to pre-empt attacks as well as their response, giving them a competitive advantage against the cyber attacker. Machine learning allows vast datasets to be generated and analyzed for suspicious behavior with speed and accuracy far beyond human capabilities. Best Buy found that integrating an AI security solution into their technology stack increased the accuracy of phishing detection to 96%. Additionally, threat detection and response solutions that integrate AI, such as CrowdStrike’s industry-leading Falcon EDR, can also automate the response to malicious behavior, drastically reducing the burden on security teams.
AI-driven security may also drastically increase the ability to stop ransomware in its tracks. FinSec Innovation Lab conducted a study in which they replicated a real-life LockBit ransomware attack with the addition of AI-driven security tools. The real-life attack impacted over 200 company servers in less than 90 minutes. In the attack simulation, the AI-driven security solutions detected the attack in 12 seconds, automatically isolated infected machines, and successfully recovered 80% of the data on the infected servers.
Recommendations For Using AI in Cybersecurity
Outpacing cyber attackers in the age of AI will require the participation of all organizations. Below are some recommendations for achieving a competitive security advantage with AI in cybersecurity:
- Invest in AI-driven security solutions that augment your team’s capabilities, improve efficiencies, and increase accuracy.
- Consult trusted guidance and frameworks such as CISA’s Roadmap for Artificial Intelligence when integrating new AI-driven solutions into your technology stack.
- Develop and implement clear policies that address the use of AI models within your organization.
- Empower your employees to use AI responsibly and understand its risks by implementing consistent training and education into your cybersecurity program.
To stay ahead of the emerging threats posed by AI, it is imperative that organizations invest in AI-driven cybersecurity solutions and develop robust defense strategies. For help identifying the best solutions for adding AI in cybersecurity for your organization, developing clear policies, and understanding the current AI threat landscape, please contact us.