Even the most promising technological advances bring with them a flipside and often one that is laden with concerns.
Generative artificial intelligence or AI can create an infinite amount of content in seconds, but experts already are warning of AI-based cyberattacks. They predict that only other AIs will be able to put a stop to them.
At CyberTech Tel Aviv 2023, which took place this week, the world’s top cybersecurity leaders came together for a glimpse at the latest technological innovations and solutions to combat online threats.
AI was one of the leading topics.
ChatGPT, which was recently launched by Silicon Valley’s OpenAI, can hold conversations, write essays and much more. But Israelis researchers from the software development company CyberArk also found recently that with a little bit of authoritative persistence you can convince ChatGPT to create malware, which it is not supposed to be able to do.
“The findings were very interesting,” Ori Goldberg, head of CyberArk Labs, the research arm of CyberArk, told The Media Line. The researchers “managed to get ChatGPT to create malicious code, but also they found a way to hide that malicious code from your standard antivirus systems in a way that is quite original.”
“For every new technology, it takes time for it to get wrapped with the proper security measures,” he added. “We see that all the time.”
Increased threats to cybersecurity
According to the World Economic Forum, cyberattacks increased by 38% across the globe in 2022 and could rise exponentially over the coming year due to generative AI models.
One of the primary challenges for cybersecurity is that the attackers seem to be one step ahead.
“AI-based attacks are going to be much more pervasive, much more adaptable and much more rapid than they were in the past and human defenders just can’t keep up with the pace.”
Hudi Zack
“AI-based attacks are going to be much more pervasive, much more adaptable and much more rapid than they were in the past and human defenders just can’t keep up with the pace,” said Hudi Zack, a cyber industry expert who previously headed the technology division of the Israel National Cyber Directorate.
“Until a human defender will be able to figure out what’s going on, find the right countermeasures and react, the AI attack will have already reached its destination,” he told The Media Line. “We’re going to have to fight fire with fire and assign the defense task to an AI-based system.”
Others in the sector agreed that, in the near future, a machine will have to battle a machine.
“AI is already changing cybersecurity in terms of attackers that can already generate malware and also defenders that can use AI to predict and understand when attacks happen,” Eden Zaraf, CTO and co-founder of cyber firm Kayran, told The Media Line.
Kayran has a web application that helps businesses scan their online assets and provides full reports of the vulnerabilities uncovered.
“I think that the defenders should think like attackers,” Zaraf said. “If they’re using AI then I will need to use AI.”
Some companies already are relying on AI for defense purposes, like the information security company Cognni.
The Tel Aviv-based start-up has an AI-based solution that autonomously maps, detects and then investigates exposures in companies’ critical information assets.
“Our AI knows how to autonomously classify information, saving months and sometimes years of work for an organization,” Guy Eisdorfer, co-founder and CEO at Cognni, told The Media Line.
Although Eisdorfer acknowledges that generative AI poses a unique challenge for cybersecurity firms, he also thinks that ultimately it is good for business.
“At the end of the day it’s generating jobs for a company like us to reinvent the way we protect information and give solutions to solve it,” he said.
As cybercrime takes a massive leap forward and security experts play catch-up, AI will be able to create much more sophisticated phishing campaigns and ransomware attacks thanks to deepfakes, voice cloning capabilities or worse, according to Zack.
He recommended that businesses strengthen passwords, fix any vulnerable code, and – most importantly – educate people about the risks of AI-led campaigns.
“Obviously AI is already embedded in some defense systems today, but for it to really independently and autonomously manage the defense campaign against an AI-based attack it will require a whole new set of capabilities,” he said. “I think this is the biggest challenge right now.”