The rise of generative AI (GenAI) brings about new cybersecurity threats, as presented by Prof. Philip Kwa, professor and academic program director for the Master in Cybersecurity at the Asian Institute of Management, during the BPI Cybersecurity and Consumer Protection Conference.
Historically, AI has been utilized since the 1960s and 1970s, with early applications in machine learning (ML) and optimization. However, its adoption was limited due to the complexity of programming languages, making it accessible to only a few organizations.
“The adoption of artificial intelligence back in the 1970s, even with neural networks, was not very advanced,” said Prof. Kwa. “Not many companies, not even banks, were investing in neural networks for stock exchange trading back then.”
The landscape of AI has dramatically shifted with the advent of generative AI. Unlike its predecessors, GenAI eliminates the need for extensive programming knowledge. Instead, users can input text, and the AI generates content based on vast datasets. This has opened up AI’s potential to a broader audience, allowing organizations to create models, convert text to speech, and even generate sophisticated visuals.
“Generative AI allows us to achieve what was previously unthinkable, turning complex tasks into something as simple as inputting text into a machine,” Prof. Kwa noted.
AI capabilities
However, the rise of GenAI also brings about new cybersecurity threats. The same tools that enable creative and productive uses of AI can be exploited by malicious actors.
“Even hackers can use generative AI to create convincing deepfakes,” Prof. Kwa warned. “This is particularly concerning because they can craft images, audio, or videos that closely resemble real people, making it easier to deceive and manipulate.”
According to Prof. Kwa AI plays a dual role in cybersecurity. On the one hand, it enhances the ability of organizations to detect threats, reduce false positives, and respond to incidents more effectively.
“AI can help track our cybersecurity environment, recognize patterns, and reduce false positives,” Prof. Kwa explained. “It also aids in incident response and recovery by analyzing logs and identifying anomalies.”
On the other hand, AI also empowers cybercriminals, providing them with tools to carry out sophisticated attacks.
“The same AI capabilities used to protect organizations can be turned against them,” Prof. Kwa cautioned. “There is such a thing as ransomware as a service, where criminals offer AI-driven malware for a fee. This makes it easier for attackers to launch devastating campaigns.”
Phishing attacks have also become more sophisticated with the help of generative AI.
“In the past, we trained people to spot phishing emails by looking for spelling errors and other obvious signs,” Prof. Kwa said. “But today, with AI, phishing emails can be flawless, written in perfect English or even in Tagalog, making them much harder to detect.”
Prof. Kwa emphasized the need for heightened vigilance and education in response to these evolving threats. He said people must be more cautious and verify any unexpected communications, especially those that seem to come from trusted sources.
“If you receive an unexpected email from a friend or colleague, reach out to them directly to confirm its authenticity,” he said.
As AI continues to advance, it will undoubtedly play an increasingly central role in cybersecurity. However, the same technology that offers protection can also be used to compromise security.
“AI is a double-edged sword,” Prof. Kwa said. “While it holds great promise, we must be aware of its vulnerabilities and be prepared to counter the new threats it introduces.”