If cybercriminals have been using artificial intelligence, specifically Generative AI (GenAI) in launching attacks, cybersecurity providers are exploring various use cases to counter these attacks.
The use of GenAI in threat detection was highlighted in a previous article on artificial intelligence (AI) and cybersecurity. This time, the technology can now also be utilized for threat-hunting, which can potentially mitigate any form of attack.
“Using GenAI is like putting Security Operations Centers (SOC) on steroids,” Urmez Daver, an executive in IBM’s Cyber Risk Management division, said in a virtual interview with Back End News. “The technology gives a spark of creativity in the whole process when it comes to cybersecurity. Now, you are not only able to look at faster detection but also you can make more predictive and informed inputs into what is really going on in your environment or what might be happening as well.”
AI in cybersecurity: Friend or foe?
IBM: Cost of data breach in ASEAN soars to $3.05 million
GenAI can, as the name suggests, generate content — text and images, for now — using input data. It analyzes complex algorithms and methods that could be “inspired by the human brain.”
Cyber attack use cases
So far, threat actors have been using AI, in general, for the age-old social engineering method and recently, deep fakes. While Daver noted that these two strategies may not fall under the classification of a cyber attack, they are the gateways to penetrating and breaking into an organization’s cyber defenses.
Before GenAI, red flags for social engineering through emails are grammatically challenged business letters. But with GenAI, anyone can send well-crafted emails that can rival those from legitimate sources. This is also another form of how cyber attacks can avoid detection.
“Most of the cases that we have seen today are largely in these two areas, which is actually quite fearsome,” Daver said. “Imagine what they can essentially do when you are talking about an enterprise environment where you receive convincing information about actions that you are supposed to take.”
From threat detection to threat hunting
Threat hunting, according to Daver, is becoming an increasingly crucial, albeit manual, function in the basic area of operations. IBM defines threat hunting as “a proactive approach to identifying previously unknown, or ongoing non-remediated threats, within an organization’s network.”
AI’s most popular function or use case is automation and cybercriminals have found ways to avoid detection of automated cybersecurity.
The whole of 2023 has been all about GenAI and organizations now are at different stages of adoption. Daver pointed out that up until ChatGPT happened, the whole conversation on AI was pretty much non-existent.
“From a security standpoint, the era of AI before ChatGPT took center stage was more focused on feeding analysis, looking for patterns, and identifying things faster,” he explained. “ In the AI world, you focused on automation and orchestration, in creating rule books or playbooks, or developing better variations of incident response.”
Cybersecurity solutions providers can take note of how the adoption of some AI frameworks can help SOCs, which Daver emphasized is the “nerve center of threat detection and response.”
“Threat detection itself, as a function, can be significantly improved because you can predict things a lot better,” Daver said.
Simply put, the technology can speed things up and simplify other tasks, such as contextualizing threat intelligence within a certain environment.
Daver said that while GenAI has practically shook things up, it is still a long way to go to exhaust what the technology is capable of.
Calibrating defenses
But with all the potential assistance and enhancements GenAI can do to security operations, solutions providers are now looking at developing tools that can identify AI-generated against traditional attacks.
“By bringing together that capability into the existing platform, and data models, security experts can create models that will put them in a better position to detect such attacks in the future,” Daver said.
Cybersecurity is constantly evolving especially with emerging technologies that change the way people do things. Providers can easily calibrate — or update — existing solutions to meet the challenges that come along with new technologies, such as AI.
Daver noted three areas a cybersecurity framework should really focus on when bringing in GenAI into the environment.
“The first is data itself: How do you protect the data?” Daver asked. “Second is how do you protect the model? And the third part is the usage of those models.”
He explained that if the LLM gets the wrong kind of data, then the LLM itself is not going to behave in the manner that it should. When you bring Gen AI over there and if you look at a cybersecurity framework, you will have a new point of recalibration.
“How do you secure data? How do you secure the model itself?,” Daver asked. “Because you are ingesting so much data, the model is training itself. How do you make sure that there is no bias in there or that you are not creating any bypass to the way it is intended to be? And the third one is the usage of the model itself.
IBM’s toolbox
Ultimately, harnessing the power of GenAI to counter attacks leveraging GenAI is now one of the priorities providers need to further explore. IBM has been heavily involved in developing the Adversarial Robustness Toolbox (ART), which is an open-source project for machine learning security that is aimed at supporting all popular ML frameworks, tasks, and data types and is under continuous development.
In the works are some detection tools, as mentioned above, about differentiating AI-generated and traditional cyber attacks.
Daver also noted that there should always be guardrails when using AI and pointed out that several countries have laid down their own AI guidelines to ensure that it is used properly and effectively.