Mike Rogers, former director at the National Security Agency, said during a Tuesday event that artificial intelligence is a “double-edged sword” from the government cybersecurity perspective, bringing some advantages and disadvantages into the mix.
“It [AI] will provide us the ability to use it to generate greater knowledge about what adversaries are doing to attempt to anticipate what they will be doing. It will also increase the ability of entities to penetrate their system,” Rogers said.
Rogers explained that while AI allows the U.S. government opportunities to learn about enemy capabilities and helps anticipate next moves, foreign adversaries may leverage the same tools for the same purposes against the U.S. government. Artificial intelligence can grant the U.S. and its adversaries advantages on both the offensive and defensive sides of cyber combat.
“It will enable attackers to simulate, to anticipate what kind of defensive moves companies and targets are put in place,” Rogers said. “We want to be in a position where you not only anticipate, but you’re denying them the ability to do some things and you’re driving them to do things that work for you, not for them. And we’re not there yet. We’re trying, but we’re not there yet.”
Rogers, along with two dozen guests, spoke at the Tuesday event hosted by news outlet Semafor. The conversations heavily revolved around state of cybersecurity in the age of AI, particularly in the realms of financial industry, national security and misinformation campaigns. Across industries and sectors, speakers came to the same conclusion — that while the technology provides unique opportunities for users, it also exposes them to new risks.
Chris Novak, managing director at Verizon cybersecurity consulting, shared a similar assessment of AI’s capabilities in the business sector.
When discussing Verizon’s 2023 Data Breach Investigation Report (DBIR), Novak suggested that the companies will have an advantage in the short-term, but that overtime, the attackers will catch up with a more diverse set of attacks.
DBIR is one of the most anticipated annual reports on data breaches and cyber incidents, according to cybersecurity trade publication Security Week. It has been continually published for 16 years.
“We’re going to see the defense continuing to do more in that area, even maybe a little bit of a step ahead of the offense,” Novak said. “Now, I don’t want anyone to think ‘well, that means we’re in good shape.’ I think the reality of it is, the attack landscape is going to continue to evolve like we’ve seen with ransomware and business compromises and AI is going to be something that will empower them to do that more creatively.”
Sallie Mae’s Chief Information Security Officer, Jenny Menna, sees a similar pattern with AI encroaching on the consumer banking industry.
I think it is both a threat and an opportunity like most things,” Menna said.
Menna sees the adaptation of AI as a solution to cut down on some of the administrative work done by people and a way to enhance code-writing.
“It can offload work from folks in our security organization to do more productive brainpower thing – taking away some of that more administrative work,” Menna said. “You can use it for to write better code and have less vulnerabilities.”
Like Rogers and Novak, Menna also warned that offering widespread access to AI can also strengthen the capabilities of fraudsters who operate within the industry.
“We really need to worry about, again, that lowering the bar for the bad guys to get into the business and the kind of fraud that we deal with on a regular basis,” Menna said.