Navigating a New Wave of Cyber Threats
By Ashley Manraj, Chief Technology Officer, Pvotal Technologies
Recent advances in Artificial Intelligence (AI) is positioning it to be the one most disruptive and evolutive shift in technology. It has the potential to rapidly reshape platforms, rebuild products, and elevate user experiences.
With its breakthrough development and unfettered adoption, AI also unfurls a whole new dimension of cyber threats. Hackers are adopting AI at a faster pace than enterprises are giving them automated, generative, tools to exploit vulnerabilities faster than they can be patched or even detected. Data and SEO poisoning attacks are becoming increasingly common to weaken enterprise AIs and data to corrupt machine learning efforts at their inception.
This outpacing of malicious activity is not new. We witnessed some variance of cyber threats emerge in parallel with the advent of every new breakthrough IT architecture over the past few decades: in 2017, the Petya malware family started a prolific era of cryptolockers where automation helped create an industry around ransomware projected to reach $100 billion annually by 2030.
The difference between AI-powered cyber threats and any other one in recorded history is how significantly it lowers the barrier to entry for malicious actors: text-based AI tools have assisted scammers improving their conversion by 85% in 2023, AI-generated code is 60% more susceptible to architectural and security risks than traditional enterprise code, and over 75% of popular cyber attackers have reported adopting AI tools for iterative vulnerability detection, social engineering, and automating their efforts.
AI: The Double-Edged Sword of Offense and Defense
The most recent advancements in AI model architecture, such as Microsoft’s Retentive Networks and open source weights of large language models such as Falcon 180B, akin to GPT-3.5, raise eyebrows by their potency without guardrails. These technologies, initially conceived for positive advancements, have the potential to be used for malicious purposes. Even if research were to stop today, ongoing malicious initiatives would continue unabated. The crux of the issue lies in the fact that AI models could virtually eliminate post-exploitation efforts, leaving vulnerable corporations in smaller countries particularly susceptible. This shifts the threat landscape drastically, as these entities were overlooked due to their smaller effort-to-reward ratio compared to larger European or American companies, which are more readily accessible online.
In cyber warfare, AI’s strength lies in its disproportionate contribution to offense over defense in the short term. It is far simpler to exploit 200 known vulnerabilities across 100 machines than deploying the same AI to defend. A reduction in the diversity of exotic business implementations of protocols and deployments is urgently needed to bolster the effectiveness of defensive AI in discerning good behavior from the unwanted.
Emerging Cyber Threats in the Age of AI
AI-Driven Phishing
AI’s ability to craft tailored phishing emails makes them incredibly persuasive and difficult to detect.
Deepfakes: These AI-generated video and audio clips can be wielded for misinformation or blackmail, adding immense pressure to support call centers.
Swift Exploitation
AI can rapidly scan data, pinpointing secrets and infiltrating corporate networks within minutes, which would take human operators hours.
Adaptive Malware
Evolving payloads designed to elude most defense systems usher in a new era of threats, where automation in defense challenges human-developed, signature-based payloads.
The True Cost: Beyond Nations, Impacting Individuals
The repercussions of these advanced threats ripple far and wide. Individuals face the peril of personal data exposure while developing economies grapple with substantial economic setbacks. Research from Checkpoint reveals a 7% increase in global weekly cyberattacks in Q1 2023. This heightened threat landscape particularly endangers countries in regions such as Africa, the Middle East, and Asia, which were previously de-prioritized due to their perceived lower returns for cybercriminals. With AI, the natural boundaries of language that would protect some economies have now broken down. And these economies are historically least equipped to deal with the scale, nuance, and sophistication of an AI-led cyber attack.
Leveraging AI for Defense: Striking the Balance
AI, however, is not the ultimate adversary. If harnessed judiciously, it can become the antidote to these evolving challenges, albeit over an extended timeline. AI’s prowess in analyzing vast datasets, detecting threats in real time, and automating defensive responses is undeniable. The “State of Cyber Assets Report” (SCAR) underscores the exponential growth of managed assets, underscoring the dire need for proactive defenses.
Pvotal’s Vision for a Secure Future
At Pvotal, our proactive defense strategies, based on our LowOps philosophy and approach to software, revolve around maintaining a streamlined technology ecosystem with minimal third-party dependencies. By integrating advanced defense mechanisms based on service mesh and container technology, we maximize security by design mainly relying on cryptography. However, cryptography has a fundamental issue, we can’t strongly link a digital identity to a real user identity without affecting user privacy. We aim to create a resilient digital realm where most companies can operate production environments without human access. We are poised to forge a robust digital world with AI as a strong new ally, provided we employ it ethically and wisely.
In Conclusion
The undeniable transformative power of AI extends its influence to enhancing productivity and powering adversarial forces like hackers. AI can emerge as a potent ally, provided that the foundational groundwork is meticulously laid to diminish vulnerabilities from human actions through a strategic embrace of LowOps methodologies, including containerization, service mesh, and Infrastructure as Configuration (IaC).
Know more at https://pvotal.tech or write to info@pvotal.tech
About the Author
Ashley Manraj, Chief Technology Officer, Pvotal Technologies. Ashley is Pvotal Technologies’s Chief Technology Officer, a seasoned security auditor from the National Bank of Canada who spent the past decade evaluating thousands of systems to find weak points. Ashley is focused on novel open source implementations and pursuing innovative opportunities to redefine how we interact with technology, rather than duplicate weak infrastructure patterns.
Ashley can be reached online at ashley.manraj@pvotal.tech and at Pvotal Technologies’ website https://pvotal.tech