Generative-AI: Two Sides of the Same Coin

Generative-AI - Two Sides of the Same Coin

Generative-AI, Recent proliferation of cyber-attacks shows a cultural shift from conventional and advanced attacks. Industry has over time developed maturity in security operations and resilience. Defenses are enabled with threat intelligence and able to withstand a variety of threat vectors. With the recent emergence of Generative-AI enabled attacks, existing controls are losing efficacy in defending these attacks.

So, what is changing and how hackers are leveraging Generative-AI to energize their attacks?

We know from the days of Stuxnet where malware could stay in the system for years without even using AI techniques at that time. Now with Generative-AI sophisticated malware can stay in the system undetected, can adapt to eco-system and can change course as situation arises. AI has infused intelligence in advance malware which challenges the existing defenses, evades detection to stay longer, adapt to situation and targets victim systems. This will also increase ransomware attacks on individuals and organizations.

Another trend that is dangerous is Deepfake attacks, where AI is used to impersonate fake images and videos to celebrities, people in authority or even to spread false information which can create social unrest or even political gains.

Phishing has been there for ages and Gen-AI has rejuvenated the traditional techniques. Now these attacks can be more contextualized, leverage natural language processing and relate to the historic profile of target victim, so that it looks like a real human message crafted for specific individual with higher efficacy.

Data Privacy, where information can be captured from multiple data sources to infer sensitive data which is explicitly not stored with individual data sources. This will pose a challenge as there are stringent laws on data privacy with huge penalties for organizations.

What exactly is Gen-AI?

AI has been there for the last few years, where analysis can be run on huge volumes of data to generate outcomes which can be leveraged by business to increase sales, derive analytical models which can ingest data and produce outcomes. Gen-AI is one step ahead as it can create new content from scratch based on underlying data patterns and self-learning models in a matter of time. In other words, where there was a need for humans to process data and take informed decisions has been taken over by Gen-AI. It’s slightly different than SOAR (Security Orchestration & Automated Response) where actions are instantaneous based on real time event data.

What can be done to contain such attacks and leverage the power of Gen-AI?

Traditionally AI has been used for Threat Intelligence from external sources and piles of data collected by security companies and has proven its effectiveness. Additionally, Gen-AI should be leveraged for internal threat intelligence where SOC/ incident response team can add the smart playbooks based to differentiate Gen-AI based attack patterns, Mandate analytics/ mining of data to observe human behavior, patterns of individuals and their footprints on IT infrastructure, leverage technologies which are AI enabled. Generative-AI can be used to create realistic and immersive security training simulations which will help security teams to prepare for real world attacks.

Train the Gen-AI model used for security defenses in such a way that it gets feed from adversarial and real time so that it can distinguish between adversarial and real data, making it more difficult for attackers to fool the model. Inputs and outputs to the AI data sets can be filtered, controlled, and monitored for any anomaly detection.

Use the Gen-AI model to automate the security tasks such as incident response and patching. This would free up the security team to focus on complex tasks. As there is already shortage of security skills in industry, Gen-AI can help to contain the demand of security skills for basic and moderate levels to a large extent.

Enhance existing laws and regulations to contain Gen-AI type of attacks as these could be more hostile in nature and have large and long-standing impact.

Improve cyber resilience to withstand and recover from such attacks efficiently. Involve business stakeholders to perform business continuity and disaster recovery planning, align to best security standards covering Identify, Protect, Detect, Respond and Recover tenets and work in collaboration.

Finally, Generative AI is a powerful new technology with the potential to revolutionize the security industry by changing the ways we detect, prevent, and respond to cyber-attacks. It is important to be aware of the risks posed by generative AI, but also to recognize the potential benefits it can offer. Despite the challenges, the future of generative AI security is bright. Security researchers and practitioners are just beginning to explore the potential of Generative-AI for improved security. Working together, we can develop new and innovative ways to use this technology to protect ourselves from emerging cyber-attacks.