On 27 March, BW Businessworld hosted the Gen AI Summit with the central theme of “Building Generative AI for Bharat: Can India Become the Gen AI Capital of the World?” As part of this summit, a panel discussion titled “Gen AI and Cybersecurity: Protecting Against New Age Threat” was conducted. The panel featured notable industry experts including Ritesh Chopra, India Director at Norton; Rahul Tyagi, Co-Founder of Safe Security; Raghav Sehgal, Co-Founder & Head of Sales at a21ai, Inc.; Chitij Chauhan, Director of Security at Allbound Incorporation; and Rohan Vaidya, Head of India & SAARC Region at CyberArk. The discussion was moderated by Roopali Mehra, a Governing Council Member at the Global Cybersecurity Association. All the expert panelists gave informative insights on the topic.
Ritesh Chopra, India Director at Norton, said, “AI has been part of Cybersecurity space since last decade. AI is largely built upon machine and deep learning from cybersecurity perspective. We have models built up, which would help us against some predicted malware attacks, so it was basically behavioral intervention. Now, the difference between AI and GenAI occurs when with the usage of same machine learning and deep learning, it starts fabricating the synthetic data models. It’s those synthetic data models, which can be leveraged to create a real network. It’s actually fake but real from cybercriminal perspective; it’s been created in a fake environment.”
Rohan Vaidya, Head of India & SAARC Region at CyberArk, asserted, “AI has been part of our life since many years but Gen AI became part of mainstream when chatgpt got released. There are two types of attacks normally in AI space i.e. volumetric and low and slow attack. Volumetric is basically sending large number of emails, which in turn gets clicked by few and you end up earning some money. In low and slow attack, a lot of hard work, information, data collection and years of planning are needed, which in turn pays a lot. All this is done with the help of AI as it’s used for predictive analysis. However, Gen AI enables the attackers to combine both volumetric and low and slow attacks, which means now you can reach to every email and design it personally to exploit that individual.”
Chitij Chauhan, Director of Security at Allbound Incorporation, expressed, “If we talk in the context of GDPR (General Data Protection Regulation), especially the privacy aspects of the data, there are two layers to it – one is getting user consent and other is related to tracking IP address. Organisations like Open Ai are anonymising the data, specifically the PII data. By doing it, they are actually de-identifying the data. For instance, if you have a particular IP address and if someone changes that into a form, which is non-understandable, then it’s almost impossible to know what type of data that is; this is what giants like Goggle and OpenAI are executing.”
Rahul Tyagi, Co-Founder of Safe Security, said, “As a cybersecurity company, our biggest challenge lies in navigating the race to implement AI in a nuanced and controlled manner within regulatory frameworks. It’s essential that we know precisely how and why we’re utilising AI. For us, a significant hurdle has been the time constraints faced by Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs) in accessing the information they need. We addressed this challenge by leveraging GenAi to develop an application that connects directly to their infrastructure or dashboard via an API. Now, instead of navigating through features and controls to find the necessary information, users can simply ask a question and receive customised insights. This approach eliminates the need for manual searching and streamlines access to the relevant data, thanks to the existing database integration.”
Raghav Sehgal, Co-Founder & Head of Sales at a21ai, Inc., highlighted, “GenAI is an amazing technology and there have always been malicious actors throughout history. Thus, it’s crucial to mitigate risks by implementing the right processes. Today, your biggest risk isn’t necessarily a thief breaking into your premises and causing chaos, but rather keeping the door open despite having the best locks available in the industry. It’s all about implementing best practices, architectural solutions and training your personnel to avoid falling into traps easily. While sacrifices may be necessary initially, they are temporary until sustainable solutions can be implemented.”
