Is generative AI good for security teams? Since the launch of ChatGPT back in November, there’s been a vigorous debate over whether artificial intelligence (AI) will tilt the threat landscape in favor of threat actors or defenders.
There is an offensive vs. defensive AI war underway where cybercriminals can use technologies like generative AI to generate malicious code, while security teams can use it to identify vulnerabilities.
Recently, VentureBeat conducted a Q&A with David Reber, chief security officer at Nvidia and ex-senior director of cybersecurity at Nutanix. He shared his thoughts on the impact that generative AI and tools like ChatGPT will have on the threat landscape in 2023.
Below is an edited transcript:
VB: Why does it take AI to stop AI-driven cyberthreats?
Reber: Understanding the limitations of your adversary provides you with insights into where they may or may not go next. One of the traditional limitations of the adversary was tailoring attacks at scale and the knowhow.
With advances in generative AI, finely-tuned and targeted attacks are at the fingertips of the least sophisticated attackers.
Machine scale is the competition. Speed and complexity of attacks outpace human capacity. This is where AI for the defender comes to play. How do we use their tools against them? It is a cat and mouse game that will forever be present. Continuous adaptation on both sides, now adapting at machine scale.
VB: What challenges do security teams face when using defensive AI against offensive AI?
Reber: A decade ago, the industry pivoted to an “assume breach” strategy. We recognized the dichotomy that the adversary must be right once, while the defense must be right every time.
Our adversaries understand our limitations: human capacity, regulations, competing priorities. As we continue to face increased regulations of commercial cyberpractices, the need to get it right compounds.
The challenge with AI is fundamentally trust. How do we know it works to focus human capacity elsewhere? Fundamentally it is AI until we trust it, then it becomes automation.
We have a self-driving car, but do we trust it to get us to our destination? The offense is in a demolition derby. As long as they make an impact they win. They don’t have rules, bounds nor the legal oversight to hinder in the event something goes wrong.
VB: How can CISOs/security leaders leverage AI in a way to ‘outfox’ uses of malicious AI?
Reber: It is estimated that there are more than 14 billion devices connected to the internet in 2022. To outfox use of malicious AI, security leaders need to be less interesting than the average target or increase the cost of the attack. While we are in the formative phase of generative AI, we can look at traditional stall tactics.
Create a more interesting target on your network, [a] honeypot, that knows how to interact in return. The goal is to force the adversary to make more noise and waste time on less valuable agents. Masquerade fake data as intellectual property. It is a battle of deception. The game has not changed, the toys are just different.
Reber: It will democratize offensive security. Previously, the offense was limited by real time tailoring at scale and technical knowhow. ChatGPT has the potential to remove this limiting factor.
It will breed a new generation of script kiddies, more a fleet of prompt kiddies. The adversary’s limitations are now removed. It also is an opportunity for the defender to predict what is coming. Look around corners not yet explored in their attack surface.
Reber: The market is flooded with niche solutions. Everyone is trying to find their piece of the next generation of computing. With the current economic situation, we all need to find ways to do more with less. This is going to lead to more unification of technology stacks and less point solution tool investments.
History continues to teach us the power of collective defense. As we embark in the new generation of democratized offense, we need to come together as an ecosystem.
Interoperability to transport information exchange is how we stay ahead of the adversary. If you are the one in 14 billion, share your knowledge. Enable the industry to move faster than the adversary.
The post Nvidia CSO: Generative AI, ChatGPT has made security a ‘cat and mouse’ game appeared first on Venture Beat.