Photo credit: venturebeat.com
With the ever-evolving landscape of artificial intelligence, its significance in cybersecurity is rapidly increasing. Daily, malicious entities leverage AI to enhance and expedite their attack methodologies.
As noted by Adam Meyers, senior vice president at CrowdStrike, in a discussion with VentureBeat, “The adversary is accelerating their tactics significantly. Every year, they get about 10 to 14 minutes quicker. As these attack windows tighten, security teams are compelled to respond even more urgently, working swiftly to identify, analyze, and neutralize threats.” This evolving scenario underscores a race against time.
A report from Gartner titled Emerging Tech Impact Radar: Preemptive Cybersecurity highlighted that “[m]alicious agents are harnessing generative AI to execute attacks at unprecedented speeds. Organizations must proactively address potential threats with predictive analytics rather than waiting for breaches to be detected.”
Meanwhile, Darktrace’s recent threat report illustrates the ferocious tactics employed by cybercriminals striving for speed and stealth. They are increasingly capable of stealing data, funds, and identities before security teams can even recognize an intrusion. Their utilization of AI now extends to advanced phishing campaigns disguised as legitimate marketing emails.
A particularly alarming revelation from Darktrace’s findings is the rise of weaponized AI combined with malware-as-a-service (MaaS), which now accounts for approximately 57% of all cyberattacks. This signifies a significant shift towards automated cybercrime.
AI is addressing the urgent demand for speed in cybersecurity
With breakout times declining, it is evident that attackers are implementing strategies that outpace traditional perimeter defenses. Microsoft’s Vasu Jakkal provided striking statistics during an interview with VentureBeat: “Three years ago, we were tracking 567 password-related attacks per second, but that figure has since surged to 7,000 per second.”
Katherine Mowen, SVP of information security at Rate Companies, which stands as one of the largest retail mortgage lenders in the US, keenly understands this pressing challenge. Given the vast flow of monetary transactions through their systems daily, they are an attractive target for AI-enhanced cyberattacks.
In a recent dialogue with VentureBeat, Mowen explained, “Due to the nature of our industry, we confront some of the most sophisticated and relentless cyber threats. Observing vulnerabilities in the mortgage sector made it imperative for us to bolster our defenses. Our approach now is to counter AI-driven threats with our own AI capabilities.”
Rate Companies implement AI-driven threat modeling, zero-trust security frameworks, and automated responses to enhance their cyber resilience—strategies that could serve as a blueprint for organizations across different sectors.
As CrowdStrike CEO George Kurtz indicated, “Adversaries utilize AI-enabled malware that can rapidly adapt. If your security measures are not equally dynamic, you are already at a disadvantage.” Mowen’s initiatives at Rate Companies illustrate the proactive deployment of defensive AI strategies in this constantly evolving battle.
Countering AI with AI: Strategies That Are Proving Effective
In a collaborative meeting with several anonymous Chief Information Security Officers (CISOs), VentureBeat gathered insights on strategies for combating AI with AI. The following are key takeaways from that discussion:
1. Enhancing threat detection through self-learning AI is yielding results. The prevalence of adversarial AI in security breaches today highlights the inadequacy of signature-based detection systems, which struggle to adapt to evolving attack techniques.
Cybercriminals are increasingly employing living-off-the-land (LOTL) tactics and weaponizing AI to evade static defensive measures. Therefore, security teams are transitioning toward proactive measures.
DarkTrace’s findings corroborate this shift. The organization reported identifying unusual activities on Palo Alto firewall devices 17 days before a zero-day exploit became public knowledge. Such instances underscore the increasing threat posed by AI-assisted attacks, especially on critical infrastructure. Nathaniel Jones, VP of threat research at Darktrace, remarked, “Post-intrusion detection is no longer sufficient. Self-learning AI can identify subtle irregularities that humans may miss, facilitating proactive defense.”
2. Automating phishing defenses through AI-driven threat detection is crucial. Phishing attacks have surged recently, with Darktrace detecting over 30 million malicious emails in the past year. A staggering 70% of these bypass traditional email safeguards using AI-generated prompts that mimic authentic communications. Security teams are increasingly turning to AI to help combat phishing and business email compromise (BEC) incidents.
“Utilizing AI effectively is the best strategy against AI-driven attacks,” Deepen Desai, chief security officer at Zscaler, emphasized. Mowen at Rate Companies also noted the necessity of proactive identity security, asserting, “As attackers continuously refine their strategies, we required a solution that could adapt instantly and provide us with deeper insights into emerging threats.”
3. Rapid incident response powered by AI: Are your defenses swift enough? In the context of intrusions and breaches, split-second decisions are paramount. With breakout times declining, there is little room for delay. Outdated code in perimeter systems can result in false alarms, while attackers, mastering AI weaponization, can breach security defenses within seconds.
Mowen suggests that CISOs adopt the Rate Companies’ 1-10-60 Security Operations Center (SOC) model, which aims to detect intrusions in one minute, triage them in ten, and contain them within sixty. This benchmark should guide security operations. She cautions that, “Your attack surface isn’t solely defined by infrastructure; time is also a critical factor. How quickly can you respond?” Organizations lagging in containment efforts risk extended breaches and heightened damage. She advises CISOs to gauge AI’s impact on response times by tracking metrics such as mean time to detect (MTTD), mean time to respond (MTTR), and the reduction of false positives. Quick containment is crucial to mitigate damage. In this age, AI isn’t merely beneficial; it’s an essential element in cybersecurity defense.
4. Explore innovative methods to continuously fortify attack surfaces through AI. The rapidly changing landscape of attack surfaces presents various challenges, from mobile device fleets to extensive cloud migrations and numerous IoT sensors. AI-driven exposure management can proactively address vulnerabilities in real time.
Rate Companies’ Mowen emphasizes the importance of scalability and visibility within their operations. “We manage a workforce that can expand or contract rapidly,” she said. The capacity to adjust business operations expediently is one of several factors influencing Rate Companies’ decision to harness AI for real-time visibility and automated misconfiguration detection across their diverse cloud infrastructures.
5. Detecting and mitigating insider threats using AI and behavioral analytics is vital. Insider threats, exacerbated by shadow AI, have escalated into a significant concern. Implementing AI-driven user and entity behavior analytics (UEBA) offers continuous monitoring of user actions against established benchmarks, swiftly identifying deviations. Facing increasing identity-based threats, Mowen’s team integrated real-time monitoring and anomaly detection into their defenses. She remarked:
“Even top-notch endpoint protections are rendered ineffective if an attacker easily acquires user credentials. Our current approach is ‘never trust, always verify,’ continually scrutinizing every transaction.”
According to Vineet Arora, CTO at WinWire, traditional IT management methods often lack sufficient visibility and oversight over AI tools, enabling shadow AI to flourish. He highlighted the importance of balancing innovation with security, asserting, “It’s essential to provide safe AI alternatives to eliminate the temptation to bypass measures. While AI adoption cannot be stifled, it can be securely managed.” The adoption of UEBA with AI-driven anomaly detection enhances security efforts, helping to lower risks and false positives.
6. Embracing human-in-the-loop AI is crucial for sustainable cybersecurity. A key objective of incorporating AI into cybersecurity applications and systems is to augment, not supplant, human expertise. The relationship between AI and human teams should foster mutual enhancement in knowledge and capabilities.
“AI doesn’t always replace humans; often, it enhances human capabilities,” states Elia Zaitsev, CTO at CrowdStrike. “Our rapid progress in AI development is possible because we have invested considerable time over the past decade in human-generated data that feeds our AI systems.” This collaboration between human and AI is particularly indispensable in Security Operations Centers (SOCs), where AI functions with defined autonomy, supporting analysts without taking full control.
AI versus AI: The present landscape of cybersecurity
With threats powered by AI automating breaches, dynamically changing malware, and crafting phishing attempts that closely resemble legitimate communications, organizations must evolve and embed AI-driven detection and response mechanisms at every security layer.
As breakout times decrease, outdated defenses lag behind. The focus must shift towards integrating AI alongside human intelligence. Leaders like Katherine Mowen from Rate Companies and Elia Zaitsev from CrowdStrike stress that AI should amplify human defenders, facilitating quicker and more informed security responses.
What are your thoughts on whether AI will eventually surpass human defenders within cybersecurity? Share your insights!
Source
venturebeat.com