GUEST ARTICLE
GUEST ARTICLE WITH MR. DOUG SHANNON,
Global Intelligent Automation Leader
Navigating – GenAI’s Impact on the Digital Horizon of Cybersecurity
As we step into uncharted territories of the digital era, the advent of Generative AI #GenAI is undeniably transforming the panorama of “things” in our now digital-seeking world. However, cybersecurity is facing unprecedented challenges. In this newsletter, I explore the intricacies, challenges, and societal impacts that accompany this new digital age of having ‘things’ without really having anything tangible.
“Think about it… We now live in a (digital) world, where we have (things), yet have nothing tangle to hold”. -Doug Shannon
- We now live in a world of intangible things.
- We watch clips or shows to see other people’s emotions, yet we don’t have those emotions.
- We experience other’s reactions of being scared, yet we are safe.
As we plunge into these digital depths of the unknown, GenAI introduces a paradigm shift in cybersecurity dynamics. GenAI, with its stealthy and unpredictable nature, challenges traditional security approaches dependent on rules and historical attack signatures.
When things are digital and no longer tangible by hands. They are more than fair game for digital threats. — It’s like being pickpocketed on the train, yet it’s your digital wallet.” – Doug Shannon
Cybersecurity in the new GenAI World:
Highlighting the urgency, JPMorgan faces a staggering 45 billion hacking attempts daily, a number that has doubled since last year. Imagine your personal information being sought after by an invisible army of hackers every day — this is the reality of our digital age. – JPMorgan
AI Threats Unleashed:
In this reshaped environment by GenAI, algorithms face manipulation through data poisoning. This infiltration blurs the lines between truth and fiction, underscoring the evolving challenge that GenAI presents. This is also called (Hypnotization) – Picture a digital landscape where truth becomes a mirage, and discerning fact from fiction is like navigating through a maze with shifting walls.
Yet, Understanding the above. When creating new GenAI models, it has a chance when Training to create (Deceptive) Models.
The Speed Disparity:
Operating at machine speed, cyber threats outpace defenses constrained by human speed. This stark imbalance compels us to confront the urgency of fortifying our defenses against the relentless velocity of evolving threats. It’s akin to a high-speed chase where our traditional defenses struggle to keep up with the agile maneuvers of digital adversaries.
When understanding the speed disparity, remember ‘what’ we have currently defending ‘most’ companies. These five common defenses are done so by humans. Yet there are automated processes, tasks, and scripts, and they can leverage response tactics. Yet… It still remains that the most common response to a potential threat is navigated at the speed of a human.
- Threat intelligence
- Intrusion detection systems (IDS)
- Firewalls
- Anti-malware software
- Incident response strategies
“We will soon see a world where AI was the code, GenAI is the interface, and the world of tomorrow’s AGI will become the operating system.” – Doug Shannon
The crux of this is the ability to exploit GenAI:
While GenAI models like OpenAI’s #chatgpt have many advantages, they also have several weaknesses. Malicious actors have discovered ways to sway, force, or manipulate these models’ privacy and ethical restrictions. Some strategies are:
- Jailbreak: This involves using specific input prompts to override the model’s default settings, effectively “freeing” it from its ethical, primary constraints. Think of it as manipulating the behavior of an assistant to act against its ‘will’, or guidelines, even guardrails.
- Hypnotize: By asking the model questions in a way that it isn’t programmed to recognize as harmful, users can trick it into providing malicious information. Imagine persuading an assistant to divulge sensitive information by framing questions in a seemingly harmless manner.
Prompt Injections: This tactic involves injecting, or attacking using malicious prompts into the model, causing it to generate potentially harmful responses. It’s akin to planting seeds of deception in the assistant’s mind, influencing its outputs in unintended ways. Another type of this is model poisoning. These Prompt injections can be as fast as something akin to a Distributed Denial of Service (DDoS).
Something worth mentioning is how platform companies like Microsoft AI, Google DeepMind, and Oracle are building and taking out new patents on ideas of how to stop many of these new and upcoming security risks. Here are a couple that I talked about in case you missed them:
- https://www.linkedin.com/feed/update/urn:li:activity:7151581099280764928/
- https://www.linkedin.com/feed/update/urn:li:activity:7145420498040987648/
- https://www.linkedin.com/feed/update/urn:li:activity:7125836451384070145/
More Sophisticated and Effective Cyber Attacks:
The emergence of GenAI technologies has led to an increase in more advanced and successful cyberspace attacks. A few of these are:
- Social Engineering Attacks: Imagine a digital con artist using AI to craft convincing messages, deceiving individuals into sharing sensitive information. Or in other cases taking your child’s voice, and social media posts and using them against you. – DNA Privacy Alert
- Phishing: Deceptive emails tailored to individual targets, appearing authentic and increasing the chances of the recipient falling for the scam. It’s like a well-disguised digital trap waiting for unsuspecting victims.
- Automated Hacking: GenAI can be programmed to automatically exploit many known vulnerabilities in many systems, making the hacking process faster, vast, and overwhelming. Think of it as a digital intruder with a master key, that once they open the first door. They can multiply, and or duplicate themselves, swiftly accessing vast amounts of vulnerable systems.
LAM: Large Action Models, sounds amazing, and the team rabbit inc. Did a fantastic job at creating a powerful model, platform, and device. However, LAMs could be used for Automated Hacking, just as much as a user asking to find the best flight and the nearest hotel to a destination.
- Attack Payload Generation: GenAI can generate malicious code snippets that compromise a system when executed. Picture it as a digital architect designing destructive blueprints for an unauthorized construction.
- Malware Creation: GenAI assists in creating malicious software designed to harm or exploit devices, networks, or services. These will cause issues later when IoT – The Internet of Things comes back full-scale enabled by GenAI.
- Polymorphic Malware: This type of malware can change its code to evade detection. With GenAI, creating adaptable malware becomes more feasible, making it harder for traditional security tools to detect and neutralize them. If you already know the countermeasures that will be used against you as a bad actor, you can always be one step ahead of conventional defenses.
- Zero-Days: These are previously unknown vulnerabilities in software or hardware that hackers can exploit before the developer becomes aware. GenAI technologies could help in automated code analysis, providing a potential advantage for quick detection of these vulnerabilities. Basically is like having an AI detective scanning fresh code for hidden flaws before they can be exploited.
“The not-so-funny part of Zero-Day attacks is that many marketplace vendors like Google, are notorious for not testing the applications on their cell phone marketplace.” This means this will be a large target in the coming future.”
- Deepfakes: GenAI models can create hyper-realistic fake content. In the context of cybersecurity, deepfakes can be used for misinformation campaigns, identity theft, and fraud. Imagine a digital puppeteer crafting lifelike performances to deceive and manipulate.
“We all know it’s coming and some of it is already here. The United States Campaign for Presidency in 2024 will be one for the record books for sure”.
2024 Gartner Top 10 Strategic Technology Trends will help your organization build and protect itself while generating value.”
If we do not ACT on the above security risks, concerns, and callouts… I can see a future of fear, mistrust, and distrust. Thus causing and creating a world where the below opposite reactions come to be.
- AI Trust, Risk, Security & Management (AI TRISM): The opposite may unfold — widespread distrust in AI systems fueled by significant security breaches and ineffective risk management. Skepticism could cast doubt on the overall utility of AI, triggering a fundamental reassessment of trust in automated systems. Imagine a future where the very systems designed to assist and innovate become objects of suspicion.
- Continuous Threat Exposure Management (CTEM): The flip side could manifest as static and reactive threat management, addressing incidents as they occur rather than adopting a continuous and proactive approach. This shift might leave vulnerabilities unaddressed, intensifying the impact of cyber threats. It’s akin to a security guard waiting for an alarm instead of actively patrolling, leaving gaps in protection.
- Sustainable Technology: Ignoring environmental and ethical considerations in technology development may become prevalent. A myopic focus on short-term gains without regard for long-term consequences could jeopardize technological advancements’ sustainability and ethical foundations. Picture a scenario where our digital progress comes at the cost of environmental degradation and ethical compromises.
- Platform Engineering: Fragmented and isolated engineering approaches might prevail, avoiding collaboration and standardization. This could lead to inefficiencies and compatibility issues, hindering technological progress and innovation. Imagine a world where every digital structure stands alone, lacking the seamless integration that fosters progress.
- AI-Augmented Development: Resistance to AI integration in development processes may emerge, with a reliance solely on human capabilities. Rejecting AI as a valuable tool in the creative process could stifle innovation and limit the potential for enhanced problem-solving. Think of it as dismissing a powerful assistant that could amplify human creativity and problem-solving capabilities.
- Industry Cloud Platforms: A shift toward centralized control and dependence on a single cloud platform may occur, neglecting the benefits of diverse and decentralized industry-specific solutions. This is also known as “Cloud Walled Gardens”, where the platform owner like Adobe in the example says who can and cannot be in the “garden”, you don’t have the latest update, patch, or wait hold on you have a third party tool installed? No Garden for you! This could hamper adaptability and resilience in the face of evolving technological landscapes.
- Intelligent Applications: Application development solely driven by rigid rules and lacking adaptability might become prevalent. Dismissing the potential of intelligent features could result in user experiences that fail to evolve with changing needs and expectations. Imagine using applications that remain stagnant, unable to adapt to the dynamic requirements of users.
- Democratized Generative AI: Restricted access to AI capabilities could become the norm, limiting innovation and creativity to a select few. This restrictive approach may hinder the democratization of AI, impeding progress across diverse sectors. Picture a digital divide where only a privileged few have access to the tools that could propel progress for everyone.
- Augmented Connected Workforce: Isolation and detachment in the workforce might prevail, with resistance to technological enhancements. Rejecting connectivity could hinder collaboration and the potential for a more agile and connected workforce. Imagine a workforce that resists the very connections that could make it more adaptable and efficient.
- Machine Customers: Disregarding machine interactions in customer relations could occur, excluding automation and AI from customer service and engagement processes. This exclusion may impede the efficiency and responsiveness of customer interactions. Picture a future where machines are sidelined in customer interactions, leading to inefficiencies and decreased responsiveness.
Again to be clear. I am pointing these out for #perspective. Sometimes we cannot make real change until we look in the mirror and acknowledge that ‘we’ may be the problem. These opposite views are very human views of the things we all struggle with… Change.
As custodians of digital defense prepare for a shifted threat, the fusion of AI and machine learning becomes a focal point of concern. The imperative is clear – we have to go in and establish best practices with innovative strategies to build a better defense against the ever-evolving unknown. Well, some are working on this right now!
The fusion of Artificial Intelligence (AI), Automation, and Auditable Mechanisms isn’t just an evolution—it’s a strategic imperative.
In the uncharted horizon of cybersecurity, GenAI propels us into an era where the battleground is dynamic. As we grapple with AI-driven, enhanced, and data-poisoned threats, the synthesis of wisdom and social resilience becomes our beacon through this digital FOW – Fog of War.