The rapid, mainstream adoption of generative AI is increasing security risks, resulting in “one of the most complex threat landscapes ever.”
So claims Microsoft's corporate vice president of security Vasu Jakkal, during her keynote speech at the RSA Conference in San Francisco this week.
"Identity-related attacks have increased by 10x just year over year. Cybercrime is both a nation-state and ransomware is a gig economy. If cybercrime was an economy, [or] a country it would be the third largest GDP in the world," Jakkal said.
Jakkal painted a grim picture of AI being a potent tool for attackers to "proliferate malware rapidly and quickly and create new variants, to password cracking more intelligently with more context."
What’s more, she warned that bad actors could abuse AI to "prey on what makes us human - our curiosity using phishing and new techniques there."
The security boss highlighted voice imitation attacks, noting "just a three-second voice sample can train a GenAI model to sound like anyone." She also flagged emerging threats like AI model poisoning, prompt injection attacks, and risks around AI training data.
Despite the dangers, Jakkal struck an optimistic tone about AI's potential benefits if secured properly, from healthcare breakthroughs to personalized education. "Imagine if we could use AI to reach the millions and billions around the world in rural corners in education," she posited.
To better protect AI systems, Microsoft recommends a three-pillar strategy, according to Jakkal:
- Discover all AI usages and map risks
- Protect by mitigating risks through measures like zero trust and data controls
- Govern AI through risk-based policies, compliance tracking, and user education
"Governance is about human agency. It’s making sure we put ethics, [and] we put humans at the front and at the heart of technology to understand how we should build this safely, deploy this safely, and use this safely," Jakkal stated. "We need to be really thoughtful about this."
RELATED WHITEPAPER
The security leader issued a call to arms for defenders to rise to the AI security challenge: "You are the heart of trust in the heart of an organization's trust in AI. You're the ones who provide a safe and secure space for exploration. You are the Yes for AI," she said.
"I invite you to join me fearlessly, bravely, keeping security at the heart, and with care together. I invite you to freely dream big, to make our world safer, and to work together because I think it's going to be a beautiful world."
-
RSAC Conference 2025: AI and quantum complicate securityOrganizations are grappling with the complications of adopting AI for security
-
RSAC Conference 2025 was a sobering reminder of the challenges facing cybersecurity professionalsAnalysis Despite widespread optimism on how AI can help those in cybersecurity, it’s clear that the threat landscape is more complex than ever
-
RSAC Conference day three: using AI to do more with less and facing new attack techniques
-
"There needs to be an order of magnitude more effort": AI security experts call for focused evaluation of frontier models and agentic systemsNews Evaluating the risks of dynamic, evolving AI networks is slow work for cybersecurity analysts
-
Cyber defenders need to remember their adversaries are human, says Trellix research headThere's a growing overlap between nation-state actors and cybercriminals, but these attackers are real people who make mistakes
-
RSAC Conference day two: A focus on what attackers are doingFrom quantum to AI, experts discussed how new and experimental technologies could be used by hackers to access and decrypt sensitive data
-
RSAC Conference Day One: Vibe Is 'All In' on AI for SecurityNews Artificial intelligence took center stage as RSAC Conference looks at how the discussion has moved from generative AI to agentic AI
-
RSAC Conference 2025 live: All the latest from day threeLive blog ITPro is covering RSAC Conference 2025 live – find out all the day-three news right here
