IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

AI is too risky for hackers, says former GCHQ boss

Robert Hannigan suggests that the technology isn't worth the trouble for state-sponsored attackers

The former head of GCHQ, Robert Hannigan

Robert Hannigan, the former head of GCHQ, has said that there is very little evidence of artificial intelligence (AI) being used in cyber crime or terrorism.

Hannigan was speaking at an event hosted by the London Office For Rapid Cybersecurity Advancement (LORCA), where he delivered a keynote on the so-called 'myths' and 'buzzwords' around AI in cyber security. 

In his opinion, while AI has transformed many aspects of modern life, it is yet to prove all that useful to state-sponsored hackers. He suggested there were not enough benefits to outweigh the "trouble" of investing in the technology for malicious purposes.  

"The cyber industry is great at scare stories, and I've read lots and lots of scare stories about criminal groups and even terrorists using AI, and to be honest, I've seen virtually no evidence for this at all, with a couple of exceptions," Hannigan said. "I would say that I think it's again a confusion with automation."

He added that AI would likely form a part of a hackers arsenal in the near future, but right now it simply presented too much "risk". As an example, he cited the SolarWinds hack, which he said was sophisticated but also appeared to be "hand-curated". 

"You can understand why the attackers might have wanted to do that, in order to hide themselves," Hannigan said. "And doing it at the scale, and going to the trouble of doing it through AI would probably be at high risk for them."

From there the subject of AI in cyber security flipped, with Hannigan expressing concerns about the security of AI. He said the issue was "high on everyone's list" because technologies such as driverless cars and automated medical diagnostics were rapidly becoming the norm. 

"The data is a huge vulnerability, and there have been lots of studies on so-called data poisoning, adversarial models, which basically say, we can trick the machine into misdiagnosing, for example, an MIT study on chest X rays," he said. 

"And if you have a malicious actor, or even an accidental actor, it is perfectly possible to see how data poisoning or incorrectly categorised data can lead the machine to do something completely wrong with potentially very serious consequences."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022