Can generative AI change security?
The latest developments in artificial intelligence could empower threat actors, but firms should carefully consider whether it fits their stack before diving in themselves
Artificial intelligence (AI) has moved from being a sci-fi staple to a tool that’s in widespread use. Headlines today are dominated with news of generative AI services such as ChatGPT and Bard, the latest and greatest in large language models from firms OpenAI and Google. These promise users a crack at incredibly capable text generation and interpretation based on vast training models, using nothing more complicated than their browser and a keyboard.
RELATED RESOURCE
As powerful tools for text generation, large language models also carry the risk of empowering threat actors. As more people publicly access these systems than ever before, security firms are assessing how chatbots could bolster malicious activity.
In this episode, Jane and Rory speak to Hanah Darley, head of threat research at cybersecurity firm Darktrace, on the potential misuse of generative AI models, and the role the technology can play as part of a wider AI defence arsenal at the enterprise level.
Highlights
“You could do a myriad of things, you could say ‘can you please craft for me a very, very well-written email targeted towards a banker who regularly reads the Wall Street Journal, and can you include specific details’ because ultimately, language modelling is designed off of training data.”
“Our statistics internally found that actually, relying on malicious links had decreased from about 22% of the phishing emails we saw to about 14%. But the average linguistic complexity of phishing emails jumped or increased by about 17% since the outset of ChatGPT.”
“I think in general, it's a great thing that legislators are not only thinking about but actually applying ethical concerns as well as controls onto technologies. Because ultimately, that's how you keep social accountability. I think there is a danger in placing all of your hopes and dreams in legislation, and kind of regulation as the way to go.”
Read the full transcript here.
Footnotes
- What is generative artificial intelligence (AI)?
- What is ChatGPT and what does it mean for businesses?
- OpenAI launches ChatGPT API for businesses at competitive price
- What is phishing?
- What good AI cyber security software looks like in 2022
- Why AI and machine learning are vital cybersecurity tools for 2022
Subscribe
-
AI is “forcing a fundamental shift” in data privacy and governanceNews Organizations are working to define and establish the governance structures they need to manage AI responsibly at scale – and budgets are going up
-
Why AI 'workslop' is bad for businessIn-depth Poorly-generated AI content is having a financial impact on businesses, slowing productivity, and creating friction between employees
-
Are AI cyber threats overhyped?ITPro Podcast As cyber teams turn to the threats posed by AI, rising attacks by state-sponsored groups and ransomware gangs remain the biggest threat
-
The future of threat detectionITPro Podcast To fight sophisticated threats, cybersecurity teams will need to unify data like never before
-
November rundown: CrowdStrike's insider threatITPro Podcast As CrowdStrike grappled with a malicious employee, Cloudflare suffered a major outage
-
Getting a grip on digital identityITPro Podcast As AI agent adoption explodes, security leaders will need better identity controls than ever before
-
Let’s talk about digital sovereigntyITPro podcast In the age of AI and cloud, where data resides is a key consideration
-
Can cyber group takedowns last?ITPro Podcast Threat groups can recover from website takeovers or rebrand for new activity – but each successful sting provides researchers with valuable data
-
July rundown: Salt Typhoon and SharePoint scaresITPro Podcast US public sector organizations are under serious threat from the state-backed hacking group
-
Can the UK ban ransomware payments?ITPro Podcast Attempts to cut off ransomware group profits could instead harm businesses
