AI As A Standalone Cybersecurity Solution 

AI is a hot topic. Set to revolutionise the way we live, work and interact with technology, it is shaping our future extensively. In almost every industry sector AI is altering processes, driving innovation, and transforming business models, ushering in a new era of efficiency and opportunity. And the world of cybersecurity is no exception. 

Presenting somewhat of a double-edged sword, AI is tipped to make cybersecurity more challenging by empowering threat actors to be more sophisticated, effective and believable on the one hand, whilst also offering improvements in defence mechanisms, leading to huge accelerations in the capability of threat detection.

There’s a lot of noise about how we can leverage AI in security and, whilst I agree its use will be beneficial, what concerns me is the inference that AI, like some of the security products and services hailed before it, could become a standalone solution which will somehow negate the requirement for an effective Security Operations Center (SOC). 

In my opinion, this is what the threat actors want. For us to absolve ourselves of responsibility, accountability and judgement and put our trust in a tech solution. 

The reality is that the same reasons that make AI a compelling threat are the very reasons that should make us pause and proceed with a good deal of caution and scepticism when considering AI as a security solution.  
AI models are fed by data and their reliability is dependent on the quality of the data they ingest.  If the data is contaminated or unreliable, the results can be biased and can even create a new attack surface for threat actors to exploit. AI models also make decisions in ways that humans can't easily understand and are readily open to manipulation.

A potential attacker for example, could trick the machine learning model into misclassifying threats to enable them to make breaches undetected thus posing a significant risk to cybersecurity.  

Whilst not a cybersecurity issue, Amazon’s attempt to lead the world in AI driven recruitment is a great example of this. Trained to find applicants by following patterns in resumes/CVs that had been received over the preceding decade, the high numbers of men in tech meant that the AI ‘learned’ that males were a preference for the company and started to penalise any reference to women or female. Amazon thought it was giving the AI the responsibility, but it didn’t, it gave it the authority to act on its behalf. The result almost managed to set the company’s diversity objectives back decades and was a huge problem to fix.

AI’s inability to contextualise is another reason why it shouldn’t be relied upon as a sole cybersecurity solution. It doesn’t have human-like situational awareness, judgment, or prioritisation abilities. It doesn’t understand the nuances of the wider environment it’s being used in, the industry or market context. Human intuition is essential in cybersecurity, enabling threat levels to be assessed in context, prioritised based on risk, and adjusted accordingly. Without it, AI may misinterpret situations, leading to ineffective responses and increased vulnerability to evolving threats.

Behind every cyber attack is a human ready to adapt; to change their method and evolve their approach. Relying solely on AI tools and removing the human element risks facing adversaries that outpace the machine's capabilities.

That human expertise is also the reason why a SOC centre is essential. Yes, an AI security model may well be able to process massive amounts of data and flag threats with amazing speed. But then what? Most IT teams are already drowning in alarms and alerts, they need guidance and support from other human experts, not another data source without direction.

Just as threat actors try to rush, distract and manipulate their victims, we shouldn’t be distracted from our security goals by the shiny thing that is AI. The risk hasn’t changed. The threat is just faster, stronger and harder and a standalone AI cybersecurity solution won’t suffice in beating it.

Image: Ideogram

Chris Stouff is Chief Security Officer at Armor

You Might Also Read:

AI-Driven Cyber Security Is Booming:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« A Deep Dive Into Deepfakes & The Threat To Digital Identity Verification
2024 & Beyond: Top Six Cloud Security Trends: »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

City Security Magazine

City Security Magazine

City Security magazine helps promote best security practices and keep businesses informed on a wide variety of security-related issues.

ReadWrite

ReadWrite

ReadWrite is a leading media platform dedicated to IoT and the Connected World.

HUB International

HUB International

HUB is one of the largest insurance brokers in the world. HUB Risk Services provides the full range of expert consulting to identify risks, reduce exposure to loss and manage claims issues.

Cybraics

Cybraics

Cybraics nLighten platform implements a unique and sophisticated artificial intelligence engine that rapidly learns your environment and alerts security teams to threats and vulnerabilities.

Chainalysis

Chainalysis

Chainalysis provides blockchain analysis software to prevent, detect and investigate cryptocurrency money laundering, fraud and compliance violations.

TechCERT

TechCERT

TechCERT is Sri Lanka’s first and largest Computer Emergency Readiness Team (CERT).

H-11 Digital Forensics

H-11 Digital Forensics

H-11 Digital Forensics is a global leader of digital forensic technology.

Taoglas

Taoglas

Taoglas Next Gen IoT Edge software provides a pay as you go platform for customers to connect, manage and maintain their edge devices in an efficient and secure way.

Sum&Substance (Sumsub)

Sum&Substance (Sumsub)

Sum&Substance is a developer of remote verification solutions. Our technology allows online services around the world to meet regulatory requirements, prevent fraud and enhance customer confidence.

BLUECYFORCE

BLUECYFORCE

BLUECYFORCE is the leading professional training and cyber defense training organization in France.

Periculus

Periculus

Periculus makes managing digital risk simple. Its integrated platform offers access to purchase cyber insurance and cyber security solutions uniquely tailored to fit the needs of every business.

ServerScan

ServerScan

ServerScan specializes in providing server scanning & compliance services to organizations of all types and sizes.

Technivorus Technology

Technivorus Technology

Technivorus is a deep-tech firm delivering customized Cybersecurity, Digital Marketing, Web & App Development, and multifarious IT services for businesses across the globe.

Stack Identity

Stack Identity

Stack Identity protects access to cloud data by prioritizing identity and access vulnerabilities via a live data attack map.

Sprocket Security

Sprocket Security

Sprocket Security protects your business by monitoring the cybersecurity landscape and performing continuous penetration testing services.

SOCRadar

SOCRadar

SOCRadar is an Extended Threat Intelligence (XTI) SaaS platform that combines External Attack Surface Management (EASM), Digital Risk Protection Services (DRPS), and Cyber Threat Intelligence (CTI).