AI Is Changing Everything—Cybersecurity Is No Exception

Michael DeCesare is the President at Abnormal Security, a leader in AI-native human behavior security.

The last fifty years have been monumental for bringing world-changing technologies into our lives—from the arrival of the PC and mobile devices to the spread of the internet, the migration to the cloud and the explosion of SaaS.

As for what’s next, there’s no denying that the next hype cycle is happening now with the rise of AI.

AI is transforming nearly all the services we interact with, and cybersecurity is no exception. While security probably isn’t the most obvious use case for AI in all its futuristic glory, it’s arguably the space where AI transformation is happening the fastest, and most profoundly—in good ways and bad.

Security teams need to be prepared to manage the growing threat of malicious AI. But there is a bright side: AI for good, including as a tool in the fight against cybercrime. Spoiler alert: Good AI will come out on top, every time.

Understanding the Evolution Of The Security Team

For the last two decades, the role of the cybersecurity practitioner has been largely perimeter-focused and reactive. But as cyberattacks evolved, and organizations were pummeled with sophisticated threats, a more strategic security function—the security operations center (SOC)—emerged.

Today’s enterprise SOCs are armies of human analysts tasked with integrating various cyber systems to continuously monitor and enhance the organization’s security posture, all while preventing, detecting, analyzing and responding to incidents in real time.

The SOC has become critical for ensuring a business's overall health. Despite its significance, it’s a function that’s increasingly constrained, with a job that’s only getting harder. Alongside tightening budgets and the narrowing skills gap, these teams are facing complexity from a formidable emerging threat: malicious AI.

The Dark Side Of AI In Cyber

Cybercriminals are getting increasingly better at their craft. For example, we’ve recently seen the rise of social engineering attacks where threat actors send targeted and seemingly authentic emails that manipulate their victims into wiring funds or sharing sensitive information.

AI has taken these attacks to the next level. Any attacker can use generative AI to instantly create perfectly written social engineering attacks. Social media gives AI-enabled adversaries even more power. All it takes is inputting a target’s social media profile into the generative AI prompt, and a threat actor can create an attack that incorporates personal details to closely mimic genuine interactions.

And we’re still only at the beginning. If cybercriminals are already this good with ChatGPT, what will they be capable of two years from now?

Imagine a scenario where an attacker impersonates your boss, sending you an email that asks you to complete a wire transaction, and then invites you to a deepfake Zoom call to discuss—all seemingly legitimate, and all executed by AI. Multifactor authentication and other validation checks will become increasingly futile.

This is not a farfetched scenario. We’re already seeing glimpses into these attacks of the future.

Today, all online activity should be untrusted until proven authentic. That means every email asking for payment. Every order placed. Every request for a bank transfer or access to a company’s source code. How do we know whether these communications are authentic?

AI-enabled threat actors are exponentially outpacing the capabilities of the SOC. SOC SLAs are measured in hours; AI-enabled threat actors can execute complex attacks in minutes. Manual human intervention will never be able to keep up with attackers who are purposely focused on getting a step ahead.

Why Good AI Will Win

This brings us to an inflection point, where combatting AI-powered threats requires a radical new approach: fighting AI with AI.

SOC analysts need all the help they can get to fight today’s cybercriminals. AI is the catalyst this industry needs to push us from human-based checks to the automation that’s required to keep up with the speed of attacks. By processing vast amounts of data in real time, good AI can allow SOC teams to identify patterns and subtle anomalies across the IT environment that would have gone unnoticed.

This doesn’t mean human analysts will go away—we’ll still rely on their cognitive expertise to analyze anomalous activity. But with AI, they’ll be able to detect and triage those threats at superhuman speed.

And it’s not just automating detection and triage. Once AI models pinpoint malicious activity, automated remediation is the real difference-maker by preventing attacks from reaching users’ inboxes before they have a chance to engage.

We’re already starting to see this play out. According to IBM, companies implementing AI and automation identified and contained breaches, on average, nearly 100 days faster than those that haven’t.

To effectively utilize defensive AI, security leaders should start by identifying which parts of their workflows are highly manual to determine where AI can be best overlaid. It’s helpful to start with specific use cases for AI-enabled security before scaling successful implementations across other areas.

For example, organizations can start by automating threat detection for inbound emails. Once deployed, they may choose to automate analyzing and responding to user-reported phishing attacks or the detection of risky misconfigurations across cloud applications.

Once AI-powered security is deployed, continuous monitoring and optimization using real-time feedback can refine outcomes and maintain long-term effectiveness.

Restoring Trust In Our Digital Communications

Beyond breach mitigation, good AI can be even more powerful: enabling us to communicate freely across digital platforms without fear of a cybercriminal lurking on the other end. We live so much of our day-to-day lives on communication applications. AI-powered security can help create a world where our communication is trusted by default.

After all, we’ve got a major advantage that malicious actors don’t: unique personal and organizational context. A deep understanding of how we interact with our communications applications is what enables good AI to automatically detect and remediate even the subtlest signs of malicious activity.

Good will always prevail over evil, and the use of AI is no exception. The threat of malicious AI may be growing, but if we can use AI and automation as a force multiplier for human intelligence, we’ll beat the bad guys every time.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?