Artificial Intelligence (AI) is creating a new frontline in information security. Systems that independently learn, reason and act will increasingly replicate human behaviour. Like humans, they will be flawed, but also capable of achieving great things.
AI poses new information risks and makes some existing ones more dangerous. However, it can also be used for good and should become a key part of every organization’s defensive arsenal. Business and information security leaders alike must understand both the risks and opportunities before embracing technologies that will soon become a critically important part of everyday business.
Already, AI is finding its way into many mainstream business use cases. Organizations use variations of AI to support processes in areas including customer service, human resources, and bank fraud detection. However, the hype can lead to confusion and scepticism over what AI actually is and what it really means for business and security. It is difficult to separate wishful thinking from reality.
What Are the Information Risks Posed by AI?
As AI systems are adopted by organizations, they will become increasingly critical to day-to-day business operations. Some organizations already have, or will have, business models entirely dependent on AI technology. No matter the function for which an organization uses AI, such systems and the information that supports them have inherent vulnerabilities and are at risk from both accidental and adversarial threats. Compromised AI systems make poor decisions and produce unexpected outcomes.
Simultaneously, organizations are beginning to face sophisticated AI-enabled attacks – which have the potential to compromise information and cause severe business impact at a greater speed and scale than ever before. Taking steps both to secure internal AI systems and defend against external AI-enabled threats will become vitally important in reducing information risk.
While AI systems adopted by organizations present a tempting target, adversarial attackers are also beginning to use AI for their own purposes. AI is a powerful tool that can be used to enhance attack techniques or even create entirely new ones. Organizations must be ready to adapt their defenses in order to cope with the scale and sophistication of AI-enabled cyberattacks.
Defensive Opportunities Provided by AI
Security practitioners are always fighting to keep up with the methods used by attackers, and AI systems can provide at least a short-term boost by significantly enhancing a variety of defensive mechanisms. AI can automate numerous tasks, helping understaffed security departments to bridge the specialist skills gap and improve the efficiency of their human practitioners. Protecting against many existing threats, AI can put defenders a step ahead. However, adversaries are not standing still – as AI-enabled threats become more sophisticated, security practitioners will need to use AI-supported defenses simply to keep up.