Why All AI Isn’t Created Equally in Cybersecurity
Preventing Cyber Threats Requires Deep Learning, Not Just AI
The rapid advancement of artificial intelligence (AI) is fundamentally reshaping the cybersecurity landscape. On one hand, AI-powered tools hold tremendous potential for automating threat detection and making security teams more efficient. However, these same technologies also empower threat actors to create increasingly sophisticated and hard-to-detect attacks. Organizations now face a critical challenge: leveraging “good” AI while also defending against this new breed of “bad” AI.
On the positive side, AI can automate threat monitoring, reduce human error, and give time back to security operations (SOC) teams who are underwater chasing alerts, making prevention and detection more effective and efficient. Recent reports found that false positives from antiquated cybersecurity tools significantly strain these team members’ time, accounting for over two working days of lost productivity per week.
Conversely, AI makes it much easier for bad actors to create and manipulate malware that continuously changes to evade detection from traditional cyber tools – like legacy Anti-Virus (AV) – and steal sensitive data. According to the Verizon 2023 Data Breach Investigation Report, the success rate for attacks has escalated to more than 30% due to threat actors’ use of AI. These advancements in attack methods and the harsh realities of AI are making existing security measures obsolete.
The potential for unlocking competitive advantage led 69% of organizations last year to adopt generative AI tools. However, with so much on the line, organizations need to understand the risks and limitations of AI and what’s required to get ahead of adversaries and predict advanced cyber threats.
Evaluating the Challenges and Limitations of AI
With the widespread availability of generative AI, new cyber threats are emerging daily, and much faster than in previous years. Recent examples include hyper-realistic deepfakes and phishing attacks. Threat actors are using tools like ChatGPT to craft well-written and grammatically correct emails, videos, and images that are difficult for spam filters and readers/viewers to catch. We’ve seen popular reports of deepfakes using high-profile figures such as Kelly Clarkson, Mark Zuckerberg, and Taylor Swift. We also saw a hacker posing as a CFO trick a finance worker at a multinational firm into transferring $25 million.
Concerns with the use of large language models extend beyond phishing and social engineering techniques. There are widespread concerns about the unintended consequences of companies using these generative AI tools in typical business scenarios. For example, after a recent Samsung breach, the company banned ChatGPT and other AI-based tools among its employees to cut back on potential security gaps if the technology – and the sensitive data shared on these platforms – were to fall into the wrong hands. In the Samsung case, a crackdown occurred after an accidental leak of sensitive internal source code was uploaded to ChatGPT by an engineer.
We’re seeing similar complications with threat actors using tools like FraudGPT, WormGPT, and EvilGPT opening advanced attack techniques up to a broader audience of less sophisticated users. With these tools, a cybercriminal can perform an array of tasks to write new malware code, reverse engineer existing code, and identify vulnerabilities to generate novel attack vectors.
As threat actors use AI to make their attacks smarter, stealthier, and quicker, we’ve seen more and more organizations deploy new solutions that tout AI capabilities. However, not all AI is created equal, creating limitations with many solutions that claim to be powered by AI. Advanced adversarial AI can’t be defeated with basic machine learning (ML), the type of technology most vendors are leveraging and promoting (and calling it AI, generically). The cybersecurity community needs to shift away from a reactive, “assume breach” approach and turn to one focused on prevention.
Furthermore, we’ve reached the notable end of the Endpoint Detection and Response (EDR) honeymoon period. EDR is too outdated, reactive, and ineffective against today’s sophisticated, adversarial AI-driven cyber threats. Most cybersecurity tools leverage ML models that present several shortcomings. For example, they are trained on limited subsets of available data (typically 2-5%), offer just 50-70% accuracy with unknown threats, and introduce an avalanche of false positives. ML solutions also require heavy human intervention and are trained on small data sets, exposing them to human bias and error.
We’ve entered a pivotal time in the evolution of cybersecurity, one that can only be resolved by fighting AI with better, more advanced AI.
“In this new era of generative AI, the only way to combat emerging AI threats is by using advanced AI – one that can prevent and predict unknown threats. Relying on antiquated tools like EDR is the equivalent of fighting a five-alarm fire with a garden hose. Assuming breach has been an accepted stance but the belief that EDR can get out ahead of threats is simply not true. A shift toward predictive prevention for data security is required to remain ahead of vulnerabilities, limit false positives, and alleviate security team stress.”
-- Voice of SecOps, 4th Edition 2023, The Power of Deep Learning
The Power of Deep Learning
Due to AI advancements, we can now prevent ransomware and other cyber attacks rather than detect and respond to them afterward. Deep Learning (DL) is the most advanced form of AI and is the only way to deliver true prevention. When applied to cybersecurity, DL trains its neural networks to autonomously predict threats to prevent known and unknown malware, ransomware, and zero-day attacks.
Traditional AI can’t keep pace with the sheer volume of data entering an organization. It only leverages a portion of the data to make high-level business decisions. With DL, data is never discarded, making it much more accurate and enabling it to predict and prevent known and unknown threats quickly.
There are less than a dozen major DL frameworks in the world – and only one is dedicated fully to cybersecurity: the Deep Instinct Prevention Platform. It continuously trains itself on millions of raw data points, becoming more accurate and intelligent over time. Because DL models understand the building blocks of malicious files, it makes it possible to implement and deploy a predictive prevention-based security solution. This allows savvy cybersecurity teams to shift from an outdated “assume breach” mentality to a predictive prevention approach.
Only deep learning has the power to match the speed and agility of this next-gen adversarial AI.
AI, Machine Learning and Deep Learning: What They Are and Why They Are Different?
Deep Instinct takes a prevention-first approach to stopping ransomware and other malware using the world’s first and only purpose-built, deep learning cybersecurity framework.
AI and the End of the "Assume Breach" Mentality
2023 was the year when we saw AI burst onto the scene; 2024 will be the year AI alters the way threat actors create and deploy cyber-attacks, forcing organizations to emphasize prevention.
At Deep Instinct, we firmly believe that the “assume breach” mentality is ineffective and extremely destructive to organizations. Businesses can – and should – protect themselves from advanced forms of attacks by leveraging a more sophisticated form of AI, such as deep learning, to fight against AI-driven threats.
For more information about how deep learning is transforming cybersecurity, read our blog post.