Artificial Intelligence (A.I.) in cyber defense is not just a promise for the future, but a reality in today’s world. However, this reality shapes both defense and attack. For years, A.I. technology has been gaining ground behind the scenes of digital protection, enabling systems to detect threats and malicious actions with an accuracy and speed that defy human capabilities. However, the same tool that strengthens defenses is also being used by cybercriminals. In this way, they increase the potential and sophistication of the attacks.
From the first steps in detecting threats to generating more complex attack strategies, the presence of A.I. is undeniable in the cybersecurity landscape. This advance is crucial to keep up with the growing attack surface that includes not only common devices, but also objects from the Internet of Things (IoT). In this case, the vulnerabilities are potential targets for cybercriminals.
In exploring both the role of A.I. in defense and its application in cybercrime, it is clear that developments in this field bring with them new challenges and transformations. The central question is becoming increasingly clear. Will Artificial Intelligence be an indispensable ally in the fight against threats or will it end up supplanting human professionals in certain aspects of cyber security? This duality between technological advancement and human needs is a crucial point for understanding the path that cybersecurity will take in the coming years.
Contextualizing A.I. in Cyber Defense
A few years ago, on a panel on information security at Futurecom, one of the participants was the cybersecurity director of one of Brazil’s largest banks. At the end of the presentations, he asked another executive ironically: “When do you think artificial intelligence will replace us?”. Although the answer was “I don’t know”, the question arose because, in fact, artificial intelligence already has a long history in the cybersecurity sector.
Described by the marketing of product and solution providers as “machine learning”, it has been used for almost ten years to detect potential risks. In computer systems, for example, it is possible to create alerts, threat mitigation scripts and advice. In this way, cyber security operators can act more precisely and quickly.
A.I. in cyber defense is a path of no return
Around 2015, cybersecurity companies large and small began to report that they had already taken their first steps in the use of AI. The main focus of this was to automate threat detection and event response. The growing volume of threats sent by criminals to networks, devices and users far exceeds the processing and analysis capabilities of human beings. It is therefore only possible to handle this volume with artificial intelligence.
This is happening because the practically universal use of digital devices has exponentially expanded what experts call the attack surface. In other words, everything that can be hacked: whether it’s a TV, a smartwatch, an X-ray machine or a spaceship. This surface area is already huge and is constantly growing – the “internet of things” devices alone (TVs, cars, card machines) already number 15.4 billion worldwide. Because of this, analyzing and improving the security of any or all of these items requires much more than human intervention.
An endless expansion of risks
In order to understand this endless expansion of risks, it is mandatory to recognize that there is a multitude of cybercriminals interested in discovering vulnerabilities. In addition, they seek to create methods to exploit them and scour the internet to map all those in which they can gain an advantage, now or in the future. Cybersecurity experts explain that this crowd is creating new scripts, programs, variants, versions and so many other strategies for new attacks every day, in such quantity that the defense teams (the blue teams) can no longer keep up. Except with the help of artificial intelligence.
It solves what traditional software systems can’t: using sophisticated algorithms, A.I. systems are continuously trained to detect malware, recognize patterns in the behavior of harmful programs and even detect signs of attacks before they happen. This ability stems from learning about everything that can be harmful – the A.I. analyzes not only code, but also articles, news and research on cyber threats – from this data it obtains information on new anomalies, cyber attacks and new prevention strategies, putting the defense always ahead of the attacks.
Cybercrime is also using A.I.
Companies that purchase cybersecurity products and services can now count on the advantages of A.I. for their protection. Nowadays, even antiviruses are operating with real-time detection and artificial intelligence support. This means that the vast majority of them won’t need to invest time and money in this sector of computing – their acquisitions and hiring already include A.I. This is a major step forward for the use of A.I. in Cyber Defense.
However, cybercriminals have also looked to A.I. to reinforce their strategies. In recent months, say research reports from the cybersecurity sector, they have intensified the incorporation of AI into the preparations for an attack. This ranges from identifying systems that have already been infected in other attacks to generating higher quality emails in your language, as well as generating and improving code. So there are already artificial intelligence platforms, similar to Google’s Bard or Microsoft’s ChatGPT, capable of creating malware programs, malicious scripts and texts for misleading emails that cybercriminals are using – they tell these platforms to analyze and improve the malware already available. Thus, as increasingly advanced generative A.I. tools become more accessible, cybercriminals are able to launch attacks much more easily and cost-effectively. And what’s worse: even without much technical knowledge.
The use of A.I. in cyber defense
Artificial intelligence solves what traditional software systems can’t keep up with. Using sophisticated algorithms, A.I. systems are continuously trained to detect malware, recognize patterns in the behavior of harmful programs and even detect signs of attacks before they happen. This skill comes from learning about everything that can be harmful. The A.I. analyzes not only code, but also articles, news and research on cyber threats. It therefore obtains information on new anomalies, cyber attacks and new prevention strategies, so that the defense is always ahead of the curve.
Expectations for the coming years
What will happen from now on on both sides of the cyber war is that everyone will try to make the most of the advantages brought by artificial intelligence. The defense side has the advantage of better organization and access to huge amounts of data – precisely what is most needed to learn A.I. platforms. However, cybercrime also has access to the financial and computational resources needed to continue developing and perfecting malware.
One of the biggest questions about the future of using AI in cybersecurity is whether it will help prevent a shortage of security personnel or whether it will end up having the opposite effect. What is more than evident is that it solves problems that no cyber team could solve. This way, she avoids unnecessary hiring. But it seems inevitable that, in the future, it will end up replacing humans in certain roles.
To stay on top of the main trends in cybersecurity and internet performance, be sure to check out our other materials!
See you next time!