Learning Library

← Back to Library

AI and Cybersecurity: Risks and Rewards

9mUnknown ChannelsecuritytutorialintermediateWatch on YouTube ↗

Key Points

  • AI‑generated text can produce highly convincing phishing emails, undermining traditional language‑based detection methods.
  • Generative AI can automatically write code, which means it can also create and embed malware or backdoors into software if not carefully reviewed.
  • Hallucinations and prompt‑injection attacks cause AI systems to supply false or manipulated information, amplifying misinformation risks.
  • Deep‑fake technology can replicate a person’s appearance, voice, and mannerisms, enabling realistic identity spoofing and social‑engineering attacks.
  • To mitigate these threats, organizations must verify AI outputs, guard against over‑reliance, and implement robust security controls while still leveraging AI’s productive capabilities.

Sections

Full Transcript

# AI and Cybersecurity: Risks and Rewards **Source:** [https://www.youtube.com/watch?v=cjy5jpRS_S0](https://www.youtube.com/watch?v=cjy5jpRS_S0) **Duration:** 00:09:58 ## Summary - AI‑generated text can produce highly convincing phishing emails, undermining traditional language‑based detection methods. - Generative AI can automatically write code, which means it can also create and embed malware or backdoors into software if not carefully reviewed. - Hallucinations and prompt‑injection attacks cause AI systems to supply false or manipulated information, amplifying misinformation risks. - Deep‑fake technology can replicate a person’s appearance, voice, and mannerisms, enabling realistic identity spoofing and social‑engineering attacks. - To mitigate these threats, organizations must verify AI outputs, guard against over‑reliance, and implement robust security controls while still leveraging AI’s productive capabilities. ## Sections - [00:00:00](https://www.youtube.com/watch?v=cjy5jpRS_S0&t=0s) **Untitled Section** - ## Full Transcript
0:00what are two of the hottest topics not 0:02only in I.T but in society these days 0:05well if you said artificial intelligence 0:09and cyber security 0:12I'd agree with you both are really hot 0:15in fact even your non-technical friends 0:17have heard of these and may be talking 0:19about them and asking you questions and 0:21I'm going to suggest to you this 0:23intersection between the two even hotter 0:26still so what are we going to talk about 0:27in this video I'm going to talk about 0:29what from a cyber security standpoint AI 0:32can do to you and what it can do for you 0:35so let's take a look at that I'm going 0:38to start with some of the downsides 0:39first and then we'll conclude with some 0:41positive things on the downside what 0:44could AI do to us from a cyber security 0:46standpoint well it turns out that a lot 0:50of times we're able to tell about a 0:51phishing attack because the English 0:53language of the rider is not so good 0:55it's not their first language however 0:58you could now go into a chat bot and use 1:01it to generate very natural sounding 1:03language even though you might say but 1:06but Jeff there are Protections in some 1:08of these chat Bots that if you tell it 1:10to write you a phishing email it won't 1:12do to it there are also ways of 1:14re-engineering your prompt so that you 1:16can get past that so this is one area 1:19where phishing attacks are going to get 1:21better and the ways that we've been able 1:23to detect them in the past are not going 1:25to be so effective anymore 1:26what's another thing well on the 1:28positive side this generative Ai and 1:31chat Bots and things like that are able 1:33to write code for us so if I want to I 1:35can have it write code and do it really 1:38quickly and effectively it also means it 1:41could write malware as well it also 1:43means it could insert malware into the 1:46code that I have it also means it could 1:48insert back doors into the code that I 1:50have so we got we have got to also 1:53verify when we ask it to write code for 1:57us then in fact the code that it's 1:59giving us is pure and is doing what we 2:01intend for it to do 2:02another thing it could do to us 2:05misinformation 2:06how does this happen well these are 2:09generative AIS so one of the things that 2:11they suffer from is this issue we call 2:13hallucination where it may make up 2:16information or conflate two things that 2:18are not really related to each other and 2:20give a false impression also we could 2:23have a determined attacker who is doing 2:25what's known as a prompt injection where 2:28they're inserting bad information into 2:30the system or they're attacking the 2:33Corpus that is the body of knowledge 2:35that the system is based on and if they 2:37were able to do that then what comes out 2:39would be wrong information so we have to 2:42be careful to guard against 2:43over-reliance and make sure that we're 2:45verifying and testing our sources so 2:49that we can make sure that they're 2:50trustworthy one other example I'll give 2:52you here and there are actually many but 2:54I think this one's particularly 2:55interesting is this idea of a deep fake 2:58a deep fake is where we basically have 3:01an AI system that is able to copy your 3:04image and likeness your mannerisms your 3:07voice your appearance all of these 3:09things to the point where someone is 3:12looking at a video of you and they can't 3:14tell if it really was an actual video of 3:17you or a deep fake where we could have 3:20you saying things that weren't true and 3:22therefore if we're going to trust this 3:24kind of system we need a way to verify 3:26these things but right now the Deep fake 3:28technology has gone so far ahead in a 3:31very short period of time that it's 3:33going to be hard to verify those kinds 3:35of things 3:36okay we've just talked about what AI can 3:39do to us now let's look at some 3:41positives what can AI do for us in the 3:43cyber security space it turns out a lot 3:46in fact we do a survey each year that we 3:50call the cost of a data breach survey 3:52and the report that came back this year 3:54indicated that the number one thing you 3:57can do to save on the cost of a data 3:59breach and improve your response time is 4:02the extensive use of AI and Automation 4:05and here's what it can do on the one 4:08hand it can save on average 176 million 4:12dollars per data breach with the average 4:15data breach costing four and a half 4:16million that's a significant savings 4:19it can also cut down the mean time to 4:22identify and contain a breach by a 4:25hundred and eight days that makes a big 4:28difference so we know this is effective 4:31now what are we doing to make these 4:33kinds of results well it turns out a lot 4:36of what we do in this space is to do 4:38better analysis 4:41we're going to analyze large data sets 4:44lots of information that we have out 4:46there it's very hard to find patterns if 4:48I give you a whole large data set but if 4:52I use a technology called machine 4:54learning I can do a lot better job of 4:56spotting outliers and anomalies which is 5:00what we want to do in security a lot now 5:02I mentioned machine learning what is 5:04that well if you think about AI in 5:06particular as this large sort of 5:09umbrella term with a number of 5:10Technologies involved well Machine 5:12learning is a subset of that that 5:16specifically deals with some of these 5:17kind of analyzes that I've just referred 5:20to machine learning is what is often 5:22used in the security space we do it a 5:25lot because again it's very good at 5:27spotting anomalies and outliers and 5:29patterns and that's what we need a lot 5:31of in the security space so we're doing 5:33a lot of this today and a lot of these 5:36results come from leveraging machine 5:38learning which is a subfield of AI what 5:42else I mentioned automation well AI can 5:45help us in the automation task as well 5:47and I'll give you a few examples coming 5:49up but some of the things it can do is 5:51anticipate what we need to do next and 5:54some of those kind of things really 5:56start coming in from the area of deep 5:59learning which is a subfield of machine 6:01learning and then now this really new 6:03area that everyone is talking about 6:05these days Foundation models or you may 6:08hear them called large language models 6:10generative AI chat Bots they all exist 6:14in this space down here what can we 6:16start doing as I said security has 6:18mostly leveraged this in the past what 6:22can we start doing to leverage some of 6:24this stuff going forward well it turns 6:26out a lot of things because one of the 6:28things that Foundation models are really 6:30good at is summarizing 6:32they can be fed a lot of information and 6:36then it can give you a very quick 6:37summary of that why would that be useful 6:40well if you've got tons of documents 6:42you're trying to review it could give 6:43you the net the cliff notes of that 6:46another good use case for this would be 6:49incident summarization and case 6:51summarization if I'm seeing lots and 6:52lots of cases in my environment this 6:55kind of Technology could be used to tell 6:58me what are the trends among those cases 7:01are these things all related or are they 7:02all very different and my guess is 7:04they're probably at least a few things 7:06that are similar about these so that's 7:08an another nice use case that we'll see 7:11coming in the future from generative AI 7:14Foundation models into cyber security 7:17some other things we can do we know 7:20these kind of chat Bots are good at 7:21interacting 7:25so you can respond to them in natural 7:28language you don't have to format your 7:30queries using a particular query 7:32language or using a particular syntax 7:34you use the natural language that you're 7:37used to so for me I would state in 7:40English 7:41what are we being affected by this 7:43particular kind of malware and maybe 7:46what it could do is build a query for me 7:48that I can then run into my environment 7:50and it comes back and tells me am I 7:52affected or not and I can then ask more 7:55questions tell me more about this kind 7:56of malware what kind of indicators of 7:58compromise are there that are associated 8:00with this all of that stuff gives me a 8:04very easy intuitive way to get 8:07information that is highly technical out 8:09of the system and do this much faster 8:11another thing we might want to do is 8:14generate playbooks 8:17playbooks are the things that we use in 8:19incident response when we're trying to 8:21figure out what do we need to do once 8:23we've had an incident so generating 8:25these on the Fly generative AI 8:28generating playbooks you can see where 8:30there might be some type of crossover 8:32this is a good use case also for this 8:35technology so expect to see more of that 8:37and in fact there could be other types 8:40of things where we're using generative 8:42creative technology because these things 8:44really are creating for instance with 8:46threat hunting 8:48a threat Hunter is basically coming up 8:51with a hypothesis and saying I wonder if 8:53someone were to attack us maybe they 8:55would do the following things 8:57and we have a limitation in terms of our 9:00imagination sometimes the bad guys may 9:02dream up scenarios that we don't so it 9:05might be useful to have a system that 9:07can dream up scenarios we didn't think 9:09of using a generative AI to generate 9:12hypothetical cases that we then go out 9:15and automate and do a threat hunt in our 9:17environment this is all really super 9:19exciting stuff I think and it shows 9:22exactly what we'll be able to do in this 9:24space because what we want to be able to 9:26do is move away from being purely 9:29reactive to a more proactive 9:32way of doing cyber security and that's 9:35the good news in this story we've got Ai 9:38and cyber security and if they're 9:40working together as you see here we can 9:42end up with a more proactive Solution 9:45that's more cost effective and keeps us 9:47all much safer 9:49thanks for watching if you found this 9:51video interesting and would like to 9:53learn more about cyber security please 9:54remember to hit like And subscribe to 9:56this channel