AI-Driven Cyber Threats and Passwordless Future
Key Points
- AI has shifted from a predicted trend to a dominant force in cybersecurity, driving both new threats and the need for stronger defenses.
- The industry is moving away from traditional passwords toward password‑less authentication methods like the FIDO standard, which offer greater security and usability.
- AI‑generated phishing emails are expected to become increasingly sophisticated, making credential theft easier unless password‑less secrets are used.
- Deepfake technology is rapidly advancing and already embedded in many mobile operating systems, enabling realistic voice and visual impersonations for fraud.
- Because deepfake detection will likely lag behind creation capabilities, widespread education and proactive countermeasures are essential to mitigate this emerging risk.
Sections
- AI Threats and FIDO Shift - The speaker predicts AI will become the dominant cybersecurity challenge—fueling deepfakes and sophisticated phishing—while advocating a move to passwordless authentication standards like FIDO.
- AI Hallucinations and Cybersecurity Symbiosis - The speaker warns that generative AI’s frequent hallucinations can create security risks, advocates retrieval‑augmented generation and better model tuning to improve accuracy, and envisions a mutually reinforcing future where AI enhances cyber defense while cybersecurity safeguards AI trustworthiness.
- AI, Quantum Risks, Skills Gap - The speaker highlights the accelerating impact of AI, the impending quantum threat to encryption, and a modest decline in the cybersecurity talent shortage.
Full Transcript
# AI-Driven Cyber Threats and Passwordless Future **Source:** [https://www.youtube.com/watch?v=6TE0LovKQa4](https://www.youtube.com/watch?v=6TE0LovKQa4) **Duration:** 00:07:56 ## Summary - AI has shifted from a predicted trend to a dominant force in cybersecurity, driving both new threats and the need for stronger defenses. - The industry is moving away from traditional passwords toward password‑less authentication methods like the FIDO standard, which offer greater security and usability. - AI‑generated phishing emails are expected to become increasingly sophisticated, making credential theft easier unless password‑less secrets are used. - Deepfake technology is rapidly advancing and already embedded in many mobile operating systems, enabling realistic voice and visual impersonations for fraud. - Because deepfake detection will likely lag behind creation capabilities, widespread education and proactive countermeasures are essential to mitigate this emerging risk. ## Sections - [00:00:00](https://www.youtube.com/watch?v=6TE0LovKQa4&t=0s) **AI Threats and FIDO Shift** - The speaker predicts AI will become the dominant cybersecurity challenge—fueling deepfakes and sophisticated phishing—while advocating a move to passwordless authentication standards like FIDO. - [00:03:23](https://www.youtube.com/watch?v=6TE0LovKQa4&t=203s) **AI Hallucinations and Cybersecurity Symbiosis** - The speaker warns that generative AI’s frequent hallucinations can create security risks, advocates retrieval‑augmented generation and better model tuning to improve accuracy, and envisions a mutually reinforcing future where AI enhances cyber defense while cybersecurity safeguards AI trustworthiness. - [00:06:40](https://www.youtube.com/watch?v=6TE0LovKQa4&t=400s) **AI, Quantum Risks, Skills Gap** - The speaker highlights the accelerating impact of AI, the impending quantum threat to encryption, and a modest decline in the cybersecurity talent shortage. ## Full Transcript
Last year I did a video on cybersecurity trends, and in that I talked about artificial intelligence
and I thought that was going to be important. It's turned out to be very important and it's
going to be even more important as we go forward.
By the way, is my hair really that gray in the next deepfake? We're going to fix that.
Okay, let's take a look at the future. What I'm sure
of is that the future will look something like the past. And in fact, one of the things we'll see in
the future are more AI based threats. But more on that in a few minutes. What we're going to see,
though, also, is that change is the only constant. So that means things will be similar to the past,
but there will also be new things that we're going to take a look at. One of the new things
that I think is on the positive side is that we're going to see a move away from passwords toward
past keys. There's a new standard called Fido that allows you to not have to send a password,
but in fact, you do something that is simpler, easier to use and more secure. We don't normally
get to do both of those at the same time, and we're going to need it. And what's the reason
for that? Well, because AI, as I mentioned, is going to be an increasing threat factor for us.
AI based phishing emails are going to become more and more common, I expect, because they
can generate what is very convincing emails to get people to try to log in or share their credentials
in ways that they shouldn't. And this is a very efficient way of doing it. However, if you don't
have a password in the first place to send, if you only have something that is a secret that stays on
your system, then there's no way for someone to fish that out of you. So that this is going to
be a good thing to try to help against that. Now, there are other things that we can take a look at
that also in the air space, generative AI, I think we're going to see an increased use of deepfakes.
These are things where we simulate the voice, the image, the likeness of an individual. And in fact,
deepfake technology has become so good and it is so prevalent. In fact, if you have a mobile phone,
it's probably already built into your operating system. In most cases. You may not know about it,
but it's there. So you could use this kind of technology to fake someone out, have them believe
something that's not true. For instance, have someone call a relative and say, I need money.
It sounds like it's your voice. So they send the money. So we're going to need to do more in terms
of educating people about deepfakes and the threat in that space, because I think we're going to see
more of it. And by the way, if you think deepfake detection is going to be a good way to go,
I'm going to ask you to think again about that. Deepfake technology will always keep getting
better and it will eventually be to the point where I don't think detection is going to work. In
many cases, we've already seen this happen. So the focus needs to be not on detecting the deepfake
with some sort of technology, but building security mechanisms around it so that we're not
reliant on the information that's in the deepfake itself. Other things that we're going to take a
look at would be a threat that comes to us from generative AI and that's hallucinations. And by
the way, you didn't think I was going to actually write that word out when I have a magic board that
can autocomplete. That's what generative AI does, right? So I'm leveraging that. Hallucinations.
We're going to be more and more dependent upon generative AI, large language models and chat bot
to give us information. The problem is, some of the information they give us isn't always right.
And we call those hallucinations, and we're going to make decisions based upon that that could cause
security threats to us. So my hope is that there will be other technologies, things like retrieval,
augmented generation, or what we call rag technology that will help reinforce and make
this system better and more accurate. Other things that we can do to tune the models and
train them better so that they don't hallucinate nearly as much going forward. And then finally,
I'm going to say something. I want to leave you with a positive in terms of a look at the
future. And that is there's this symbiotic relationship between AI and cybersecurity,
and that is we're going to use AI to do a better job of cybersecurity. In fact, there's a lot of
things that we can do in this space to leverage generative AI in order to better think about the
way someone would attack us. Also summarize cases and things of that sort. So I think we're going
to be able to do a better job with cybersecurity by leveraging AI. By the same token, we're going
to need to use our cybersecurity skills in order to secure this AI so that it can be trustworthy,
so that we can, in fact, believe that the information it gives us is true. Okay,
that's the future. And it's not a big surprise that the future is very heavy. However, there's
a lot of existing threats that have continued to persist and will continue to persist as we move
into the future. Let's take a quick look at the scorecard from last year's predictions and see
which ones of those actually came true and which ones carry forward. I mentioned data breach last
year when I did the video, and in fact, it turns out that the cost of a data breach has continued
to increase. In fact, now we're on the order of four and a half million dollars on average
worldwide. And in the US that number is almost twice as high. So that one I'm going to say yeah,
came true ransomware. In fact, we've continued to see ransomware persist. The the overall numbers
are a little bit down but the amount of time it takes to run one of these attacks has changed
dramatically. This according to the X-Force Threat Intelligence Index, which says that back in 2019,
we were looking at 60 days on average to deploy one of these. Now we're down to about four days.
So this is kind of a mixed bag. You know, this is it's sort of true. Sort of not true. But
ransomware is going to continue to be a threat and it's a faster threat than it used to be.
Multifactor authentication. I don't know about you, but I'm definitely seeing more websites
that are offering this as an alternative and I'm taking advantage and you should as well.
I think we'll continue to see a lot more of that as we go forward. Iot, Internet of Things,
threats. Yes. In fact, we've seen there was one study that came out that said there was in fact,
a fourth percent increase in Iot attacks in this year, 2023. So that one is definitely continued.
We don't see that one changing. I already talked about AI That one's only going to get bigger,
as we would guess. And then quantum computing. I talked about that one last year, and in particular
that quantum systems are going to one day be able to crack our cryptography. They haven't
effectively done that yet, but we're one year closer to it. So this is one of those you can say,
well, it's it's sort of true. We're definitely closer to the point when that's going to become
a real threat to us. Not here exactly yet. One bit of good news. I can report, though,
that I was partly right and partly wrong on, and that is the skills gap. So the skills gap actually
moved from what was 770,000 open positions in the cybersecurity space to now, according
to Cyber Secord. We're down to about 570,000, so that's an improvement. I predicted that we
would still have a skills gap, and we do, but it actually has has gone down a little bit. And I
hope that continues to be the case because we need a lot of good guys in here who are going to be
able to fight the good fight. Thanks for watching. If you found this video interesting and would like
to learn more about cybersecurity, please remember to hit like and subscribe to this channel.