Google Cloud Vice President and CISO Phil Venables clearly believes that generative AI can give defenders an edge over attackers and will give them a significant, significant advantage over the next three to five years. .

Venables and his colleagues at Google have described the defender's dilemma as a classic, if not cliché, truism: the attacker only has to be right once, but the defender must always be right. They claim that AI can reverse that,” he told Cybersecurity Dive.

Last month, Google launched the AI ​​Cyberdefense Initiative to accelerate the development of AI for digital security. A corresponding report published at the same time proposes the development of autonomous cyber defense and research into the design, construction and use of AI in system safety.

Much of the report is yet to be realized, including AI-integrated defense systems with access to telemetry and analytics, tools to manage and remediate an organization's attack surface, and systems that learn from global attack data and discover vulnerabilities. It is forward-looking with forward-looking examples. More comprehensively than the attacker.

The structural characteristics of AI drive Venables' optimism in developing foundational models trained on threat data, organizational data, security knowledge and tools, to transform capabilities and productivity by at least 10x. may bring.

Fundamentally, when you think about what AI is and what it does, it's trained on a set of data, data that the organization owns, plus fine-tuning with lots of adjustments from the organization's context and expertise. Venables said.

Google Cloud CISO Phil Venables

Permission by Google

This is exactly the asymmetry that favors the defender. Because as defenders, we can fine-tune the AI ​​to become the perfect assistant to our entire environment. Attackers, on the other hand, need to be versatile in every way, Venables said.

By the way, if the attacker has all the data your organization has, they don't need to attack because they've already won.

By design, the scope of AI-powered attackers remains narrow.

While many cybersecurity company executives believe that generative AI is a viable mechanism to strengthen defenses and improve the performance of their respective businesses, not everyone is convinced that this technology will bring significant benefits. It doesn't mean that it is.

According to Kelly Shortridge, senior principal engineer in Fastly's CTO office, defenders are already using modern software engineering techniques to reorient systems around resiliency and regain advantage for attackers. can do.

I think this is almost a solution to looking for a problem, especially in cybersecurity. Shortridge commented extensively on generative AI technologies on Cybersecurity Dive last year. We want to be part of a new topic, but we don't really know how it applies.

Security researchers have yet to observe evidence of threat actors using generative AI to significantly improve their operations or launch cyberattacks. But just because AI hasn't proven effective against attackers so far doesn't mean the same results apply to defense.

What excites me about this opportunity, especially in the security space going forward, is the ability to enhance human operational capabilities to analyze threats faster and even generate automated defenses faster than ever before. Venables said it will.

The reason attackers haven't broadly added AI to their tools so far is, somewhat ironically, because they haven't needed to, Venables said. The threat actor is accomplishing his objectives without AI.

I believe that attackers are rational economic actors. Venables said he doesn't plan on launching a ton of activities as long as he's finding success every day with traditional methods.

Threat actors are using AI to create more accurate and tempting phishing campaigns. This is an ideal use case because it allows attackers to generate large numbers of messages where they have the greatest economic benefit when attempting to gain some form of unauthorized access through social engineering. Said.

the reward outweighs the risk

His predictions about AI in security contrast with his current outlook for AWS technology. AWS CISO Chris Betz told Cybersecurity Dive last week that it's too early to tell whether the benefits brought by generative AI will be for defenders or attackers.

Venables said there's clearly a long road to adoption, integration, fine-tuning, and making it happen within an organization. But in the medium to long term, I definitely think it gives the defender a pretty significant structural advantage.

Reversing the security scenario with significant help from AI requires organizations to have some level of expertise, especially when it comes to integrating AI models with tools, internal data, and context.

Venables said many organizations have a number of fundamental vulnerabilities that remain unaddressed.

He said AI can help companies identify problematic vulnerabilities. This technology can also serve as a guide to properly configuring your cloud or on-premises infrastructure and the right way to build your software.

The common pattern across all of these is that AI is better at many things when acting alone, but it's usually better at most things when used as a complement to human activity. Venables said there is. We're using it to improve existing human skills and productivity, and I think that's very exciting.

There are several signals, or leading indicators, that Venables looks for as evidence that defenses have an AI advantage.

Increased productivity of security team efforts Increased reach with the same amount of people and tools Faster resolution of known new threats or vulnerabilities

According to Venables, if these achievements are achieved with AI for cyber defense, the lagging indicator of fewer cyber attacks and security incidents will almost be guaranteed.

Venables has wide-ranging concerns about how organizations can safely deploy AI, but Gemini 1.5, Google's next-generation large-scale language model, was over-revised shortly after its release in mid-February. We do not foresee risks similar to those in the image.

We're literally just leveraging its very deep structural analysis capabilities to examine the context of the data against the underlying body of knowledge, Venables says. You'll need to be careful to fine-tune the output, but you're usually not exposed to the same kinds of risks as running it as a general image generator or a general chatbot. Type of prompt.

