CISOs and CIOs are carefully evaluating the advantages and drawbacks of deploying generative AI in the field of cybersecurity. The goal is to leverage AI’s continuous learning capabilities to enhance threat intelligence and streamline security workflows. However, trust in generative AI remains divided.
VentureBeat recently spoke with several CISOs from various industries and found that concerns about compromised intellectual property and data confidentiality are frequently raised by board members. Deep Instinct conducted a survey that quantifies these concerns, revealing that while 69% of organizations have adopted generative AI tools, 46% of cybersecurity professionals believe that such tools make organizations more vulnerable to attacks.
“Eighty-eight percent of CISOs and security leaders say that weaponized AI attacks are inevitable. Eighty-five percent believe that gen AI has likely powered recent attacks.”
This apprehension is further supported by the rise of weaponized generative AI tools on the dark web and underground forums. For example, FraudGPT quickly gained 3,000 subscriptions by July, demonstrating the demand for such tools among attackers.
According to Sven Krasser, chief scientist and senior vice president at CrowdStrike, cybercriminals are increasingly focusing on weaponizing large language models (LLMs) and generative AI. However, Krasser emphasizes that while these advancements increase the speed and volume of attacks, they do not necessarily improve the quality of attacks.
“Businesses must implement cyber AI for defense before offensive AI becomes mainstream. When it becomes a war of algorithms against algorithms, only autonomous response will be able to fight back at machine speeds to stop AI-augmented attacks.” – Max Heinemeyer, Director of Threat Hunting at Darktrace
Despite the concerns, the ability of generative AI to continuously learn and analyze vast amounts of data is seen as a significant advantage. CISOs and CIOs anticipate that this capability will improve behavior recognition and threat prediction. Companies such as Ivanti are partnering with other organizations to develop more precise and real-time risk prioritization algorithms, empowering security teams to assess vulnerabilities more efficiently.
Gen AI’s many potential use cases are a compelling catalyst driving market growth, even with trust in the current generation of the technology split across the CISO community. The market value of generative AI-based cybersecurity platforms, systems, and solutions is expected to rise to $11.2 billion in 2032 from $1.6 billion in 2022, a 22% CAGR.
Gartner predicts that by 2026, 80% of applications will incorporate generative AI capabilities, setting a precedent for widespread adoption. CISOs emphasize the importance of adaptability and integration with existing security frameworks when evaluating the value of generative AI applications.
Key Use Cases and Guidance from CISOs
- Implementing a zero-trust approach: CISOs recommend integrating generative AI tools with continuous monitoring, dynamic access controls, and strict verification of users, devices, and data, both at rest and in transit.
- Protecting against emerging attack vectors: Enterprises building large language models focus on countering query attacks, prompt injections, model manipulation, and data poisoning to safeguard their infrastructure.
- Knowledge management and integration: Generative AI can efficiently manage knowledge across security teams and large-scale enterprises, reducing the need for expensive system integration projects.
Gen AI’s impact on cloud security: Cloud exploitation attacks saw a 95% increase year-over-year, making it a rapidly growing threat surface for enterprises. To address this, organizations are pursuing mergers, acquisitions, and joint ventures to close multi-cloud and hybrid cloud security gaps. These efforts aim to strengthen application security and posture management.
Overall, CISOs play a crucial role in advising boards on how to balance the benefits and risks of generative AI. The widespread adoption of generative AI in cybersecurity is inevitable, and its potential market value is projected to grow significantly in the coming decade. It is essential for organizations to proactively incorporate generative AI’s capabilities into their defense strategy to stay ahead in the ongoing battle against cyber threats.