Will AI make us more secure?
ChatGPT, the dialogue-based AI chatbot capable of understanding natural human language, has become another icon in the disruptor ecosystem. Gaining over 1 million registered users in just 5 days, it has become the fastest growing tech platform ever.
ChatGPT generates impressively detailed human-like written text and thoughtful prose, following a text input prompt. In addition, ChatGPT can write and hack code which is a potential major headache from an infosec point of view and has set the Web3 community on fire. They are reeling from the implications and the sheer ingenuity of this AI Chatbot that can analyse code and detect vulnerabilities in seconds – : https://twitter.com/gf_256/status/1598104835848798208
The Naoris Protocol POV – How will AI affect cybersecurity
Following the hype around ChatGPT, the race is now on between OpenAI’s Chat GPT and Google’s LaMDA to be the market leading NLP search tool for users and corporations moving forward. OpenAI is a newbie with $1B in funding and a $20B valuation, as opposed to Google’s towering $281B revenue. However, Google must rapidly innovate and adapt or risk being left behind, an example being TikTok and Meta, with the short format of TikTok leading the zeitgeist to become the most downloaded app, beating Facebook in 2022. Google is taking this seriously, having announced a ‘code red’ to develop a new AI based search engine product to counter OpenAI’s land grab. Ironically, ChatGPT uses the same conversational AI platform developed by Google’s engineers in 2017.
How this will affect cybersecurity in the future is unknown, but there are some assumptions.
In the long term, this will be a net positive for the future of cyber security if the necessary checks and balances are in place. In the short term, AI will expose vulnerabilities which will need to be addressed, as we could see a potential spike in breaches.
AI that writes and hacks code could spell trouble for enterprises, systems and networks. Current cybersecurity is already failing with exponential rises in hacks across every sector, with 2022 reportedly already 50% up on 2021.
With AI maturing, the use cases can be positive for the enterprise security and development workflow, which will increase the defence capabilities above the current (existing) security standards. Naoris Protocol utilises Swarm AI as part of its breach detection system which monitors all networked devices and smart contracts in real time.
- AI can help organisations improve their cybersecurity defences by enabling them to better detect, understand and respond to potential threats. AI can also help organisations respond to and recover from cyberattacks more quickly and effectively by automating tasks such as incident response and investigation. It can free up human resources to focus on more high-level, strategic tasks.
- By analysing large volumes of data and using advanced machine learning algorithms, AI could (in the future) identify patterns and trends that may indicate a cyberattack is imminent, allowing organisations to take preventative measures before an attack occurs, minimising the risk of data breaches and other cyber incidents.
- The adoption of AI could help organisations stay one step ahead of potential attacks and protect their sensitive data and systems. By integrating AI into an organisation’s production pipeline to create smarter and more robust code, with developers instructing AI to, write, generate and audit (existing programming) the code.
- AI currently cannot replace developers as it cannot understand all of the nuances of systems (and business logic) and how they work together. Developers will still need to read and critique the AIs output, learning patterns, looking for weak spots. AI will positively impact the CISO and IT team’s ability to monitor in real time. Security budgets will be reduced, cybersecurity teams will also reduce in numbers. Only those who can work with and interpret AI will be in demand.
However, bad actors can increase the attack vector, working smarter and a lot quicker by instructing AI to look for exploits and vulnerabilities within existing code infrastructure. The cold hard truth could mean that thousands of platforms and smart contracts could suddenly become exposed leading to a short term rise in cyber breaches.
- As ChatGPT and LaMDA are reliant on large amounts of data to function effectively, if the data used to train these technologies is biassed or incomplete, it could lead to inaccurate or flawed results, e.g. Microsoft’s TAY AI turned evil within hours. Naoris Protocol uses Swarm AI only to monitor the metadata of the known operational baselines of devices and systems, ensuring they have not been tampered with in any way. Therefore, the Naoris Protocol AI only detects behavioural changes to devices and networks, referencing known industry baselines (OS & firmware updates etc) rather than learning and forming decisions based upon diverse individual opinions.
- Another issue is that AI is not foolproof and can still be vulnerable to cyberattacks or other forms of manipulation. This means that organisations need to have robust security measures in place to protect these technologies and ensure their integrity.
- It is also important to consider the potential ethical implications of using ChatGPT and LaMDA for cybersecurity. For example, there may be concerns about privacy and the use of personal data to train these technologies, or about the potential for them to be used for malicious purposes. However, Naoris Protocol only monitors metadata and behavioural changes in devices and smart contracts, and not any kind of personal Identifiable Information (PII).
AI will require enterprises to up their game. They will have to implement and use AI services within their security QA workflow processes prior to launching any new code / programmes. AI is not a human being. It will miss basic preconceptions, knowledge and subtleties that only humans see. It is a tool that will improve vulnerabilities that are coded in error by humans. It will seriously improve the quality of code across all web2 and web3 organisations. The current breach detection time as measured by IBM (IBM’s 2020 Data security report) is up to 280 on average. Using AI systems like Naoris Protocol’s cybersecurity solution as part of an enterprise defence in depth posture, breach detection times can be reduced to less than 1 second, which changes the game.
It is worth noting that AI is a relatively new technology and still being developed and refined, therefore we can never 100% trust its output. Human developers will always be needed to ensure that code is robust meeting an organisation’s business requirements. However, AI is being used by both sides – from good and bad actors in an effort to give them the edge. With regulation working several years behind technology, we need organisations to implement a cyber secure mentality across their workforces in order to combat the increasing number of evolving hacks. The genie is now out of the bottle and if one side isn’t using the latest technology, they’re going to be in a losing position. So if there’s an offensive AI out there, enterprises will need the best AI tool to defend themselves with. It’s an arms race as to who’s got the best tool.