In nearly every segment of our lives, AI (artificial intelligence) now makes a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serve up the right recommendation for a streaming movie on Friday night. However, one can also make a strong case that some of AI’s most significant impacts are in cybersecurity.
AI’s ability to learn, adapt, and predict rapidly evolving threats has made it an indispensable tool in protecting the world’s businesses and governments. From basic applications like spam filtering to advanced predictive analytics and AI-assisted response, AI serves a critical role on the front lines, defending our digital assets from cyber criminals.
The future for AI in cybersecurity is not all rainbows and roses, however. Today we can see the early signs of a significant shift, driven by the democratisation of AI technology. While AI continues to empower organisations to build stronger defences, it also provides threat actors with tools to craft more sophisticated and stealthy attacks.
In this blog, we’ll review how the threat landscape has changed, trace the evolving role AI plays in cyber defence, and consider the implications for defending against attacks of the future.
AI in Cybersecurity: The First Wave (2000–2010)
As we welcomed the new millennium, the initial stages of digital transformation began affecting our personal and professional lives. In most organisations, knowledge workers did their jobs within tightly managed IT environments, leveraging desktop and laptop PCs, along with on-premises data centres that formed the backbone of organisational IT infrastructure.
The cyber threats that gained prominence at this time primarily focused on sowing chaos and gaining notoriety. The early 2000s witnessed the birth of malware like ILOVEYOU, Melissa, and MyDoom, which spread like wildfire and caused significant global disruptions. As we moved toward the mid-2000s, the allure of financial gains led to a proliferation of phishing schemes and financial malware. The Zeus banking trojan emerged as a significant threat, stealthily stealing banking credentials of unsuspecting users.
Organisations relied heavily on basic security controls, such as signature-based antivirus software and firewalls, to try and fend off intruders and protect digital assets. The concept of network security began to evolve, with improved intrusion detection systems making their way into the cybersecurity arsenal. Two-factor authentication (2FA) gained traction at this time, adding an extra layer of security for sensitive systems and data.
This is also when AI first began to show significant value for defenders. As spam email volumes exploded, unsolicited — and often malicious — emails clogged mail servers and inboxes, tempting users with get-rich-quick schemes, illegal pharmaceuticals, and similar lures to trick them into revealing valuable personal information. While AI still sounded like science fiction to many in IT, it proved an ideal tool to rapidly identify and quarantine suspicious messages with previously unimaginable efficiency, helping to significantly reduce risk and reclaim lost productivity. Although in its infancy, AI showed a glimpse of its potential to help organisations protect themselves against rapidly evolving threats, at scale.
AI in Cybersecurity: The Second Wave (2010–2020)
As we transitioned into the second decade of the millennium, the makeup of IT infrastructure changed significantly. The explosion of SaaS (software-as-a-service) applications, cloud computing, BYOD (bring your own device) policies, and the emergence of shadow IT made the IT landscape more dynamic than ever. At the same time, it created an ever-expanding attack surface for threat actors to explore and exploit.
Threat actors became more sophisticated, and their objectives broadened; intellectual property theft, infrastructure sabotage, and monetising attacks on a larger scale became common. More organisations became aware of nation-state threats, driven by well-funded and highly sophisticated adversaries. This in turn drove a need for equally sophisticated defences that could autonomously learn fast enough to stay a step ahead. Incidents like the Stuxnet worm targeting Iranian nuclear facilities, and devastating attacks against high-profile companies like Target and Sony Pictures, gained notoriety and underscored the escalating stakes.
At the same time, the vulnerability of supply chains came into sharp focus, exemplified by the SolarWinds breach that had ramifications for tens of thousands of organisations around the world. Perhaps most notably, ransomware and wiper attacks surged with notorious strains like WannaCry and NotPetya wreaking havoc globally. While relatively easy to detect, the volumes of these threats demanded defences that could scale with speed and accuracy at levels that far outstripped a human analyst’s capabilities.
During this time, AI emerged as an indispensable tool for defenders. Cylance led the charge, founded in 2012 to replace heavyweight legacy antivirus software with lightweight machine-learning models. These models were trained to identify and stop rapidly evolving malware quickly and efficiently. AI’s role in cybersecurity continued to expand, with machine-learning techniques employed for detecting anomalies, flagging unusual patterns or behaviours indicative of a sophisticated attack, and performing predictive analytics to foresee and prevent possible attack vectors.
AI in Cybersecurity: The Third Wave (2020-Present)
Today, a profound shift is unfolding around the use of AI in cybersecurity. The ubiquity of remote work, coupled with hyperconnected and decentralised IT systems, has blurred the traditional security perimeter. With a surge in IoT (Internet of Things) and connected devices — from smart homes to smart cars and entire cities — the attack surface has expanded exponentially.
Amidst this backdrop, the role of AI has evolved from being purely a defensive mechanism to a double-edged sword, wielded by adversaries as well. While commercial generative AI tools, such as ChatGPT, have attempted to build guardrails to prevent bad actors from using the technology for malicious purposes, adversarial tools such as WormGPT have emerged to fill the gap for attackers.
Potential examples include:
- AI-Generated Phishing Campaigns: With the assistance of generative AI, attackers can now craft highly convincing phishing emails, making these deceptive messages increasingly difficult to identify. Recent research alsoconfirms that generative AI can save attackers days of work on each phishing campaign they create.
- AI-Assisted Target Identification: By leveraging machine-learning algorithms to analyse social media and other online data, attackers can more efficiently identify high-value targets and customise attacks accordingly.
- AI-Driven Behaviour Analysis: Malware empowered by AI can learn typical user or network behaviours, enabling attacks or data exfiltration that evades detection by better mimicking normal activity.
- Automated Vulnerability Scanning: AI-powered reconnaissance tools may facilitate autonomous scanning of networks for vulnerabilities, choosing the most effective exploit automatically.
- Smart Data-Sorting: Instead of mass-copying all available data, AI can identify and select the most valuable information to exfiltrate, further reducing the chances of detection.
- AI-Assisted Social Engineering: The use of AI-generated deepfake audio or video in vishing attacks can convincingly impersonate trusted individuals, lending greater credibility to social engineering attacks that persuade employees to reveal sensitive information.
The unfolding of this third wave of AI underscores a crucial inflection point in cybersecurity. The dual use of AI — both as a shield and a spear — highlights the need for organisations to stay informed.
Concluding Thoughts
The evolutionary journey of cybersecurity emphasises the relentless ingenuity of threat actors and the need for defenders to keep well-equipped and informed. As we transition into a phase where AI serves both as an ally and a potential adversary, the story becomes more complex and fascinating.
Cylance® AI has been there since the beginning, as a pioneer in AI-driven cybersecurity and a proven leader in the market. Looking ahead, we at BlackBerry® are continually pushing the boundaries of our Cylance AI technology to explore what’s next on the horizon. Keep an eye out for our upcoming blog where we will delve into how generative AI is entering the scene as a powerful tool for defenders, offering a new lens to anticipate and counter the sophisticated threats of tomorrow.
The future holds great promise for those prepared to embrace the evolving tapestry of AI-powered cybersecurity.
For similar articles and news delivered straight to your inbox, subscribe to the BlackBerry Blog.