The advantages of AI in cybersecurity
AI brings three major advantages to cybersecurity. The first is speed. There’s a limit to what humans can analyze in terms of speed and scale. On the other hand, machines can analyze gargantuan amounts of data well beyond human capacity. And machines don’t just analyze; they can respond to threats and report them in real-time. For humans to achieve AI-like capacity, it would demand a ridiculous amount of human effort.
The third benefit AI delivers is automation. AI systems can autonomously correlate and analyze system and network logs, indicators of compromise (IOCs) and anomalies, detecting and responding to zero-day attacks immediately. This can be a game changer for security teams, especially at a time when cybersecurity is undergoing a talent shortage.
Limitations and challenges of AI
No doubt, AI’s potential is mind-boggling. But some of its benefits are overhyped. For instance, AI speed and accuracy. The more things machine learning flags for human review, the more time security teams spend analyzing. As a result, they might become distracted and lose sight of critical vulnerabilities. AI models can lack contextual understanding; they can misclassify anomalies, leading to greater false positives and alert fatigue — something security teams are already struggling with. Hidden biases and errors in training data can create loopholes and vulnerabilities, allowing threat actors to exploit them. AI can create a false sense of security. Organizations may make the mistake of overlooking the ongoing need for hands-on employee training because they rely too heavily on machine automation.
The need for human oversight, expertise and intuition
Like human skills, AI too has its limits. AI can automate routine tasks, but it’s certainly not at a stage where it can be trusted with making serious security decisions. This is because AI lacks the contextual understanding that humans naturally have for practical decision-making.
AI does not possess the human intuition called for detecting and preventing targeted social engineering attacks. AI will struggle to detect these attacks; that’s because scams can be tailored to individuals, using persuasive language [“free coupons!”] to deceive people into falling for phishing bait. Moreover, these attacks are conducted using legitimate channels (email, text, phone calls), making it challenging for AI-powered tools to sort the wheat from the chaff.
AI systems need human oversight. More than 90% of machine learning models degrade over time and deep learning algorithms are known to suffer a black box problem – the ironic failure of AI developers not fully understanding how AI “thinks”.
Moreover, AI is prone to exploitation and hacking. AI models can be injected with malicious training data; attackers can insert a backdoor that can be used to modify or weaponize the AI algorithm. Thus, human expertise is needed for monitoring the behavior and efficacy of AI models and to ensure safety and security.
Finally, there are cybersecurity elements that are beyond AI. For instance, organizations must build a culture of cybersecurity to mitigate human error because people are responsible for allowing most cyberattacks to prevail. A machine cannot be expected to build a rapport with people or get employees to conform and commit to following security best practices. One needs an empathetic touch, an intimate knowledge of social norms to connect, teach and empower people.
Using AI to fight cyber threats at scale is certainly the future. However, it will be a while before some autonomous AI can make individual security choices. Until then, organizations will need to persistently invest in education to develop the right skilled personnel to train and monitor AI systems. In concert with fostering a culture of security awareness, human intuition is needed to defend against sophisticated threats.
