What impact will generative AI (gen AI) have on the cybersecurity landscape? This is a big question for founders and investors – not only because it’s on everyone’s mind, but because it’s a complex issue that you’ll need to be able to navigate successfully.
Like other new technologies that have altered the structure of doing business, gen AI presents both challenges and opportunities. Consider the recent kerfuffle over OpenAI and its leadership, a clear indicator of the tension between fear and possibility. Furthermore, in order to plot a path forward, we need to keep a view of where we have been.
In this blog post, we’re going to attempt to break it down for you. We’ll tell you how gen AI is accelerating the evolution of threats, how traditional systems will need to evolve to face those threats, and how emerging systems are already transforming the ecosystem. In short, we’ll explain why you might be concerned and what you can do about it.
Generative AI and cybersecurity: How nervous should you be?
The onset of generative AI was actually less a sudden change than it has been an evolution. In fact, AI has been around in the security space for a while. The coming of age moment of the generative nature of AI presented new ways to harness the technology, offering a beefed-up version of what we have already seen – specifically, the technology is a lot more automated and intelligent. These characteristics create new risks and opportunities, which in turn call for a transformation of our toolsets.
We’ve seen this pattern before. For example, with the movement to the cloud, organizations became more distributed. Whereas a traditional security solution might look like a firewall – which protects the organization by essentially setting up a perimeter around it – the move to the cloud created more fuzzy and nuanced parameters. Now, organizations have to think about all the various distributed assets they have so that they can protect them. In other words, the move to the cloud created new vulnerabilities and an expansion of the attack surface. For years security vendors have said that the cloud is not secure enough, but the operational model and value persisted and thus the security industry had to adjust to the legitimacy of the cloud as an integral part of the organization it needs to protect.
To a certain extent those claims amounted to fear-mongering. Indeed, there's always a level of alarmism in every platform transition, which we can see in the transition to LLMs (large language models) and gen AI. The resulting nervousness is evident within the enterprise, where there are a lot of LLMs in trial stages rather than production-grade use.
However, there is also a degree of truth to this fear. Generally speaking, the more a new platform is in use, the more it needs security measures and capabilities. Right now, there has been a broad platform shift to embedding gen AI or LLMs into software. And whether it's directly embedded or used as an embedded capability inside of an application, that environment needs protection.
With the meteoric rise of popularity in LLMs, there is an urgent need for adequate security protections to be put in place. And current security vendors, whether they're incumbents or new companies, have to think about how they will protect this new environment.
The impact of gen AI on the cybersecurity landscape can be divided into two main categories. The first is its effect on the current cybersecurity environment, and the second is the new types of vulnerabilities which emerge with the use of this technology. In this blog post, we focus on the first category. This area encompasses both threats and opportunities. Known threats, like phishing, may become significantly harder to counter, potentially making existing solutions obsolete and creating the need for a new technological approach. Conversely, areas where effective solutions lagged, such as vulnerability patching and management, might see material enhancements due to the use of gen AI.