Cybersecurity May Come Down to Fighting AI Fire with AI Fire

The ongoing cybersecurity battle between the attackers and companies and governments doing their best to defend against cyber-attacks has entered a new and potentially more dangerous phase. Both attackers and defenders now have access to artificial intelligence (AI). Attacks are becoming more sophisticated, but could new AI-based defensive tools do a better job of anticipating what is coming?

“In 2024, a typical energy organization, such as a gas or electricity utility, received over 1,500 cyberattacks, triple the number only four years earlier,” said the International Energy Agency (IEA) in AI and Energy, a report released in April. The report looks at AI from a global perspective, including data centers and how they increase demand for electricity to power AI apps. Another section of the report deals with AI, cybersecurity and possible effects on utilities.

“AI acts as a force multiplier in both directions, enhancing threat detection and enabling more responsive protection on the one hand while simultaneously empowering adversaries with tools for sophisticated attacks on the other,” the IEA report finds.

The report lists real-time detection tools, automated responses when attacks occur and improved detection of phishing attacks as tools leveling the playing field for defenders. The report points to blackout incidents in several parts of the world due to defenders’ inability to detect malware and anticipate attacks.

At the same time, attackers could use AI to automate their attacks and avoid detection.

“Historically, cybersecurity has always been reactive … Attackers can try endlessly, with virtually no cost for failure, while defenders must protect everything, and even one small mistake can be catastrophic,” said co-founder and managing partner of Team8, a venture capital firm specializing in AI and cybersecurity, in CTech, an Israeli-based online technology publication. “But what will this battle look like when both sides are equipped with AI-based tools? For the first time, is there a real chance to close the gap that has grown at an alarming rate over the past decade?”

Perhaps surprisingly, some sources believe that AI tools ultimately will give the defenders the greater advantage.

Hassan Rehan, a technology researcher with Purdue University, is among those developing a “modular framework” within cloud architecture to detect threats in real time. “His designs focus on adaptability, transparency, and speed, which allow for cloud-native environments to go beyond risk mitigation and dynamically adapt to sophisticated changes in attack patterns,” according to an online article in Analytics Insight.

Functions within Hassan’s frame would include modeling of certain users’ data-collecting behavior over a given period; a “risk-scoring” method to determine the seriousness of certain anomalies; an automated decision-making system to determine when to issue an alert or quarantine, and “model retraining pipelines” to update the cloud as novel attack methods appear.

NRTC cybersecurity partner SilverSky in 2024 entered a collaboration with MIT Connection Science to develop AI tools for cybersecurity.  “This has always been an area that I wanted SilverSky to be a part of by partnering with some of the best mathematical minds in the world to help better protect our customers,” said SilverSky President Cary Conrad following the announcement.

“This initiative addresses the growing need for end-to-end security in AI systems, via leveraging a patchwork of technologies across the AI supply chain, particularly in the face of increasingly sophisticated threats,” MIT Connection Sciences says on its website. “The focus is on innovative techniques such as private RAG [retrieval augmented generation], verifiable model evaluations and secure credentials to safeguard digital spaces.”