Post

DSC Conference Day 3

Posted
Preview Image
By Roald Brunell 5 min read

AI Impact on Cybersecurity and Privacy

This presentation was given by Dragan Pleskonnjic, Senior Director in Application Security, and Vladimir Jelic, Senior Manager in Application Security.

Currently, cybercrime losses amount to 10.5 Trillion USD, while only 1.75 Trillion USD is invested in cybersecurity. The forecast predicts a growth of 23.4% in cybersecurity investment over the next 10 years.

It’s worth noting that 40% to 45% of Copilot code has security vulnerabilities. Malicious hackers have already started using AI, while defenders are only beginning to adopt it. AI is already being used for phishing and creating deepfakes.

Hoodem, an unlimited deepfake generator, is one such tool. There are also projects like IBM’s Black Mamba, an AI that can generate polymorphic malware that changes itself, DeepLocker, an AI-powered stealthy malware, and WormGPT, a generative malware generator.

There are many datasets on the internet that have modified vectors, often state-sponsored, that break AI learning models.

Fighting against Cybercrime with AI

To combat cybercrime with AI, several strategies can be employed. These include the weaponisation of AI countermeasures, risk management that takes these risks into consideration, and the inclusion of means for detecting and protecting against AI attacks in security processes and tools. Better regulations are also needed.

Challenges

The challenges in this field include dealing with too many false positives and the remediation of actual attacks.

Solutions

Some of the solutions include INPRESEC (Intelligent Predictive Security), a network and endpoint security system that detects anomalies in behaviour and predicts attacks, and Glog, a solution that provides remediation advice based on context to automatically fix vulnerabilities in software code. Another strategy is to predict who will be the next victim by processing huge amounts of data, both internal and external.

The last part of the presentation was a product demonstration.

Unlocking Security with Seif.ai

by Uros Arsenijevic, Product Owne, Seif.ai

We were presented a marketing stunt for Seif.ai with no valuable insight into cybersecurity and no actual learning material.

Improving Cybersecurity Posture with the Help of an AI Security Assistant

This presentation was given by Goran Gvozden from Poslovna Inteligencija. He introduced a tool called CYBER4DE.

Cybersecurity posture refers to a measure of an organization’s ability and overall strength to protect against and respond to cyber attacks. It includes people, processes, and technology.

There are key challenges in this field, such as vulnerability and threat management, a lack of understanding of threats, and a lack of contextual information, among others.

Solution

The solution is part of the Cyber4De project, which is funded by the EU. It consists of:

  • An AI assistant that streamlines and automates the process of bridging vulnerability and threat management.
  • The use of the MITRE ATT&CK knowledge base to identify and assess threats and security risks. This knowledge base is globally accessible and free to use.
  • Core components include embeddings, data orchestration, Q&A retrieval, a conversational interface, and vector stores/databases.

Future Improvements

In the future, they plan to:

  • Integrate with other security tools and platforms.
  • Fine-tune the Language Model (LLM) for cybersecurity.
  • Enhance interactivity.
  • Adopt a multimodal approach to analyze and interpret different types of data (images, text, audio, video).
  • Implement format-agnostic processing to map cybersecurity incident reports regardless of data format.

Conclusion

AI can help in simplifying the complexity of cyber threats for easier understanding and in automating and streamlining processes.

Applying AI for Threat Detection in the World of Cybersecurity

This presentation was given by Aleksa Stojanovic from MDZ Inzenjering.

Traditional cybersecurity methods are becoming obsolete, and new methods are needed. Unlike Data Analytics, which is a static process that analyses large data sets to draw conclusions, AI systems are dynamic and learn from the more data they get.

The traditional approach to cybersecurity is based on rules and signatures of incoming traffic, compared to pre-defined databases of known threats. The problem with this approach is that it can’t adapt quickly to new threats. The new approach is based on machine learning. AI systems learn from data and can dynamically detect new threats.

AI offers several advantages. It can reduce costs due to automation and improve scalability due to the vast amount of data it can process. It also allows for the detection of subtle indicators, assuring a proactive defense.

Other advantages of using AI in cybersecurity include advanced threat detection, real-time analysis, automation of routine tasks, behavioural analysis, reduced false positives, and improved incident reporting.

There are several use cases for AI in cybersecurity:

  • Threat detection and prevention: AI can identify unusual user behaviour such as clicking on phishing links and inside threats.
  • User behaviour analytics: AI can provide automatic responses to threats.
  • Vulnerability assessment and management: AI can identify and manage security vulnerabilities.
  • Predictive analytics: AI can predict future threats based on current data.

When not to use AI

However, there are situations when AI may not be the best solution:

  • When dealing with small or outdated datasets.
  • When there is no expertise in AI in the organisation.
  • When the infrastructure is old.
  • When there are no hardware or cloud resources available.

Prompt engineering panels

The first panel was all about being a smart engineer rather than a prompt engineer. Know when and how to use it, learn to learn about subjects and don’t just mindlessly use GPT

The second panel talked about AI art generation and how it is not taking artist’s jobs, but rather adding another layer of complexity. Creating a comic book with AI isa actually very hard and requires a lot of work.

The third panel was all about cracking user intent and the art of effective prompts. Balance complexity with over-simplification. Too much or too little info are both bad.

Semestre 5
This post is licensed under CC BY 4.0 by the author.