The 3 Pillars of AI in Cybersecurity

Artificial intelligence (AI) has taken the cybersecurity industry by storm, with vendors of all kinds working to integrate AI into their solutions. But the relationship between AI and security is about more than implementing AI capabilities—it’s about how both attackers and defenders are leveraging the technology to change the face of the modern threat landscape. It’s also about how those AI models are developed, updated, and protected. Today, there are three primary pillars of AI in cybersecurity—and as a growing number of organizations turn to security providers with AI-based solutions, it’s increasingly important to understand how that technology is actually being used.

Pillar #1: Defending AI Capabilities

As the adoption of AI-based solutions continues to skyrocket, businesses are increasingly recognizing that protecting those solutions must be a priority. AI solutions are trained on massive amounts of data (the more data, the more accurate the solution), which means an attacker who manages to breach one of those solutions might be sitting on a treasure trove of customer data, intellectual property, financial information, and other valuable assets. With attackers leveraging these attack vectors at a growing rate, the first line of defense for organizations is their ability to defend the AI models they are using on a day-to-day basis.

Fortunately, this problem isn’t a secret—in fact, the market for solutions specifically designed to protect AI models is growing rapidly, with a significant number of startups emerging over the past year or two. It’s also important to remember that while solutions like generative AI are relatively new, AI has been around for quite a while—and most AI solutions have some degree of security built into them. That said, organizations should always take any additional steps necessary to protect themselves and their data, and there is no shortage of third-party solutions that can help defend AI pipelines against attackers looking for an easy score.

Pillar #2: Stopping the Attackers Who Are Using AI

With AI growing increasingly accessible, it should come as little surprise that attackers are leveraging the technology for their own ends. Just as AI is allowing organizations to streamline their operations and automate tedious and repetitive processes, it is also helping attackers increase the scale and complexity of their attacks. In practical terms, attackers aren’t really using AI to carry out “new” types of attacks—at least not yet. But the technology is making it easier to engage in existing attack tactics at an extremely high volume.

For example, phishing scams are a numbers game—if just 1% of recipients click a malicious link, that’s a win for the attacker. But with the help of AI, attackers can apply an unprecedented level of personalization to their phishing emails, making them more convincing—and dangerous—than ever. Worse still, once an organization has been compromised (via phishing or other means), the attacker can leverage AI to analyze discovery data and create a decision-making process that makes propagation both easier and stealthier. The more attackers can automate propagation, the faster they can reach their objective—often before traditional security tools can even identity the attack, let alone respond to it effectively.

That means organizations need to be ready—and it starts with having solutions in place that can identify and defend against these high-volume, high-complexity attacks. While many businesses may have solutions in place to defend against phishing scams, malware attacks, and other vectors, it’s important to test those solutions to be sure they remain effective as attacks grow more frequent and complex. Security leaders must remember that it isn’t just about having the right solutions in place—it’s about making sure they are working as expected against real-world threats.

Pillar #3: Using AI in Cybersecurity Products

The final pillar is the one that security professionals will be most familiar with: cybersecurity vendors using AI in their products. One of the things AI is best at is identifying patterns, which makes it ideal for identifying suspicious or abnormal activity. A growing number of vendors are deploying AI in their detection solutions, and many are also leveraging AI to automate certain elements of remediation as well. In the past, dealing with low-level threats has been a tedious but necessary element of cybersecurity. Today, AI can automate much of that process, dealing with minor incidents automatically and allowing security professionals to focus on only the threats that demand direct attention.

This has added significant value to a wide range of security solutions, but it doesn’t happen in a vacuum. AI models need to be maintained, and it’s important to work with vendors that have a reputation for keeping their models consistently updated. Vetting potential security partners is critical, and organizations need to know how vendors work with AI: where their data comes from, how they avoid problems like inherent bias, and other factors can (and should) impact the decision on whether to work with a certain vendor. While AI solutions are gaining traction in almost every industry, they aren’t all created equal. Organizations need to ensure they are working with security partners who understand the ins and outs of the technology, rather than vendors who see “AI” simply as a marketing buzzword.

Approaching AI with Confidence

As AI becomes increasingly ubiquitous across the cybersecurity landscape, it is important for organizations to familiarize themselves with the ways in which the technology is actually being used. That means understanding both the ways in which AI can improve security solutions and the ways in which it can help attackers craft more advanced attacks. It also means recognizing that the data upon which today’s AI models are built needs to be protected—and working with vendors that prioritize deploying the technology safely and securely is critical. By understanding the three main pillars of AI and security, organizations can ensure they have the baseline knowledge needed to approach the technology with confidence.