In almost every segment of our lives, AI (artificial intelligence) is now making a significant impact: It can deliver better healthcare diagnoses and treatments; detect and reduce the risk of financial fraud; improve inventory management; and serves the right recommendation for a streaming movie on Friday night. However, one can also make a strong case that some of AI’s most significant impacts are in cybersecurity.
AI’s ability to learn, adapt and predict rapidly evolving threats has made it an indispensable tool for protecting the world’s businesses and governments. From basic applications like spam filtering to advanced predictive analytics and AI-assisted response, AI serves a critical role on the front lines defending our digital assets against cybercriminals.
However, the future for AI in cybersecurity is not all rainbows and roses. Today, we can see the early signs of a significant shift, driven by the democratization of AI technology. While AI continues to empower organizations to build stronger defenses, it also provides threat actors with tools to craft more sophisticated and stealthy attacks.
In this blog, we’ll review how the threat landscape has changed, trace the evolving role AI plays in cyber defense, and consider the implications for defending against attacks of the future.
AI in Cybersecurity: The First Wave (2000–2010)
As we welcomed the new millennium, the initial stages of digital transformation began to affect our personal and professional lives. In most organizations, knowledge workers did their work within tightly managed IT environments, using desktop and laptop computers, along with on-site data centers that formed the backbone of organizational IT infrastructure.
The cyber threats that gained prominence during this time focused mainly on sowing chaos and gaining notoriety. The early 2000s witnessed the birth of malware such as ILOVEYOU, Melissa and MyDoom, which spread like wildfire and caused significant global disruptions. As we moved into the mid-2000s, the allure of financial gains led to a proliferation of phishing schemes and financial malware. The Zeus banking trojan emerged as a significant threat, secretly stealing bank credentials from unsuspecting users.
Organizations have relied heavily on basic security controls, such as signature-based antivirus software and firewalls, to try to fend off intruders and protect digital assets. The concept of network security began to evolve, with improved intrusion detection systems making their way into the cybersecurity arsenal. Two-factor authentication (2FA) was added at this time, adding an extra layer of security for sensitive systems and data.
This is also when AI first started showing significant value to defenders. As spam email volumes exploded, unsolicited – and often malicious – email clogged email servers and inboxes, tempting users with get-rich-quick schemes, illegal pharmaceuticals and similar lures. tricked into revealing valuable personal information. Although AI still sounded like science fiction to many in IT, it was an ideal tool for quickly identifying and quarantining suspicious messages with previously unimaginable efficiency, helping to significantly reduce risk and regain lost productivity. Although in its infancy, AI has shown glimpses of its potential to help organizations protect themselves against rapidly evolving threats at scale.
AI in cybersecurity: the second wave (2010–2020)
As we transitioned into the second decade of the millennium, the makeup of IT infrastructure changed significantly. The explosion of SaaS (software-as-a-service) applications, cloud computing, BYOD (bring your own device) policies and the rise of shadow IT have made the IT landscape more dynamic than ever. At the same time, this has created an ever-expanding attack surface for threat actors to explore and exploit.
Threat actors have become more sophisticated, and their goals have broadened; intellectual property theft, sabotage of infrastructure and large-scale monetary attacks have become commonplace. More organizations have become aware of nation-state threats, driven by well-funded and highly sophisticated adversaries. This, in turn, drove a need for equally sophisticated defenses that could autonomously learn fast enough to stay one step ahead. Incidents such as the Stuxnet worm targeting Iranian nuclear facilities, and devastating attacks on high-profile companies such as Target and Sony Pictures, gained notoriety and underscored the growing stakes.
At the same time, the vulnerability of supply chains has come into sharp focus, illustrated by the SolarWinds breach that had consequences for tens of thousands of organizations around the world. Perhaps most notably, ransomware and sweeper attacks have increased with notorious strains like WannaCry and NotPetya wreaking havoc worldwide. Although relatively easy to detect, the volumes of these threats required defenses that could scale with speed and accuracy at levels far beyond a human analyst’s capabilities.
During this time, AI emerged as an indispensable tool for defenders. Cylance led the charge, founded in 2012 to replace heavyweight legacy antivirus software with lightweight machine learning models. These models are trained to quickly and efficiently identify and stop malware. AI’s role in cybersecurity has continued to expand, with machine learning techniques used to detect anomalies, flag unusual patterns or behavior that indicate a sophisticated attack, and perform predictive analytics to anticipate and prevent potential attack vectors.
AI in Cybersecurity: The Third Wave (2020-present)
Today, a profound shift is unfolding around the use of AI in cybersecurity. The ubiquity of remote work, along with hyper-connected and decentralized IT systems, has blurred the traditional security perimeter. With a boom in IoT (Internet of Things) and connected devices – from smart homes to smart cars and entire cities – the attack surface has expanded exponentially.
Amidst this background, the role of AI has evolved from merely a defense mechanism to a double-edged sword that is also employed by adversaries. While commercial generative AI tools, such as ChatGPT, have sought to build guardrails to prevent bad actors from using the technology for malicious purposes, adversaries such as WormGPT have emerged to fill the gap for attackers.
Potential examples include:
AI-Generated Phishing Campaigns: With the help of generative AI, attackers can now create highly convincing phishing emails, making these fraudulent messages increasingly difficult to identify. Recent research also confirms that generative AI can save attackers days of work on each phishing campaign they create. AI-assisted target identification: By using machine learning algorithms to analyze social media and other online data, attackers can more effectively identify high-value targets and tailor attacks accordingly. AI-Driven Behavioral Analytics: AI-powered malware can learn typical user or network behavior, enabling attacks or data exfiltration that evade detection by better mimicking normal activity. Automated vulnerability scanning: AI-powered reconnaissance tools can facilitate autonomous scanning of networks for vulnerabilities, automatically selecting the most effective exploit. Smart data sorting: Instead of mass copying all available data, AI can identify and select the most valuable information to exfiltrate, further reducing the chances of detection. AI-assisted social engineering: The use of AI-generated deepfake audio or video in vishing attacks can convincingly impersonate trusted individuals, lending greater credibility to social engineering attacks that persuade employees to reveal sensitive information.
The unfolding of this third wave of AI highlights a crucial inflection point in cybersecurity. The dual use of AI—both as a shield and a spear—highlights the need for organizations to stay informed.
Closure
The evolutionary journey of cybersecurity highlights the relentless ingenuity of threat actors, and the need for defenders to remain well-equipped and informed. As we move into a phase where AI serves as both an ally and a potential adversary, the story becomes more complex and fascinating.
Cylance® AI has been there since the beginning, as a pioneer in AI-driven cybersecurity and a proven leader in the market. Looking ahead, we at BlackBerry® are constantly pushing the boundaries of our Cylance AI technology to explore what’s next on the horizon. Keep an eye on our upcoming blog where we’ll delve into how generative AI is entering the scene as a powerful tool for defenders, providing a new lens to anticipate and counter the sophisticated threats of tomorrow.
The future holds great promise for those willing to embrace the evolving tapestry of AI-powered cybersecurity.
Subscribe to the BlackBerry Blog for similar articles and news delivered straight to your inbox.
Related reading
Note – This article was expertly written by Jay Goodman, Director of Product Marketing at BlackBerry.
Disclaimer for Uncirculars, with a Touch of Personality:
While we love diving into the exciting world of crypto here at Uncirculars, remember that this post, and all our content, is purely for your information and exploration. Think of it as your crypto compass, pointing you in the right direction to do your own research and make informed decisions.
No legal, tax, investment, or financial advice should be inferred from these pixels. We’re not fortune tellers or stockbrokers, just passionate crypto enthusiasts sharing our knowledge.
And just like that rollercoaster ride in your favorite DeFi protocol, past performance isn’t a guarantee of future thrills. The value of crypto assets can be as unpredictable as a moon landing, so buckle up and do your due diligence before taking the plunge.
Ultimately, any crypto adventure you embark on is yours alone. We’re just happy to be your crypto companion, cheering you on from the sidelines (and maybe sharing some snacks along the way). So research, explore, and remember, with a little knowledge and a lot of curiosity, you can navigate the crypto cosmos like a pro!
UnCirculars – Cutting through the noise, delivering unbiased crypto news
