I saw a pretty good post from the New York times HERE on the shift of both adversaries and defenders leaning hard on AI. This specific summary makes sense regarding how things are going today.
Offense: Bots and algorithms perpetrate much of the world’s cybercrime. Con artists use them to generate deepfakes and phishing scams. Want malware to steal someone’s data? A chatbot can write the code. Bots also cook up disinformation. As Israel and Iran fired missiles at each other last month, they also flooded the internet with A.I.-powered propaganda.
Defense: Cybersecurity companies use A.I. to intercept malicious traffic and patch software vulnerabilities. Last week, Google announced that one of its bots had found a flaw in code used by billions of computers that cybercriminals wanted to exploit — likely the first time A.I. has managed such a feat.
Bruce Schneier and many others have been talking about this future for many years and here we are, exactly as predicted. The path forward is adversaries training AI and agent managed agent attackers are performing red team exercises at machine speed. Defenders can’t manually address the pace and sophistication of these waves of attacks. Defenders must use AI managed defense teams to guide where to focus defense. That future AI vs AI battle will be the norm in the near future. Today’s roadmap of Offense and Defense AI usage, as stated in the New York Times and other current state of AI usage is leading towards that future.
Are we completely there yet? No, but it will happen. Those that are not thinking this way will find either a huge shift in failed defense or increasing technical dept to buy into an AI enabled SOC. Will it be disruptive to how your SOC functions today. Yup. But it must be done to keep up with this shift.