Learning Library

← Back to Library

AI and Cybersecurity: Risks and Rewards

9m • Unknown Channel • security • tutorial • intermediate • Watch on YouTube ↗

Key Points

AI‑generated text can produce highly convincing phishing emails, undermining traditional language‑based detection methods.
Generative AI can automatically write code, which means it can also create and embed malware or backdoors into software if not carefully reviewed.
Hallucinations and prompt‑injection attacks cause AI systems to supply false or manipulated information, amplifying misinformation risks.
Deep‑fake technology can replicate a person’s appearance, voice, and mannerisms, enabling realistic identity spoofing and social‑engineering attacks.
To mitigate these threats, organizations must verify AI outputs, guard against over‑reliance, and implement robust security controls while still leveraging AI’s productive capabilities.

Sections

00:00:00 Untitled Section

Full Transcript

# AI and Cybersecurity: Risks and Rewards **Source:** [https://www.youtube.com/watch?v=cjy5jpRS_S0](https://www.youtube.com/watch?v=cjy5jpRS_S0) **Duration:** 00:09:58 ## Summary - AI‑generated text can produce highly convincing phishing emails, undermining traditional language‑based detection methods. - Generative AI can automatically write code, which means it can also create and embed malware or backdoors into software if not carefully reviewed. - Hallucinations and prompt‑injection attacks cause AI systems to supply false or manipulated information, amplifying misinformation risks. - Deep‑fake technology can replicate a person’s appearance, voice, and mannerisms, enabling realistic identity spoofing and social‑engineering attacks. - To mitigate these threats, organizations must verify AI outputs, guard against over‑reliance, and implement robust security controls while still leveraging AI’s productive capabilities. ## Sections - [00:00:00](https://www.youtube.com/watch?v=cjy5jpRS_S0&t=0s) **Untitled Section** - ## Full Transcript

0:00what are two of the hottest topics not 0:02only in I.T but in society these days 0:05well if you said artificial intelligence 0:09and cyber security 0:12I'd agree with you both are really hot 0:15in fact even your non-technical friends 0:17have heard of these and may be talking 0:19about them and asking you questions and 0:21I'm going to suggest to you this 0:23intersection between the two even hotter 0:26still so what are we going to talk about 0:27in this video I'm going to talk about 0:29what from a cyber security standpoint AI 0:32can do to you and what it can do for you 0:35so let's take a look at that I'm going 0:38to start with some of the downsides 0:39first and then we'll conclude with some 0:41positive things on the downside what 0:44could AI do to us from a cyber security 0:46standpoint well it turns out that a lot 0:50of times we're able to tell about a 0:51phishing attack because the English 0:53language of the rider is not so good 0:55it's not their first language however 0:58you could now go into a chat bot and use 1:01it to generate very natural sounding 1:03language even though you might say but 1:06but Jeff there are Protections in some 1:08of these chat Bots that if you tell it 1:10to write you a phishing email it won't 1:12do to it there are also ways of 1:14re-engineering your prompt so that you 1:16can get past that so this is one area 1:19where phishing attacks are going to get 1:21better and the ways that we've been able 1:23to detect them in the past are not going 1:25to be so effective anymore 1:26what's another thing well on the 1:28positive side this generative Ai and 1:31chat Bots and things like that are able 1:33to write code for us so if I want to I 1:35can have it write code and do it really 1:38quickly and effectively it also means it 1:41could write malware as well it also 1:43means it could insert malware into the 1:46code that I have it also means it could 1:48insert back doors into the code that I 1:50have so we got we have got to also 1:53verify when we ask it to write code for 1:57us then in fact the code that it's 1:59giving us is pure and is doing what we 2:01intend for it to do 2:02another thing it could do to us 2:05misinformation 2:06how does this happen well these are 2:09generative AIS so one of the things that 2:11they suffer from is this issue we call 2:13hallucination where it may make up 2:16information or conflate two things that 2:18are not really related to each other and 2:20give a false impression also we could 2:23have a determined attacker who is doing 2:25what's known as a prompt injection where 2:28they're inserting bad information into 2:30the system or they're attacking the 2:33Corpus that is the body of knowledge 2:35that the system is based on and if they 2:37were able to do that then what comes out 2:39would be wrong information so we have to 2:42be careful to guard against 2:43over-reliance and make sure that we're 2:45verifying and testing our sources so 2:49that we can make sure that they're 2:50trustworthy one other example I'll give 2:52you here and there are actually many but 2:54I think this one's particularly 2:55interesting is this idea of a deep fake 2:58a deep fake is where we basically have 3:01an AI system that is able to copy your 3:04image and likeness your mannerisms your 3:07voice your appearance all of these 3:09things to the point where someone is 3:12looking at a video of you and they can't 3:14tell if it really was an actual video of 3:17you or a deep fake where we could have 3:20you saying things that weren't true and 3:22therefore if we're going to trust this 3:24kind of system we need a way to verify 3:26these things but right now the Deep fake 3:28technology has gone so far ahead in a 3:31very short period of time that it's 3:33going to be hard to verify those kinds 3:35of things 3:36okay we've just talked about what AI can 3:39do to us now let's look at some 3:41positives what can AI do for us in the 3:43cyber security space it turns out a lot 3:46in fact we do a survey each year that we 3:50call the cost of a data breach survey 3:52and the report that came back this year 3:54indicated that the number one thing you 3:57can do to save on the cost of a data 3:59breach and improve your response time is 4:02the extensive use of AI and Automation 4:05and here's what it can do on the one 4:08hand it can save on average 176 million 4:12dollars per data breach with the average 4:15data breach costing four and a half 4:16million that's a significant savings 4:19it can also cut down the mean time to 4:22identify and contain a breach by a 4:25hundred and eight days that makes a big 4:28difference so we know this is effective 4:31now what are we doing to make these 4:33kinds of results well it turns out a lot 4:36of what we do in this space is to do 4:38better analysis 4:41we're going to analyze large data sets 4:44lots of information that we have out 4:46there it's very hard to find patterns if 4:48I give you a whole large data set but if 4:52I use a technology called machine 4:54learning I can do a lot better job of 4:56spotting outliers and anomalies which is 5:00what we want to do in security a lot now 5:02I mentioned machine learning what is 5:04that well if you think about AI in 5:06particular as this large sort of 5:09umbrella term with a number of 5:10Technologies involved well Machine 5:12learning is a subset of that that 5:16specifically deals with some of these 5:17kind of analyzes that I've just referred 5:20to machine learning is what is often 5:22used in the security space we do it a 5:25lot because again it's very good at 5:27spotting anomalies and outliers and 5:29patterns and that's what we need a lot 5:31of in the security space so we're doing 5:33a lot of this today and a lot of these 5:36results come from leveraging machine 5:38learning which is a subfield of AI what 5:42else I mentioned automation well AI can 5:45help us in the automation task as well 5:47and I'll give you a few examples coming 5:49up but some of the things it can do is 5:51anticipate what we need to do next and 5:54some of those kind of things really 5:56start coming in from the area of deep 5:59learning which is a subfield of machine 6:01learning and then now this really new 6:03area that everyone is talking about 6:05these days Foundation models or you may 6:08hear them called large language models 6:10generative AI chat Bots they all exist 6:14in this space down here what can we 6:16start doing as I said security has 6:18mostly leveraged this in the past what 6:22can we start doing to leverage some of 6:24this stuff going forward well it turns 6:26out a lot of things because one of the 6:28things that Foundation models are really 6:30good at is summarizing 6:32they can be fed a lot of information and 6:36then it can give you a very quick 6:37summary of that why would that be useful 6:40well if you've got tons of documents 6:42you're trying to review it could give 6:43you the net the cliff notes of that 6:46another good use case for this would be 6:49incident summarization and case 6:51summarization if I'm seeing lots and 6:52lots of cases in my environment this 6:55kind of Technology could be used to tell 6:58me what are the trends among those cases 7:01are these things all related or are they 7:02all very different and my guess is 7:04they're probably at least a few things 7:06that are similar about these so that's 7:08an another nice use case that we'll see 7:11coming in the future from generative AI 7:14Foundation models into cyber security 7:17some other things we can do we know 7:20these kind of chat Bots are good at 7:21interacting 7:25so you can respond to them in natural 7:28language you don't have to format your 7:30queries using a particular query 7:32language or using a particular syntax 7:34you use the natural language that you're 7:37used to so for me I would state in 7:40English 7:41what are we being affected by this 7:43particular kind of malware and maybe 7:46what it could do is build a query for me 7:48that I can then run into my environment 7:50and it comes back and tells me am I 7:52affected or not and I can then ask more 7:55questions tell me more about this kind 7:56of malware what kind of indicators of 7:58compromise are there that are associated 8:00with this all of that stuff gives me a 8:04very easy intuitive way to get 8:07information that is highly technical out 8:09of the system and do this much faster 8:11another thing we might want to do is 8:14generate playbooks 8:17playbooks are the things that we use in 8:19incident response when we're trying to 8:21figure out what do we need to do once 8:23we've had an incident so generating 8:25these on the Fly generative AI 8:28generating playbooks you can see where 8:30there might be some type of crossover 8:32this is a good use case also for this 8:35technology so expect to see more of that 8:37and in fact there could be other types 8:40of things where we're using generative 8:42creative technology because these things 8:44really are creating for instance with 8:46threat hunting 8:48a threat Hunter is basically coming up 8:51with a hypothesis and saying I wonder if 8:53someone were to attack us maybe they 8:55would do the following things 8:57and we have a limitation in terms of our 9:00imagination sometimes the bad guys may 9:02dream up scenarios that we don't so it 9:05might be useful to have a system that 9:07can dream up scenarios we didn't think 9:09of using a generative AI to generate 9:12hypothetical cases that we then go out 9:15and automate and do a threat hunt in our 9:17environment this is all really super 9:19exciting stuff I think and it shows 9:22exactly what we'll be able to do in this 9:24space because what we want to be able to 9:26do is move away from being purely 9:29reactive to a more proactive 9:32way of doing cyber security and that's 9:35the good news in this story we've got Ai 9:38and cyber security and if they're 9:40working together as you see here we can 9:42end up with a more proactive Solution 9:45that's more cost effective and keeps us 9:47all much safer 9:49thanks for watching if you found this 9:51video interesting and would like to 9:53learn more about cyber security please 9:54remember to hit like And subscribe to 9:56this channel