Defense in Depth
Is AI Benefiting Attackers or Defenders?

We've been mired in endless discussions on how Adversaries and Defenders are (or could be) taking advantage of AI. Does one side have the upper hand? Or is this just a continuation of the endless "cat and mouse" game adversaries and security professionals play?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, producer of CISO Series, and Geoff Belknap. Joining them is their sponsored guest, Rob Allen, chief product officer, ThreatLocker.

The promise and perils of LLMs

The use of artificial intelligence (AI) in cybersecurity is a double-edged sword, potentially benefiting both security professionals and threat actors. According to David Houchin of CohnReznick, AI can help security teams, but it also compounds risk, saying, "AI helps us act out decisions with alacrity, and to that end, the risks are the same but with greater speed. Data leakage now happens at a massive scale within the blink of an eye." While machine learning has been used for years to classify threats automatically, the increased complexity of large language models (LLMs) brings greater capability and risk. “LLMs take the complexity up a level, providing more capability but greater risk. LLMs don’t ‘think’ and should not be trusted for important decisions," said Vaughan Shanks of Cydarm Technologies. 

A boon for defenders

There’s a compelling argument that AI tools shift the balance of cybersecurity toward defenders. As Ahsan Mir of Rapticore explains, while attackers traditionally had the advantage of choosing when to strike, AI is helping defenders overcome their traditional challenges, saying, “Defenders often needed more context, skills, and time, struggling to process everything rapidly. With AI, defenders gain a substantial edge, acting as an ‘always-on purple team,’ supporting the blue team in proactive threat detection and response.” This isn’t just hypothetical; there are real-world benefits we’re ready to take advantage of. “With AI, we can triage alerts and vulnerabilities faster and more accurately. It also helps us answer security questionnaires, reducing the cost of responding to them. And we can reply, in a scalable way, to questions asked of our security team by having an AI tool take a first pass,” said Sean Cassidy, CISO at Asana.

Raising the bar

Not everyone is so convinced that AI gives defenders an advantage. For Jeremiah Owen of That Cloud Group, there’s a basic reliability question, "The downsides to AI, like hallucinations, bias, bad data, all it does is mean they are a little bit less likely on their attack working. But on an AI unattended defense, having a hallucination means missed events. One missed event has the potential to do serious damage.” Outside of hallucinations impacting defenders, AI tools also raise the cybersecurity poverty line for all organizations, something the industry already struggles to reach. "Attackers have the upper hand because AI makes it much easier to exhaust the attacker search space, therefore significantly increasing the level of security fundamentals needed in a system for it to remain uncompromised on the Internet," said Felix Matenaar of Asana.

Muddying the waters

Beyond the implementation of AI tools by defenders and attackers, wider questions exist around the foundation models that power them. "The real concern I have lies in the unchecked visibility foundation model companies could gain akin to nation-state intelligence over populations and economies. We’re just scratching the surface of what this AI footprint means for operational security, privacy, and identity,” said Immanuel Chavoya of RiskHorizon.ai. We’ve already seen the confusion that deepfakes can cause in organizations. For Conner Biolsi of Lewis County, this also raises a more foundational question, "I am most worried about truth and trust in our everyday experience and reality. How are we, as humans, going to adjust to this? There’s an inevitable degradation of trust where we won’t necessarily know the source of content and whether it is truth."  

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the full episode.

Thanks to our podcast sponsor, ThreatLocker

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

Super Cyber Fridays!
Join us Friday [01-24-25], for "Hacking Platformization"

Join us Friday, January 24, 2025, for “Hacking Platformization: An hour of critical thinking of how stitching together data, tools, and processes is necessary for the success of your security program.”

It all begins at 1 PM ET/10 AM PT on Friday, January 24, 2025 with guests Elad Koren, vice president, product management, Palo Alto Networks and a special guest (that means we’re still in booking mode). We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Palo Alto Networks

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Bil Harmer, operating partner and CISO, Craft Ventures.

Thanks to our Cyber Security Headlines sponsor, Nudge Security

Cyber chatter from around the web...
Jump in on these conversations

"There is no way to secure GenAI. Is this true?" (More here)

"The life of an Information Security Analyst" (More here)

"Which cybersecurity domain brings the most value to a company? Seeking opinions on specializations" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [01-24-25] Hacking Platformization

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.