Research
Ilya Kabanov

National Academies on AI and cybersecurity

The National Academies of Sciences, Engineering, and Medicine just published its view on the Implications of Recent Advancements in Artificial Intelligence for Cybersecurity.

Highlights:

  • AI represents a turning point for cybersecurity, with near-term risks and long-term potential.
  • AI-driven cyber capabilities are advancing faster than the ability to measure them.
  • Cybersecurity will need to improve rapidly to meet the short-term challenge.
  • Some interventions may help mitigate risk and buy time but are unlikely sufficient on their own.
  • Over the longer term, AI may enable a fundamentally stronger defensive posture.

My takes:

  1. The authors politely conclude that "AI may widen the near-term gap between attackers and defenders." It's a definitive "attackers are already benefiting from AI capabilities."
  2. The risks for non-tech companies is elevating faster and higher, because they have less levers for risk management. They're at the mercy of software vendors, hoping that they find a vulnerability fast enough and give time to patch.
  3. The measurement of AI capabilities from cyber perspective is lacking. Current benchmarks are sporadic and try to measure on the spot what is cool now, but don't provide a systematic view on security outcomes.

Sources:

Implications of Recent Advancements in Artificial Intelligence for Cybersecurity