Since we covered so many topics, I thought it would be helpful to summarize our discussion from a high level.
AI: Hype versus reality, and the broader risks we face
We started our fireside chat by jumping straight into AI, which has the potential to
revolutionize cybersecurity
. We’re already seeing benefits in areas such as malware analysis, where as a demonstration of its capabilities, we were able to use AI to help us reverse engineer WannaCry and find its killswitch in a single pass ?
in 34 seconds
.
- We began by discussing concerns about how some security leaders and organizations are focusing on micro-risks such as
model poisoning and prompt injection
while neglecting
broader issues
.
- Those bigger issues can be thought of as three key pillars of AI risk: data management (which includes training, fine-tuning, parameters, and testing), AI software lifecycle management, and operational risk of deployment (including input and output guards, and circuit breakers.)
- Kevin clarified that AI will not replace all security jobs: There's no single AI model that will work for everyone, and each organization will need to control their own models and biases.
- We’re now entering into the “data as code” era, where the importance of data management in AI will play a growing and crucial role in AI systems.
AI applications in security
- Generative AI looks like it will have an impressive impact on cybersecurity. Gen AI models such as Google Cloud’s SecLM, which can help with tasks such as the aforementioned malware decoding, vulnerability analysis, and secure code generation, will need to be governed by a risk-management foundation such as our
Secure AI Framework
in order to maximize impact and mitigate risk.
- AI has the potential to
improve mundane workflows
, especially with incident write-ups and analysis.
- Mandiant now uses AI for threat intelligence, report generation, and investigation acceleration, while still emphasizing the need for human oversight and transparency in AI-driven decisions.
- Gen AI and traditional machine learning have the potential to create remarkable impacts on anomaly detection.
Why CISOs matter
- As an industry, we are shifting to a risk-based approach to security. The ability of AI to assess and mitigate risks could help facilitate a move from maturity-based security programs to risk-based models. Combined with concerns over data security risks and operational risks, this could further evolve the role of CISO to a “chief digital risk officer.”
- CISOs can help drive the use of AI to advance institutional checks and balances, especially with risk and compliance. AI could be used to help with identity and access management, privileged reviews, and separation of duties.
- AI systems should be tested, just like any other system. AI can be used to evaluate the security and efficacy of other AI and it can act as an input and output guard. Still we need to use
human red teams
to ensure trust and safety, and to find edge cases.
- We can expect to see opportunities for CISOs to take on more responsibility in areas such as software security and AI governance, leading to increased empowerment and a more strategic role.
Defending against nation-state attacks, using regulations to achieve goals
- Defenders need to use AI to advance their security goals if for no other reason than malicious actors are using AI to find vulnerabilities and launch zero-day attacks.
- Especially in light of the recent Cybersecurity Review Board report, industry collaboration can play a vital role in promoting higher standards for tech companies.
- This is where umbrella organizations such as the CSA can help: As an industry, we need clear and consistent standards for cloud providers and SaaS companies to drive security uplift and manage change.
- Not all security objectives are directly related to cybersecurity. We must be able to balance issues such as data sovereignty and localization, and ensure that they support security goals. To do so, we need clear delineation and appropriate controls for each objective.
If you missed us at RSAC, you can use our
insider’s guide
to revisit Google Cloud keynotes, panels, and presentations from the conference. To learn more, you can contact us at
Ask Office of the CISO
and come meet us at our
security leader events
.