Amidst the growing concerns and excitement surrounding the integration of Artificial Intelligence (AI) in cybersecurity, Michael Sikorski, the CTO of Unit 42, shares his insights on the offensive and defensive impacts of AI in the field.
In a recent discussion, Sikorski highlighted the imminent threat posed by AI in the realm of cyberattacks. He emphasized the alarming potential of AI in supercharging social engineering attacks, particularly phishing and business email compromise. According to Sikorski, AI-powered phishing attacks are becoming increasingly sophisticated, leveraging target-specific information to craft authentic messages that deceive recipients. He expressed his concern, stating, "I think this will be short-lived and phishing will take the number one spot again due to AI."
Looking ahead, Sikorski outlined the evolution of malicious actors' AI offensive capabilities, foreseeing the creation of malware using AI language models and the manipulation of AI/ML systems through data poisoning. He warned of a future where AI enables automated, scalable attack campaigns on a massive scale, surpassing current human-level campaigns.
Despite the looming threats, Sikorski also shed light on the potential of AI in bolstering defensive cybersecurity measures. He envisioned AI/ML advancements leading to a reduction in exploitable software vulnerabilities through automated testing and remediation during development. Sikorski emphasized the importance of leveraging AI to enhance proactive defense efforts, such as threat hunting, and monitoring key performance indicators to assess the effectiveness of AI in driving down costs and identifying new threats.
As the cybersecurity landscape continues to evolve with the integration of AI technologies, Sikorski's pragmatic insights serve as a valuable guide for organizations seeking to harness the benefits of AI while mitigating emerging cyber threats.