Artificial Intelligence: Thoughts on AI in Life, Cybersecurity, and Our Imaginations

The advent of the Large Language Models (LLMs) has ushered in a new era of possibility and hyperbole in almost every industry and walk of life. Cybersecurity is hardly immune as is evidenced in advertising and marketing campaigns, product messaging and launches, industry “thought leadership” pieces — written and spoken, and everyday conversations. AI has become an inescapable topic that (seemingly) everyone is an expert or an authority on. I am neither an expert nor am I an authority on Artificial Intelligence — that is the real of the data scientist and the hardcore mathematician. I am, however, someone who has used, continues to use, and builds products and services that leverage this area of applied data science along with others to address myriad challenges and concerns that to one extent or another are related to the Internet Threat Landscape and adversaries (threat actors) who operate within it.

Cybersecurity is an area that I believe I have an expertise in — specifically in those areas related to threat research & intelligence analysis (and production), mitigation, prevention, and of course the building of product lines and services …and on occasion companies that address these matters in a variety of ways. It’s an area of study, skill, art, and passion that I love and continue to love even when it does not love me back (more on that later) which I believe is critical to ensuring that modern society can continue with as little disruption as possible. As a result, for many years at many organizations I have been a part of, the adoption and use of applied data science including earlier generations of AI have become more and more common. The reasons are many and varied but in the end the goal is to create swifter action (and acquisition of answers to challenging questions) in a time frame that is as small as possible resulting in the highest degree of actionability (with confidence and quality at the forefront) possible.

Things have not changed all that much with respect to the reasons AI and other forms of applied data science continue to be developed, incorporated, and used in our space (as is the case in many other industries as well). However, there are changes that have occurred in the last year or so that have had a material impact on the conversation around AI — the release and availability of several LLMs including those provided by OpenAI, Google, Microsoft and others that have driven specific and pedestrian conversations to new heights and destinations.

Naturally, many of the topics in our industry (specifically) related to AI see two primary positions being taken up. The first position, sees the infinite possibility for adoption and use to make people (and their organizations) lives and jobs easier over time despite often being faced with the reality of fewer experienced staff members being present and accounted for on their teams or the ability to identify, hire, and put into action qualified candidates. In short, this first position advocates the benefits and merits of AI as a force multiplier; a time saver that reduces the analytic burden within organizations that have less experienced junior staff who face complicated scenarios and sophisticated adversaries regardless of their readiness or preparedness. And though I do not believe AI will solve all any one organizations issues or challenges in the areas I have described above, I do believe it can help (and often does) in addressing many.

The second, sees all the same possibilities and benefits that the first one acknowledges for defenders while acknowledging (at the same time) those same benefits and more for adversaries, in addition to unintended consequences related to AI (ethics, governance, hallucinations, exploitability etc. -many of which have been noted, reported, observed, and proven out to one extent or another).

As for me, I believe there are benefits associated with AI though again, I do not believe that AI solves all issues in all areas of business and life as that is just silly, wishful thinking (and rather naïve). No, I believe that it affords benefits and at the same time it can and has afforded those with bad intent to evolve at rates that have yet to be realized. The net effect has yet to be understood but rest assured, it will become more apparent in short order. Imagine what would occur if OpenAI’s Chat GPT, for example, were adopted grossly and then — through some savvy exploitation and compromise of OpenAI’s infrastructure and assets, their source code were compromised or the infrastructure used in the development, maintenance, and distribution of their models were compromised by a well-funded, highly motivated adversarial actor with time and resources on their side and a willingness to see yet another supply chain infiltration of magnitude come to fruition.

I think (and believe) that more research across disciplines is required in terms of how AI is being developed, trained, leveraged, and ultimately safeguarded (in addition to the world being safe guarded from rogue or errant AI) from exploitation, compromise, and weaponization. We owe it to ourselves to perform due diligence; to ask the hard questions, and to challenge those who only ever advocate for the benefits without acknowledging the potential for weaponization and more of something as powerful as AI.