15 Ways AI Will Boost Cybersecurity

AI will have a profound impact on cybersecurity – for good and ill.

If you are responsible for keeping your organisation’s data safe, it is worth spending time understanding how AI will change cybersecurity.

AI Will Help Programmers Deliver Safer Code

AI pair programmers such as GitHub Copilot supercharge developer productivity by completing code written by humans.

A 2021 study found that around 40% of code generated by GitHub Copilot for the study contained security vulnerabilities; however, the major AI firms have been working at pace to reduce such issues.

Before long, AI-generated code is likely to be safer than code written by the average human coder.

AI will also get better at reviewing existing human-written code for vulnerabilities, suggesting alternative, safer code. This will increase the likelihood that security bugs will be fixed – because fixing them will become quicker, easier and cheaper.

These AI coding tools won’t just be applied to new code but also to old code being refactored.

Over time, AI may become skilled at improving code security without breaking functionality, leading to AI programming agents being trusted to fix some security bugs without prior human involvement.

Penetration Testing will Get Cheaper and More Thorough

Penetration testing, where an external team of experts probes an organisation's systems for security flaws, is expensive. Most businesses can’t afford it.

AI will come to the rescue, allowing firms to benefit from automated AI-powered ethical hacking – probably as a service. Cheap, automated security audits may become standard requirements for cyber insurance policy coverage or business interruption policies that include cyber coverage.

This AI-powered approach will allow penetration tests to be more thorough and frequent, resulting in more issues being fixed more quickly.

Nuanced Threat Detection with Fewer False Positives Than Rule-Based Checks

Traditionally, security works by looking for content or behaviour signatures. AI will be able to focus on a broader set of signals, joining the dots across distributed data sets such as logs on different machines, attacks on multiple applications running on a given server, odd network traffic spikes and out of character requests from users.

Better Phishing Detection

It will get harder to spot phishing attacks as attackers will use AI to craft credible human-like content. However, AI will help humans see the subtle signs that remain, partly by tying together information from multiple mailboxes and threat intelligence from vendors and peers.

This should enable generic messages like ‘You don’t often get emails from info@ms-feedback.com’ to be replaced with more specific warnings, such as ‘This email appears to come from Microsoft, but @ms-feedback.com isn’t one of their domains. This is likely to be a phishing attack’ etc.

In some cases, AI may choose to block such emails from even being shown to the user.

AI Will Give You Ridiculously Knowledgeable IT Interns

Since 2022, the flagship AI models have been known for ‘zero-shot’ approaches that take a single question and provide a single answer. AI experts predict this will soon change with a shift to agent-like behaviour that’s more persistent, proactive and task-oriented.

You’ll eventually be able to tell such AI agents, ‘Upgrade our email server from Windows Server 2012 to Windows Server 2016,’ or ‘Tell me what on that server needs patching.’

Patching won’t be the only thing IT-focused AI agents improve. They’ll help ameliorate the IT skills shortage – speeding up many IT tasks and allowing less knowledgeable IT staff to execute more complex tasks.

This won’t happen immediately, as agents will need to get many subtasks right to achieve the desired result. Getting a subtask right 90% of the time may not be sufficient unless course correction is possible in subsequent steps at minimal cost. So, the first generation of AI agents may not be particularly useful. However, subsequent ones may be able to tackle meatier tasks successfully.

Local AI Chips Will Allow More Thorough End-Point Protection and Response

Currently, devices limited computational power limits how thorough security vendors can be. The computational power of AI chips will allow security vendors to be far more computationally greedy in future, with AI models able to crunch far more data for warning signs.

Threat Hunting By AI

When did you last check the logs of your Windows Server or firewall?

Not recently? You’re not alone. Most logs are ignored most of the time, meaning indicators of compromise are often missed until it’s too late.

AI will be able to monitor logs for you, bringing relevant concerns to your attention, without overwhelming you with false alarms. AI cybersecurity agents will undertake elements of the role currently undertaken by Security Information and Event Management (SIEM) and eXtended Detection and Response (XDR) tools.

AI – Your Conversational Cybersecurity Oracle

Imagine if you could ask your IT security system questions by chatting to it in standard English.

Well, you can today by subscribing to Microsoft Copilot for Security.

Instead of memorising command line prompts, you can just ask Copilot what you want to know in plain English. This will make Security-related investigations far quicker and easier.

Many system administration tools will add similarly intuitive natural-language chatbot interfaces.

These will speed up IT work and enable less experienced IT staff to get more done with fewer errors.

Subject to being granted appropriate permissions, they may be able to deputise for the IT administrator - updating firewall rules and access control lists, isolating compromised devices, modifying user permissions and group memberships, and scheduling security scans and updates.

AI Monitoring of Security Cameras

Most CCTV footage goes unseen. It’s uneconomical to pay humans to watch every feed. But AI can do so, recognising unusual events and flagging them up for human review – in real-time or in retrospect.

Biometrics

In-person AI-enabled facial and fingerprint biometrics are likely to grow in popularity. Voice biometrics will fall from favour as deepfakes become more realistic.

More Convincing Honeypots

Large organisations sometimes prepare for attacks by setting up honeypots – decoy systems designed to smoke out attackers, so their attack footprints can be studied and their traffic potentially blocked from real systems. AI will make these honeypots more realistic, so attackers are less likely to realise they’ve been conned. For example, databases may contain realistic (but fake) customer data, and virtual computers may see a more realistic network environment.

Dynamic Security Measures (Context-Aware Security)

The triggering of security measures, such as two-factor authentication requests and session suspensions may end up being given over to AI, replacing the traditional approach of applying a static set of rules.

Instead of everyone having to use multi-factor authentication every time they login, AI may be able to take account of broader contextual clues to remove authentication checks that aren’t necessary and add additional checks where appropriate, even mid-session.

End-Point Based AI-Assisted Web Filtering

Most web filtering decisions occur at the network level. Once AI-capable chips make their way into users’ laptops and desktops, additional intelligent filtering may be feasible on local devices. Web browsers will be able to recognise phishing attempts by analysing website text and behaviour, not just ask a web service whether the requested website address is on a suspicious sites blocklist.

AI-optimised chips will be in most new desktops, laptops, and tablets within the next five years. The chips are extremely power efficient, extending battery life significantly. This will drive adoption of such chips.

Automated Incident Response

Advanced hackers will use AI agents to automate their attacks, shrinking the time you have to respond. Human-led responses may soon be too slow. As AI improves, we’re likely to see AI-powered cyber defence functions from security vendors become standard. These will take on functions from End-point Detection and Response / eXtended Detection (XDR), mirroring some of the benefits of SOAR (Security Orchestration and Response).

Large firms often employ Security Operation Centres (SOCs) to sift through the deluge of security alerts their IT systems generate. The SOC then investigates issues of concern, and responds. AI will create an automated, poor man’s version of that.

Personalised Cybersecurity Training

Most cybersecurity training is often canned and generic. It’s the same for every employee in the organisation. AI could allow the training to be tailored to the individual, showing real-world examples of phishing emails the user has received and ones tailored to the user’s job role.

AI-Powered Cybersecurity Is Inevitable

It’s inevitable because it will make good cybersecurity affordable to a far broader range of organisations.

It’s inevitable because it will significantly speed up patching, security auditing and coding, while cutting the costs of patching, auditing and coding.

It’s inevitable because it will make life easier for in-house IT teams, programmers and service providers at no net marginal cost.

It’s inevitable because it will be more available than the human-powered equivalent, which is dependent on cyber-skills that are in short supply.

It’s inevitable because ‘white hat’ AI use will be needed to counteract ‘black hat’ use of AI.

The end result will be a step-up in cybersecurity, one that’s long overdue, made affordable by AI.