The irony of it all is that productive AI encourages professional actors to fall back on the established benefits of traditional techniques of exploitation, interference, and disruption. After all, those established methods are tied to a known risk-benefit change and this is the only way sophisticated offensive players can avoid taking on the additional uncertainty associated with the use of LLM.
CISOs: ignore the alarm and live in the real world!
Amidst so much alarming talk about the potential threat of productive AI, it is critical that CISOs stop panicking and embrace a realistic view of how the new technology interacts with known scenarios in the attacker-defender relationship. AI will likely not see the realization of a cybersecurity revolution so offensive that it may see the gradual emergence of tools for both defenders and attackers to change the small details of their operations.
Naturally, CISOs need to be aware that this dynamic applies to the defender almost as much as it does the attacker. Standard automation helps the defender more than it does the attacker. After all, the defender knows exactly what the full scope of the war zone (ie, networks, personnel, etc.) will be in the event of future considerations. But attempts to use LLMs for active defense or other tasks that require flexible, creative input are likely to suffer from the same unpredictability as the attacker’s AI-augmented compromise tasks.
Source link