AI and Cybersecurity | A recap of the Oath's GC Conference on AI

Artificial intelligence has become a critical driver of technological innovation, transforming industries from healthcare to finance. Unfortunately, the same AI capabilities can be used by cybercriminals to exploit vulnerabilities and launch ever more sophisticated cyberattacks. 

In the conference we touched on the use cases for AI in the back and white hat environments. 

AI in Cybercrime

The following are examples of the dark side of AI: 

Automated Exploit Discovery

Cybercriminals can employ AI to analyse significant amounts of code rapidly, identifying potential “zero-day” vulnerabilities. The rapidity, sophistication and volume of these attacks increase as AI-enabled threat actors hone their methods using machine learning algorithms.

AI powered Phishing 

Phishing and social engineering attacks are now more convincing than ever thanks to AI-driven content generation. Attackers can customize emails, instant messages and websites to mimic the style and tone that specific targets are most likely to trust. This tailored approach often bypasses conventional spam filters, improving the success rate of phishing campaigns.

Deepfake Technology – “Mashing”

Deepfake software uses AI to superimpose someone’s face or voice onto an avatar. These attacks are extremely convincing and threat actors have used this technology to trick targets into transferring money, disclosing private information or carry out other actions based on falsified audio and video. The sophistication of deepfakes continues to rise, making it more difficult for organizations and individuals to distinguish genuine communications from fakes.

AI-Driven Malware

Malware can now be designed with AI capabilities that allow it to dynamically alter its attack vectors while avoiding detection – so called Polymorphic Malware. Through reinforcement learning and advanced problem solving, polymorphic malware adapts to cybersecurity tools, effectively learning how to camouflage itself and remain undetected for longer periods. With adaptive malware the defender ends up playing an endless game of Whackamole.

Exploitation of AI Bias 

Hackers are finding ways to exploit the features of AI itself through the manipulation of vulnerabilities and biases in the machine learning models to overcome security measures.

Botnet Automation

AI’s capacity to manage at huge scale makes the direction of legions of botnets easy, supercharging DDoS attacks. 

AI in Cybersecurity

As AI works in defence as well as attack the conference then looked at how cybersecurity teams were deploying AI enhancements to meet the shift in the threat and methods of attack.

Threat Detection and Response

Cyber defence teams are integrating AI into their cybersecurity arsenals to help identify and respond to advanced threats. Machine learning models can analyse network traffic and behaviour patterns in real-time searching out anomalies that might indicate a breach. 

Predictive Analytics

By analysing behavioural patterns and historical data, AI can better forecast likely attack vectors. Predictive analytics enables cybersecurity teams to pre-empt threats before they materialise providing the opportunity to improve and ready the defences. 

Enhanced Vulnerability detection 

While threat actors can use AI enhanced automated exploit to find vulnerabilities to attack the defenders can use exactly the same methods to find the same vulnerabilities and then patch them, hopefully before an attack is launched.

Automated Incident Response

AI-driven systems can be put in place to monitor systems and networks and then respond to incidents automatically by rapidly tracking the extent of the intrusion and deploying polymorphic counter measures – the mirror of polymorphic malware. By automating many of the tasks involved in incident response, organizations can plug holes quickly, thereby reducing the overall damage inflicted by a breach.

What’s around the corner? 

The conference took a look into the crystal ball to provide some predictions for an AI powered cyber future: 

• A rise in deepfake ‘mashing’ attacks – a foreseeable increase in the use of generative AI to generate entirely plausible deepfake voice and video scams;
• A rise in hyper-personalised phishing – AI’s ability to search without limits and analyse vast lakes of readily available personal data delivers the opportunity for intensely bespoke phishing;
• A rise in autonomous cyber attacks – the prospect of AI agents operating independently orchestrating reconnaissance, the development of attach strategies to fir the identified vulnerabilities and the deployment of polymorphic malware all without human interruption;
• A rise in AI Cyber warfare – nation states are at the forefront of the deployment of AI in espionage and in developing cyber weapons to target military networks, critical infrastructures and financial systems. We can also expect the use of AI enhanced deep fakes to destabilise and demoralise – the use of AI to conduct PsyOps. 

Bird & Bird’s cyber team in the GCC are expert in all aspects of cybersecurity from assisting clients with designing and implementing cyber resilience and ensuring regulatory compliance through decoding cyber insurance to dealing with incidents and their aftermath. The International Cyber team was established in 2010 by Simon Shooter who leads the Gulf cyber team. 

Contact us

If we can help, do not hesitate to contact us - Simon Shooter or Nick O'Connell.