In 18 months, we have gone from AI being emergent to vendors embedding it in every facet of technology. So much so that hardware manufacturers are redesigning products to accommodate on-board AI/LLM processing capabilities. In light of the rapidly changing landscape we wanted to dig deep into how these changes will force us to adjust how we operate securely in work and play.
Googling an answer, pre-ChatGPT, was the easy button. A quick search provided us tactile access to a wealth of information. LLMs have given us the ability to get an answer to any question within seconds; access to an “oracle” of this level has never been possible in the entire existence of the human race.
One problem. These AI Models are guaranteed to give ‘an answer’… however it might not be the ‘right answer’. They are only as good as the data they are trained on and how they are integrated with current, contextual, and “true” data. Bad and out-ofcontext data equals bad answers. We are already seeing the integration of LLM’s into “everything” pose unforeseen risks and damage to Fortune 100 companies.
Air Canada ran into issues where their new GenAI powered chatbot cost them money when it unintentionally misinterpreted a company policy and provided a refund it shouldn’t have. Google has walked back AI powered answers to search due to glue being suggested as a valid ingredient in pizza.
Despite these challenges, there is no question that this technology is powerful, valuable and transformative. How we work is already rapidly evolving and will be drastically different in just a few years. At its core, this technology is purpose built for accelerating the consumption and processing new information in the context of data it has previously seen. This skill combined with human inspiration and creativity is the fuel for innovation.
There is no doubt an AI assistant that knows every email, document, presentation, and meeting transcript will rapidly inform and accelerate the way we operate, move and think. Responding to an email or message will be even easier because your AI assistant can do more than half of it just as you would have done. This will without a doubt create more time for valuable work by drastically reducing the time it takes to perform mundane tasks.
We live in 2024. Every new advancement, technology, hardware, and tool creates several new cybersecurity attack vectors we never anticipated. New problems will continue to emerge that we have yet to discover or even dream of.
What do we know so far?
Social engineering is evolving and will become even more dangerous. Deep fakes make it even easier to trick people into giving up access and sensitive information. Politicians or loved ones can easily have their likeness copied and manipulated in almost perfect totality. A whole new sector of cybersecurity is emerging just to defend against deepfake based attacks.
Code-based cyber attacks will be quicker and more effective, autonomous AI agents will leverage numerous tools to scan a target environment, discover vulnerabilities, exploit those vulnerabilities, and deploy ransomware. They can be enabled to use documented engineering tactics and OSINT to manipulate and negotiate targets. With access to the internet, the ability to execute code, leverage multiple GenAI models, agents can negotiate payment terms, setup bank accounts, and receive payments anonymously.
Defending against AI that knows everything about you will be a new unpleasant challenge. Imagine an AI bot that can combine your social media presence, family details, location, favorite restaurants, and even your real-time health data to perform a social engineering attack against you?! Monitoring your heart rate in order to know what to prompt you with to manipulate you faster and more effectively… Is this Sci-Fi or how attacks will work in the near future?
For every amazing way AI will improve our lives and work in the future there will be more powerful and complex attack vectors that will emerge. Technology and AI will accelerate the world’s oldest story, the saga of good versus evil. It’s up to the engineers to essentially design against these types of attacks and it will always be the goal of adversaries to inflict the greatest amount of damage to obtain their objectives.
The Cybersecurity and AI teams at Converge are continually assessing the evolving landscape and integrating bleeding-edge technologies into our arsenal of capabilities. We believe it is paramount to stay up to date with the latest tactics, techniques, and procedures in our assessments and mitigation strategies. If we are not using the same AI/ML capabilities of the adversaries, we are doing our customers a disservice.