Since its unveiling in November 2022, ChatGPT has placed artificial intelligence in its strongest-ever positioning within the tech space.

However, the capabilities these AI tools offer can’t all be used positively. That’s where adversarial AI comes in, and it might well pose a significant threat to cybersecurity.

“In the industry, we’ve been talking about things like adversarial AI for quite a while,” said Michael Sentonas (pictured), president of CrowdStrike Inc. “Could there be a scenario where adversaries were using AI to create malware very quickly and very cheaply, thus reduce the cost and complexity? People have been talking about how adversarial AI could effectively circumvent a lot of the countermeasures that we use.”

Sentonas spoke with theCUBE industry analyst Dave Vellante at the RSA Conference, during an exclusive broadcast on theCUBE, SiliconANGLE Media’s livestreaming studio. They discussed the new cybersecurity threats to the enterprise and how AI tools can facilitate them. (* Disclosure below.)

Defending against this new vulnerability: the CrowdStrike perspective

The primary job of cybersecurity defenders is to think ahead of the enemy, proactively reasoning out the entry points they can exploit given the capabilities available. AI has made that job considerably more difficult, according to Sentonas.

“From a generative AI perspective, one of the things that gives me concern is the opportunity for attackers to rapidly create malware that’s constantly changing and dynamically evolving,” he said. “That way, they can circumvent any safeguards, especially those that are primarily based on signature tech.”

This trend is especially visceral because cybersecurity companies often use AI to do their job. In response, CrowdStrike has put in place measures to prevent those same capabilities from being turned into a vulnerability, according to Sentonas.

“From a CrowdStrike perspective, we leverage our AI models to defend against adversaries, but we also have built-in capabilities to prevent misuse and make sure they can’t fall victim to a lot of the attackers,” he said. “The main reason why we have a number of different models that we use simultaneously is so that you don’t have a single point of failure.”

On the positive side, large language models are impacting processes such as threat hunting and discovery. The industry just needs to lower existing skill barriers so that more hands are on deck battling cybersecurity threats, Sentonas added.

“The natural language searches that we can build into our products make it easier to do things like threat hunting and to traverse threat intelligence, which can be somewhat complex,” he explained. “We just need to lower the barrier to get people to become better cybersecurity professionals.”

Another important point is the role of the human element in successful attacks. Adversaries are patient, and part of their strategy involves surveilling a target for long periods and building a relationship that they can exploit to, for instance, gain access credentials, Sentonas added.

“There is a whole bunch of attacks that involve social engineering,” he said. “They involve profiling the target. I befriend you online, I connect to you and talk to you. After a couple of hours, weeks or months, I get you to run something on your machine. People need to understand that there’s a huge human element to this.”

Here’s the complete video interview, part of SiliconANGLE’s and theCUBE’s coverage of the RSA Conference:

(* Disclosure: This is an unsponsored editorial segment. However, theCUBE is a paid media partner for the RSA Conference. Sponsors of theCUBE’s event coverage do not have editorial control over content on theCUBE or SiliconANGLE.)

Photo: SiliconANGLE