How might I convince you that I’m human? Or do you suspect I am Artificial Intelligence? I can tell you that I’m working on the introduction to this article, enjoying the sounds of my fingers tapping at the keys. The sky is blue and cloudless outside my window. There’s a mild breeze—just enough to stir the ends of the palm fronds that bow toward the pavement below.
These words, as you read them, are data. Like a computer, when I receive input, I am capable of outputting data; in this case, an article about the implications of Artificial Intelligence.
But what if that input includes your organization’s most valuable assets? Who would you trust more to tell you your data is secured against inventive, aggressive hackers: a human collaborator, computer software… or something else entirely?
Get serious about cyber defense.
What is AI?
Artificial Intelligence refers to the field of study devoted to creating software that can simulate human cognition. There are three sub-types of AI:
- Artificial Narrow Intelligence (ANI): Also known as Weak AI, ANI can learn basic algorithms to perform single (or narrow) tasks. In other words, humans input massive amounts of data, and ANI outputs trained responses. ANI does not understand or “learn” from tasks to transfer information to other tasks. This type of AI makes up the vast majority of what we see today in the form of reactive machines, such as facial recognition and product recommendations, as well as limited memory machines, like self-driving cars.
- Artificial General Intelligence (AGI): AGI earns its alias as Strong AI by allowing machines to perform multifunctional tasks in ways that rival a human’s use of their full range of cognitive abilities. AGI mimics human thinking patterns, sensory perception, contextual understanding, creativity, and more. It also reasons and self-learns, facilitating the transfer of knowledge to new tasks, making it increasingly smart. To date, an AGI does not exist, but ChatGPT may be setting the stage.
- Artificial Super Intelligence (ASI): While still only a theory, Super AI combines complex cognition and processing with self-awareness and rapid problem-solving. At full force, ASI will have complete human intelligence, but then also be able to learn exponentially faster than people. This rapid adaptation is predicted—and feared—to be able to surpass human intelligence and even overtake humankind, which has sparked recent global conversation about AI governance. Remember the sci-fi movies Ex Machina; I, Robot; or Blade Runner?
It can be tempting to compare generative systems to pensive androids of Hollywood lore. However, unlike fictional characters, today’s AI is not capable of critical thinking or feeling. Its models are entirely dependent on human input—but that also means that when hackers are at the wheel, the risks to IT security are daunting.
Hackers’ Paradise
AI is quickly becoming a generative tool for hackers to process massive amounts of data and produce comparable content in a matter of minutes. Chatbots, for example, can appear indistinguishable from a human, making them invaluable for phishing and social engineering attacks.
One of the most common ways to spot a phishing email is looking for errors in spelling and grammar. But chatbots produce mostly grammatically correct text, eliminating a major red flag when you’re scanning your inbox. They can also scan a backlog of company communications and generate an email consistent with a certain tone, making it even harder to detect malice.
AI’s lack of semantic understanding and inability to process complex code has also led to significant code vulnerabilities in AI apps, including “cheats” that can trick the model into writing malware, bypass security controls, and become poisoned with misinformation over time.
While there is AI detection software on the market, human minds behind the machines are always innovating ways to get around safeguards—and that includes hackers. Between June 2022 and May 2023, over 100,000 compromised ChatGPT accounts appeared on dark web marketplaces. This has already posed a significant risk to enterprises that use the chatbot to revise proprietary code, proof sensitive correspondence, and prepare legal documents, though OpenAI has denied responsibility.
Leaning Into The AI Learning Curve
While AI solutions are being heavily marketed worldwide, their developers are still in early stages of fully understanding their power and, more importantly, their vulnerabilities. As the “godfather of AI” issues warnings himself, organizations must decide when and how to explore this new and powerful frontier.
As with all major developments in the digital world, it’s inevitable that cybercriminals will step up and exploit consumers’ learning curve and governments’ modest pace at regulation. All the more reason to shore up your first line of defense.
Whether your organization is dipping its toes into AI already or taking a wait-and-see approach, a robust IT Security Assessment, as well as a Red Team Assessment, are the best ways to assess your organization’s vulnerability against human-led, AI-empowered cybercrime. Addressing technical, human, and physical attack vectors with real-world challenges, the team at BAI Security can help you prepare to defend against fast-emerging AI technology.
Reach out today to learn more!
