The threat posed by malicious use of generative AI tools, especially large language model-based (LLM) chatbots, has prompted various governments to take action.
The EU and Canada are working to enact legislation to regulate AI practices, the Data & AI Act and the EU AI Act, respectively, while the UK and US are committed to working with AI developers, but are not binding. Some regulations have not yet been announced. .
The latter two governments are set to participate in what UK Prime Minister Rishi Sunak describes as “the first major global summit on AI safety” to take place in the UK in autumn 2023.
During Infosecurity Europe, John Giamatteo, President of BlackBerry Cybersecurity said: Information security What he expects from the upcoming summit, the role the cybersecurity industry should play in securing AI practices, and why government intervention should encourage innovation rather than stifle it. I will publish it in a magazine.
Information security Magazine: Threat actors primarily used large-scale AI chatbots to create convincing phishing campaigns en masse and create polymorphic malware. Which of these two misuses are you most concerned about?
John Giamatteo: I am particularly concerned about the former. The fact that they can create more full-blown phishing attack schemes, adapt them to target specific victims, and increase the likelihood of employees making bad decisions is alarming. is.
Especially given the current circumstances in which such social engineering attacks can be deployed. Ten years ago, threat actors were only attacking his PC. The attack surface has expanded significantly, including mobile phones, servers, the cloud, and social media.
IM: How should the cybersecurity industry respond to these new threats?
JG: Our industry in general should be more cooperative. We have come a long way, but we have made great progress. Today, the average enterprise probably has six or seven security solutions working together. The new threats posed by AI will only force us to work together even more.
Companies that can add more value to this equation are companies with AI expertise, such as Cylance AI from Blackberry Cybersecurity. Traditional signature-based security companies are probably not in a position to help mitigate AI risk.
First, we need to give security operations center (SOC) analysts the right tools and capabilities, consolidating them into a single console and making them easier to use.
IM: How should governments be involved in mitigating AI risks?
JG: I’m generally not a fan of government intervention or regulation of private technology, but I think this will involve government more than other innovations.
This is a good thing because AI tends to make more profound changes than many other revolutions and requires guidelines. The higher the risk, the more the government needs to get involved. This time the risks are very high.
In addition, governments can also facilitate cooperation. The AI Summit in the UK, where the UK and US will lead the global AI standards and parameters, is a great example. I am sure they will enlist many other organizations for that mission.
IM: What do you expect from this AI Summit from a cybersecurity perspective?
JG: I would like to see host countries set not regulations, but thought-provoking parameters and recommendations on how to safely manage this new environment.
Hard-line mandates telling private companies what to do may be a bit of a stretch at this stage.
We also believe we will get input from security companies, especially those already leveraging AI.
In a way, we are subject matter experts on AI technology. Given the billions of threats that have been collectively seen using our AI security tools, and the millions of endpoints we protect around the world, we have taken the time to draft these recommendations. Very helpful.
IM: Does it mean that the EU, which recently adopted an AI law with severe restrictions on the practice of AI, chose the wrong approach?
JG: It’s not my place to make an opinion about who is right or wrong here, but government intervention should certainly encourage innovation, not stifle it.
What I’m looking for is a collaborative approach. I hope these countries can maintain an open dialogue, learn from each other, and innovate the best.
BlackBerry Cyber Security has confirmed that it is in contact with the organizers of the AI Summit.
