The recent mass media frenzy for ChatGPT has led many to believe that AI is a “here and now” technology that will soon permeate enterprise and consumer products. In fact, many believe that Microsoft’s $10 billion investment in OpenAI, the company behind ChatGPT, will see AI fully and fully integrated into his Microsoft product line, from Office365 to Xbox. people expect
The company has already integrated ChatGPT into its Bing search engine and GitHub Copilot, announced that ChatGPT is now available on its Azure OpenAI service, and is considering further integration into its Word, PowerPoint, and Outlook apps. .
But is AI becoming mainstream in security? The majority of the last decade has seen advances in AI in the world of cybersecurity. Companies such as Cylance (acquired by Blackberry), Darktrace and others advertised their AI-based security technology on billboards and signs along his 101 near Black Hat and his SFO in 2017 and 2018. I was.
From my perspective in the venture world, the pervasiveness of AI has only scratched the surface of the cybersecurity market. But to do a sanity check, I recently spoke with more than a dozen top CISOs, security executives, and practitioners. Their feedback confirmed my initial thoughts about AI in the early stages of the market. But what’s more interesting to me is that these experts were divided on where AI plays a significant role today.
AI in the cybersecurity market
As all my experts have pointed out, today’s AI requires humans to classify large amounts of data, reduce “background noise”, and otherwise be very difficult and time consuming to discover. Great for finding patterns and anomalies.
AI is also good at creating new threat variants and patterns based on past modeling. But AI is no good at predicting the future. While it may help show what future attacks might look like, it can’t produce definitive results that indicate whether a particular exploit will unleash.
Another widely held belief among experts is that the AI hype is ahead of reality. All vendors are talking about AI, but executives believe that AI has little (or no) integration in most of the products they use today.
As one of F500’s prominent security officers put it: For example, AI could be a secret sauce within her SIEM technology or complement threat detection and threat hunting activities. But my skepticism is due to the lack of transparency. ‘ If this seasoned and experienced manager doesn’t know ‘Where’s the beef’, where’s the reality of today?
Perception is reality, they say. So what do these industry experts know, or conversely, where is the reality of AI today?
A common belief among people I have spoken to is that AI is and will be valuable when large datasets become available for both training and real-world use cases. Experts see SIEM, email phishing detection, and endpoint protection as the three segments where AI is most likely to play a more important role today and continue to provide value.
In the SIEM/SOAR category, AI now plays a role, sorting through massive amounts of security event data to help humans detect and respond to threats and exploits more quickly. In particular, Splunk was named as the leading AI-enabled provider in this segment. Again, this view was not universally agreed upon by experts, but most believe that AI permeation is most likely more relevant here than in other categories. was
In the Email Filtering and Anti-Phishing category, you can use large amounts of email data to train systems from companies like Proofpoint and Mimecast to effectively detect the many phishing attacks that reach your inbox. Some executives I spoke to believed AI was powering these products. But at the same time, some questioned whether AI was the driving force behind classification and detection.
Endpoint companies have been using data collected from millions of machines to train their systems for years. Previously, these systems generated signatures for pattern matching across the install base. These products can now use AI to detect more dynamic exploits.
While no AI-based system can detect all zero-day attacks (as I said, AI can’t predict the future), these new offerings from companies like CrowdStrike are closing the gap more effectively. are recognized to exist.
One F500 executive I spoke with was 100% convinced that CrowdStrike was the best example of a company demonstrating the value that AI can bring. Meanwhile, two of her CISOs said he had no evidence that AI was actually built into this vendor’s endpoint products, despite paying customers.
From the three segments and disagreements above, it’s clear that there is a problem with the cybersecurity industry. Despite marketing claims, if some of the industry’s top executives and practitioners are ignorant of whether AI is being deployed and driving value, what are the rest of us driving key defenses? How do we know if there is, or do we care?
Perhaps just abstract the underlying technology and see the results. If the system prevents him 99.9% of all attacks, does it matter if it’s AI-based? I think it is because many of the attacks we see are AI driven and standard defenses don’t hold up.
AI as a problem solver
Looking to the future and other security segments, AI will play a key role in identity and access management, helping to spot anomalous system access. One CISO hoped AI could help finally solve one of today’s thorny areas: insider threat. Additionally, AI is believed to help partially automate some of the responsibilities of the red team, and possibly all activities of the blue team.
One topic was the threat of attackers using ChatGPT and other AI-based tools to create malicious applications and malware. But another researcher used these same tools to build better defenses, generating examples of malicious code before the bad guys actually used it, and then using those examples to build defense systems. suggested that it may help infecting
Another concern is that AI-generated code, without proper curation, can be just as buggy as code written by trained humans. This creates more vulnerable code than possible and introduces new problems that AI-based vulnerability scanners address.
A final key point was the belief that Microsoft, Google, Amazon, and others would provide the underlying AI algorithms. Smaller cybersecurity players own the data and front-end products that customers interact with. But the back-end brains will be leveraging technology from big companies. So, in theory, an AI-based security company would technically never own AI.
We are in the early stages of the penetration of AI into security defenses. AI has existed in the research community for decades, but the technologies and platforms that make it practical and deployable are only emerging in the last few years. But what will things look like in the next 5-10 years?
I have a clear investment theme for AI-enabled cybersecurity solutions, which I believe will become broader and deeper in the enterprise over the next decade. From my professional point of view, the general idea is that AI will become a reality in multiple segments, including his three above.
Experts believe AI will become increasingly important in all segments of security, but more likely in areas such as:
- fraud detection
- Network anomaly detection
- Discovery of deep fake content, including company websites and social media assets
- risk analysis, and
- Compliance management and reporting (in fact, AI can bring new compliance headaches to organizations as AI-focused regulations create the need for new processes and policies)
There is a great deal of uncertainty about where AI today will be in cybersecurity solutions, what it will and will not do. But I believe this uncertainty will push entrepreneurs to create a new wave of products to help them navigate this new frontier. may cover all software products that
Certainly, AI applications over the next five to ten years will be attractive. Today’s hype may be more than real, but as this market evolves, many surprises await.