AI’s Growing Role in cybersecurity: Opportunities and the Need for Vigilance
Artificial intelligence is rapidly becoming a critical component of cybersecurity, offering organizations new capabilities to address evolving threats. However, its implementation requires careful consideration, especially regarding vendor practices and internal accountability.
CISOs are recognizing AI’s potential to accelerate security evaluations. According to Dave Kubalsky, organizations are moving towards “going faster and faster in our evaluations” of AI-powered solutions as both threats and defenses evolve. This acceleration allows for quicker adoption of promising new technologies,such as deepfake detection. Kubalsky’s team proactively engaged with deepfake detection startups approximately two years ago, anticipating the increasing prevalence of deceptive content – a bet that has proven successful.
AI can also facilitate proactive threat hunting and response. By monitoring the startup landscape, security teams can identify and integrate innovative capabilities before they become widespread threats.
Though, the integration of AI isn’t without its challenges. A significant concern is the lack of transparency from some vendors. Nelson noted that many are deploying AI interfaces without informing their clients, raising questions about data usage. he expressed concern that vendors may be using entrusted data to train their models or combine it with data from other clients.
This lack of transparency underscores the need for heightened vendor accountability. According to Smart, thorough vetting is crucial. She consistently presses vendors for clear answers regarding data usage, access controls, and data handling procedures upon contract termination. “If they’ve not got absolutely instinctive, positive, immediate answers to that, the call’s done,” she stated.
To address these concerns and capitalize on AI’s potential, organizations may need to invest in internal innovation. Nelson believes that building in-house engineering capabilities is essential, stating, “Since we’re not getting what we need from our vendors, we’re going to have to jump into some innovation and engineering in-house.”
Despite the advancements in AI, human expertise remains vital. Pearlson predicts that by 2026, managers will have greater control over the AI environments within their organizations. She emphasizes that people are essential for the responsible implementation and oversight of AI in cybersecurity, even as automation increases.
