In his opening keynote at Black Hat USA, Jeff Moss, founder of Black Hat and DEFCON, highlighted the evolving landscape of artificial intelligence (AI) and its implications for cybersecurity. Moss acknowledged that while there have been significant advancements, there are still familiar challenges that persist in the field. He emphasized that AI presents both opportunities and risks that need to be carefully navigated.
One aspect that Moss found particularly intriguing about AI is its ability to make accurate predictions. He noted that the cost of creating AI models is constantly decreasing, making it easier for organizations to leverage this technology. Moss stated, “If you think it’s easy to create an AI model now, wait ten years.” He encouraged attendees to capitalize on the benefits of AI by reframing their IT problems as prediction problems, thus accelerating the adoption of AI in their organizations.
To illustrate this idea, Moss drew a parallel between the progress of AI and the development of smart cars. Just as smart cars make predictions about acceleration, braking, and turning based on models of human behavior, AI can enable similar decision-making processes in cybersecurity. The ability to predict and anticipate threats can significantly enhance the effectiveness of security measures.
Moss also touched upon the publication of a Blueprint for an AI Bill of Rights, which promotes responsible AI innovation and carries substantial implications for cybersecurity. He noted that governments have often lagged behind emerging technologies in the past, but the proactive approach towards AI presents an opportunity for stakeholders to participate in shaping the rules and regulations surrounding this technology. Moss emphasized the importance of consulting with others and seeking input on various aspects of AI, such as accountability, training data, and responsible algorithms.
Addressing the issue of unstructured data, Moss referenced recent news about Zoom updating its terms of service to use customer data for training its AI models. Moss expressed his concern about the lack of an opt-out option and questioned whether this would become the next battleground for internet rights. He pondered on the ethical implications of scraping unstructured data from websites and training AI models without explicit consent. Moss suggested that the unrestricted use of unverified data could result in a scarcity of authentic information, making it harder to distinguish between genuine and fabricated content.
Prompting further reflection, Moss asked the audience if they were willing to pay a premium for authentic human craftsmanship in areas such as art or music. He believed that the cybersecurity community would play a crucial role in ensuring the integrity and accuracy of AI representation. He envisioned a future where businesses would create and sell AI models, while cybersecurity professionals would act as gatekeepers, safeguarding against potential misuse or abuse of the technology.
Moss concluded his keynote by encouraging attendees to view AI not just as a source of problems, but also as a realm of tremendous business opportunities. He urged professionals to actively participate and contribute to shaping the future of AI, emphasizing the importance of responsible and ethical innovation. Moss’s thought-provoking insights served as a call to action for the cybersecurity community to embrace AI and guide its development for the benefit of society.