Multimodal AI, a technology that integrates various types of media and domains, is being utilized by both attackers and defenders in the cybersecurity space. This innovative approach allows attackers to create convincing scams while enabling defenders to identify fraudulent emails and unsafe content more effectively.
Researchers at cybersecurity firm Sophos presented their findings at the Virus Bulletin Conference on Oct. 4, showcasing how a large language model (LLM) can accurately classify new samples of emails impersonating different brands with over 97% accuracy. This metric, known as the F1 score, demonstrates the effectiveness of multimodal AI in spotting sophisticated attacks that traditional security systems may miss.
While this technology may not be directly integrated into email-security products, it serves as a valuable tool for security analysts to use as a late-stage filter. Ben Gelman, a senior data scientist at Sophos, emphasizes the importance of AI in enhancing cybersecurity practices, stating that this fusion of AI-generated attacks and defenses is becoming standard in the industry. By supporting security operations center (SOC) analysts with AI-based tools, organizations aim to improve efficiency and equip analysts with the necessary knowledge to combat evolving threats.
On the flip side, attackers have also begun harnessing LLMs to enhance their malicious activities. Major tech companies like Microsoft, Google, and OpenAI have warned about nation-state groups utilizing public LLMs for creating spear-phishing lures and code snippets for cyberattacks. In response to this emerging trend, the Sophos research team developed a platform that automates e-commerce scam campaigns using generative AI models. This platform demonstrates the potential for large-scale microtargeting campaigns facilitated by AI, highlighting the need for enhanced cybersecurity measures to counter such threats.
While these AI-driven attacks present new challenges, defenders are also leveraging LLMs to improve email processing and threat detection. By incorporating text and image inputs, multimodal AI enhances the accuracy of phishing detection and aids analysts in identifying unseen threats. The contextual understanding of emails enabled by LLMs equips defenders with a more comprehensive view of potential security risks, particularly in critical business workflows involving financial transactions or sensitive data.
Anand Raghavan, vice president of AI engineering at Cisco Security, emphasizes the exponential advancement of attackers’ capabilities due to AI tools like GPT. With attackers employing sophisticated social-engineering techniques and rapid innovation cycles, defenders need to stay vigilant and adapt their strategies to mitigate evolving threats effectively.
Despite the benefits of multimodal AI, its widespread adoption faces challenges related to cost and data requirements. Gelman underscores the need for careful consideration when implementing LLMs at scale, as the technology demands substantial resources for training and may encounter conflicts between different modalities like text and images.
In conclusion, the convergence of AI and cybersecurity presents both opportunities and challenges for organizations seeking to defend against modern cyber threats. By leveraging multimodal AI technologies and staying ahead of cybercriminals’ evolving tactics, defenders can enhance their security posture and protect sensitive assets in an increasingly digital landscape.