In a new report on the state of AI in cybersecurity, Mandiant has stated that although AI has the potential to pose a major threat in the future, currently cyber defenders are winning the war over artificial intelligence. The report highlights that AI tools have not yet been significantly integrated into cyberattacks, while defenders have been utilizing them to great effect.
Sandra Joyce, Vice President of Mandiant Intelligence with Google Cloud, stated that they have not responded to a single security incident where AI has played even a minor role. This suggests that attackers are still experimenting and trying to create services around AI, but have not been successful in implementing it in their attacks. On the other hand, defenders are actively leveraging AI tools to enhance their cybersecurity defenses.
Joyce further emphasized that cyber defenders currently have an advantage in leveraging AI tools. She believes that they are at a pivotal moment where AI can be a game-changer in strengthening cybersecurity measures. This advantage is evident in various applications, such as analyzing alerts for PowerShell scripts, writing YARA rules, and analyzing adversaries and smart contracts.
However, the use of AI by attackers for social engineering purposes has been observed. At the Black Hat 2023 conference, several presentations were made about AI or AI-related issues in cyberspace. While most of these presentations were theoretical and anticipatory in nature, there have been instances of threat actors leveraging AI tools for social engineering. For example, threat actors in multiple countries have been using generative adversarial network (GAN) images and fake profiles since 2019.
One notable threat actor consistently utilizing AI is a group called DRAGONBRIDGE, which is known for its vast social media operations aligned with the political interests of the People’s Republic of China. DRAGONBRIDGE has employed AI-generated imagery to negatively portray US political leaders and spread fake video news segments with an AI-generated presenter. However, these campaigns have not had significant consequences or impact.
The report highlights that AI tools are primarily being used by threat actors for information operations and social engineering. Malicious actors are using AI malware tools, such as WormGPT, to write more convincing phishing emails. Despite these attempts, cyber defenders have not observed a significant positive practical impact from these malicious AI applications.
The challenge for cyber defenders will be to fully capitalize on their advantage before attackers catch up. One potential solution is to utilize AI to enhance and multiply the capabilities of the existing cyber workforce. Instead of solely focusing on training and increasing the number of workers, the idea is to use AI to enhance the productivity and efficiency of each worker. This could lead to significant advancements in monitoring adversary infrastructure, creating content faster, and detecting and identifying potential threats more efficiently.
Overall, the report underscores the current advantage that cyber defenders have over attackers when it comes to AI in cybersecurity. They have successfully integrated AI tools into their defenses, while attackers are still experimenting and struggling to incorporate AI into their offensive tactics. However, both sides recognize the potential of AI in shaping the future of cybersecurity. As the field evolves, defenders must continue to innovate and leverage AI tools to stay ahead in this ongoing battle against cyber threats.