The Black Hat USA 2023 security conference in Las Vegas focused heavily on generative AI, revealing new product announcements and delivering keynotes about the growing impact of this technology. The event opened with an introduction from Jeff Moss, the founder of Black Hat and DEF CON, followed by a keynote speech from Maria Markstedter, the founder of Azeria Labs. Markstedter’s keynote, titled “Guardians of the AI Era: Navigating the Cybersecurity Landscape of Tomorrow,” explored the transformation and challenges that generative AI brings to the security industry.

During her speech, Markstedter highlighted the intense competition among corporations to dominate the market as the world shifts towards new technologies. The vendor show floor at Black Hat showcased numerous references to AI, generative AI, and large language models (LLMs). A significant announcement came from Jeff Moss and DARPA, who introduced the “AI Cyber Challenge” (AIxCC), a two-year competition designed to push computer scientists and software developers to develop AI-powered cybersecurity tools.

The AIxCC competition will take place over the next two years, with the semifinals and finals held at Black Hat in 2024 and 2025, respectively. The top five teams in the semifinals will receive a prize of $2 million each, while the top three winners in the final round will be rewarded with prizes of $4 million, $3 million, and $1.5 million, based on their rankings.

DARPA’s AIxCC program manager, Perri Adams, emphasized the potential of this technology to impact cybersecurity positively when used responsibly. Adams stated, “By automatically defending critical software at scale, we can have the greatest impact for cybersecurity across the country, and the world,” in a press release.

One of the noteworthy trends observed at the conference was the massive investment in large language model (LLM)-based technology, particularly generative AI, following the release of OpenAI’s ChatGPT last year. Tech giants Google and IBM both announced generative AI-powered offerings at the RSA Conference 2023 held in April. The event also placed significant emphasis on the potential of generative AI. In addition, Microsoft unveiled its virtual assistant named “Security Copilot” in March, powered by generative AI.

Recently, Tenable launched its generative AI-powered platform called ExposureAI. This new offering integrates LLM-capabilities into Tenable One and provides customers with features such as prioritized mitigation advice, actionable insights, and recommended actions. Tenable’s CTO, Glen Pendley, highlighted the quality of the security vendor’s data as a major differentiating factor compared to other LLM-powered offerings in the market.

However, with the emergence of various generative AI products and the integration of new features into existing solutions, it is evident that there are overlapping capabilities. For instance, Google Cloud Security AI Workbench and IBM’s QRadar Suite both offer automated threat hunting and prioritized breach alerts.

Experts in the field, like Levi Gundert, CSO at Recorded Future, have acknowledged that there is a learning curve associated with generative AI technologies. Gundert stressed the importance of utilizing this technology beyond basic intelligence and towards second-order thinking, which involves considering secondary consequences and thinking long-term.

Recorded Future, Gundert’s company, announced the Recorded Future AI tool. This tool, based on OpenAI’s GPT model, can provide real-time, automatic threat assessments by leveraging a decade of data collected by the vendor’s Insikt Group threat intelligence team.

While generative AI capabilities have advanced, the issue of rights management remains a significant hurdle in the technology’s progress. Brian Fox, CTO of Sonatype, a supply chain security vendor, highlighted concerns about who owns the data fed into and created by AI models. As a result, legal and security implications surrounding generative AI are still unclear.

Eric Skinner, Vice President of Market Strategy and Corporate Development at Trend Micro, suggested that there might be a temporary plateau in the technology’s capabilities as some of the more obvious use cases have already been addressed. However, he believes that the plateau will be short-lived, with future waves of more innovative and unusual use cases and attackers discovering unique ways to exploit generative AI.

The Black Hat USA 2023 conference provided industry experts and attendees with valuable insights into the growing influence of generative AI in the cybersecurity landscape. As the technology continues to evolve, the industry is exploring its potential and addressing the challenges it presents. Only time will tell how generative AI will shape the future of cybersecurity.

Source link