Cybersecurity Tech Accord Principle #1: Strong Defense
The Cybersecurity Tech Accord’s first principle says that “we will protect all of our users and customers everywhere,” and AI can help us do just that. AI cybersecurity is the use of artificial intelligence techniques, such as machine learning, natural language processing, and computer vision, to enhance the security of digital systems and networks. AI cybersecurity offers several opportunities for industry to cope with the growing and evolving cyber threats that pose significant challenges to the confidentiality, integrity, and availability of data and services. Some of the ways that AI helps security operations teams be more effective:
Identifies cyberthreats faster and with more confidence – Many security solutions log thousands and thousands of events and AI helps identify the incidents that really matter. It also helps detect behavior that may not look suspicious on its own but when correlated with other activities, indicates a potential cyberthreat. Earlier this year, Rob Joyce, cybersecurity director at the U.S. National Security Agency (NSA), disclosed that the NSA has used artificial intelligence to help detect advanced threat actors using sophisticated “living-off-the-land” (LOTL) techniques to remain hidden while maintaining persistent access to US critical infrastructure.
Industry Highlight:
- ESET AI Advisor integrates into the day-to-day operations of security analysts a generative AI-based cybersecurity assistant that transforms incident response and interactive risk analysis facilitating faster decision-making for critical incidents.
- BT launched Eagle-i which combines BT’s network insights with advances in AI and automation to predict, detect and neutralize security threats before they get a chance to inflict damage. The platform is designed to self-learn from the intelligence provided by each intervention, so that it constantly improves its threat knowledge and dynamically refines how it protects customers across a multi-cloud environment.
Simplifies reporting – Tools that use generative AI can pull information from several data sources to create easy-to-understand reports that security professionals can quickly share with others in the organization.
Industry Highlight:
- Security Scorecard’s HEID AI delivers an increase in breach prediction accuracy leveraging LLMs.
Identifies unknown vulnerabilities – AI helps detect potential risks such as unknown devices and cloud apps, outdated operating systems, or unprotected sensitive data.
Industry Highlight:
- GitHub’s AI Assisted Code Review – A GitHub action that uses OpenAI’s GPT-4 to perform automated code reviews. This automatically reviews the code and suggest changes, just like a human code reviewer would.
Augments human defenders and grows their skills – Because generative AI helps translate cyberthreat data and analysis into natural language, analysts with fewer technical skills can be more productive. Generative AI helps identify remediation steps, enabling new team members to quickly learn how to effectively respond to cyberattacks.
Industry Highlight:
- Telefónica is integrating advanced security and artificial intelligence solutions to deliver 24×7 protection by specialized teams in Telefónica’s Digital Operations Centers located in Madrid and Bogota, Colombia.
Provides cyberthreat analysis and insights, quickly – Sophisticated cyber attackers typically try to evade detection by moving across different identities, devices, apps, and infrastructure. Since AI can quickly process lots of data from various sources, it can help identify this suspicious behavior and prioritize which cyberthreats security professionals should pay attention to.
Industry Highlight:
- Microsoft Security Copilot – Reverse engineering of scripts which eliminates the need to manually reverse engineer malware and enable every analyst to understand the actions executed by attackers.
- OnShore Security – Uses software from Elastic for cybersecurity data analysis with a cluster of servers dedicated to modeling (profile building) using AI/ML. The result is better anomaly detection.
Supports fraud detection by law enforcement – AI security solutions can help companies and law enforcement detect and react faster to fraudulent activities, including credit card fraud, identity theft, money laundering, or insurance fraud, by monitoring and analyzing large amounts of data, including financial records such as transactions and payments. By being made aware of any irregularities in financial records, companies and law enforcement agencies can be alerted to and respond quickly to attempts of fraud or other cybercrime activities.
Industry Highlight:
- Trend Micro’s AI Cyber assistant, Companion reduces time spent on manual risk assessments and threat investigations using capabilities such as plain language interface explains and contextualizes alerts, triages and recommends customized response actions, decodes complex scripts and command lines, helps analysts develop and execute sophisticated threat-hunting queries
- Zerofox’s DarkBERT is a specialized language model trained to navigate the dark web and assess cyberthreats. With its deep understanding of cybercriminal terminology and interests, it can constantly monitor dark web sources for specific mentions of an organization or other potential threats.
Supports cybersecurity professionals by augmenting threat intelligence tools – AI solutions for content curation and management can help cybersecurity professionals save time by optimizing the threat intelligence feeds they employ. AI-powered feeds, consisting of large data streams including information and reports on emerging threats, allow cybersecurity teams to be more efficient by delivering personalized intelligence and recommendations for securing networks against cyber threats.
Industry Highlight:
- Cloudflare’s Hackathon Helper, which is an AI application use case on Cloudflare’s global network that enables a series of starters for developers creating Hackathons.
Accelerates communication – AI helps with content generation for cybersecurity professionals, whether through documenting code and scripts, security architecture and controls, internal or external stakeholder communication, but also through various articles and blog posts that were previously written manually.
Industry Highlight:
- The Kontent.ai application is an AI-powered Content Management System, which utilizes AI for automation in content management, including content creation, review, categorization, translation, and release flow.
Read how our Principles apply to AI in cyber:
Introduction to Cybersecurity Tech Accord in the Age of AI: A new series exploring challenges and opportunities for industry
Cybersecurity Tech Accord Principle #2: No Offense Responsible Use vs. Threat Actor Abuse
Cybersecurity Tech Accord Principle #3: Capacity Building Building AI Cybersecurity Capacity
Cybersecurity Tech Accord Principle #4: Collective Action A Multistakeholder Approach