Beyond the buzz: Understanding AI and its role in cybersecurity


ESET’s latest white paper delves into the intricate realm of artificial intelligence (AI) within cybersecurity, unveiling both the risks and opportunities it presents for cyber-defenders.

In the current technological landscape, AI has emerged as a focal point, captivating attention with its transformative potential. Among the various sectors poised to benefit or face challenges, cybersecurity stands out prominently. Contrary to popular perception, AI has been employed in cybersecurity for over two decades, albeit in different capacities. However, with the advent of cloud computing and sophisticated algorithms, AI’s role has expanded to bolster digital defense mechanisms and pave the way for a new era of AI-driven applications.

While AI holds promise for enhancing cybersecurity, its proliferation also amplifies the arsenal of threat actors. As AI technologies become more affordable and accessible, cybercriminals are poised to leverage them for social engineering, disinformation campaigns, and various scams. In light of these developments, ESET’s white paper endeavors to unravel the intricate landscape of risks and opportunities for cyber-defenders.

A Brief Historical Perspective:

Despite the current hype surrounding large language models (LLMs), AI has been integrated into cybersecurity practices for decades. ESET, for instance, leveraged AI technologies over twenty-five years ago to combat macro viruses. Since then, AI has been instrumental in various capacities, including distinguishing between malicious and clean code samples, facilitating rapid triage of malware samples, and fortifying endpoint protection through neural networks and decision trees.

Drivers for AI Adoption in Security:

The escalating demand for effective AI-based tools in cybersecurity is propelled by three primary factors:

  1. Talent Shortages: With a global shortfall of approximately four million cybersecurity professionals, organizations are turning to AI to augment the productivity of existing staff and provide insights into threat analysis and remediation.
  2. Adaptable Threat Landscape: As cybercriminals continue to evolve and capitalize on sophisticated attack techniques, organizations are embracing AI to enhance their defense mechanisms against agile and well-resourced adversaries.
  3. Heightened Stakes: With increasing reliance on IT systems for sustainable growth, organizations face substantial financial and reputational risks in the event of a cyber breach. As such, AI-driven cybersecurity solutions are imperative for mitigating these risks and safeguarding organizational assets.

Applications of AI in Security:

AI is leveraged by security teams across various domains to prevent, detect, and respond to cyber threats effectively. By correlating indicators in large datasets, identifying malicious code, and assisting threat analysts in interpreting complex information, AI technologies play a pivotal role in fortifying cybersecurity defenses.

Examples of AI Applications in Cybersecurity:

  • Threat Intelligence: AI-powered assistants analyze technical reports to distill key insights for analysts.
  • AI Assistants: Embedded AI “copilots” assist in eliminating security vulnerabilities and updating complex settings.
  • Supercharging SOC Productivity: AI contextualizes and prioritizes alerts to enhance Security Operations Center (SOC) analysts’ efficiency.
  • New Detections: AI tools scan for emerging threats by combining indicators of compromise with threat feeds.

AI in Cyberattacks:

Unfortunately, cybercriminals are also harnessing AI technologies to orchestrate sophisticated attacks. From crafting convincing phishing campaigns to perpetrating business email compromise (BEC) scams and disseminating disinformation, threat actors are capitalizing on AI’s capabilities to perpetrate cybercrime.

Limits of AI:

Despite its transformative potential, AI is not without limitations. High false positive rates, dependency on quality training sets, and the need for human oversight underscore the fact that AI is not a panacea for cybersecurity challenges. Furthermore, the emergence of malicious AI activity underscores the dawn of a new arms race in cybersecurity.

In essence, ESET’s white paper sheds light on the intricate interplay between AI and cybersecurity, highlighting both the promises and perils it presents for cyber-defenders in the digital age.