How a.i is shaking the foundations of cybersecurity rsa conference

Information security leaders have had to do a lot of adapting over the past decade. They’ve shifted from an emphasis on protecting the perimeter of the network to defending access points. They’ve turned a large portion of their outward gaze inward as knowledge and awareness of insider threats mushroomed. They’ve extended their layers of protection endlessly to accommodate the growing thirst for mobile access to data. And they’ve accommodated unfathomable complexity as migration of applications to the cloud has accelerated.

If you want further proof for how important AI is to the future of security, consider the opening of a cybersecurity innovation center in London earlier this summer, or the recent deal between the governments of France and the U.K.

to collaborate on research and funding of innovation in this area. The subtext of such developments is clear: We have to do something to give ourselves a fighting chance.

That reality was on display at this year’s RSA Conference in San Francisco, where AI was ubiquitous among the 10 finalists in the annual Innovation Sandbox competition. What attendees saw that day was a reflection of a trend CB Insights had already documented: Cybersecurity startups attracted $7.6 billion in venture capital investments during 2017, double what they received in 2016.

Put all of these indicators together, and you get one of those rare moments when a perfect storm is combining technological innovation, a big problem to solve, and a marketplace desire for new solutions to spur what might be considered a sort of Frankenstein Effect, with tech innovators playing the role of Dr. Frankenstein, AI as the new monster, and organizations looking not for immortality, but rather for a leg up on their attackers.

The emergence of AI in cybersecurity also brings with it some other considerations, none more important than the need for cybersecurity leaders to have a louder voice in the C-Suite. We’ve frequently documented the need for organizations to give their security execs a seat at the boardroom table, most recently highlighting the need to inject boards with more security moxie. Boards need to hear more from experienced security thinkers, while security thinkers are likely to get demonstrably better at their jobs if they have a clear picture of high level business objectives.

The stakes are even higher thanks to AI, which promises to bring a degree of change to cybersecurity that’s never been seen before. Whether that means more sophisticated attacks, whole new levels of automation in responding those attacks, or simply handing off security to an artificial decision-maker, how organizations embrace AI will go a long way toward shaping cybersecurity and the larger business landscape for many years to come.

How pervasive is AI becoming? On a 2017 episode of the Cartoon Network’s Teen Titans Go titled "Ones and Zeroes," the main characters try to build a robot that can make a new kind of pizza. In order to test the robot’s human-like intelligence, the group subjects its robot to the Turing Test, which is designed to determine whether a machine’s intelligence is equivalent to a human’s. They even provide a little snippet explaining who Alan Turing, the innovator behind the test, was and how testing works.

Which is why security experts should pause before expressing skepticism about AI’s hype in the security realm. Sure, there’s a certain Kool-Aid quality to all the AI talk. Yes, it’s going to be some years before AI possesses the maturity to deliver on its many promises. And there’s no doubt that security professionals have every reason to fret over their future career paths if AI starts doing all of their work.

But with attackers successfully employing AI-powered tools to do their bidding, security practitioners who discount AI do so at their own risk. True, AI doesn’t represent a silver bullet that can cure an organizations’ security woes (as the article linked above argues), but it’s a bullet nonetheless, and one that all security leaders should be making part of their lines of defense.