Jeetu Patel, executive vice president and chief product officer of Cisco, often makes this point by saying businesses must focus on “AI for security and security for AI.” He emphasized that again during his portion of the keynote address.
“First, we have to secure AI itself,” Patel said. “And then we have to use AI in our defenses, because human-scale defenses will be insufficient when the attacks are happening at machine scale.”
Patel announced that Cisco had released an AI model “purpose-built for security” on the open-source platform Hugging Face, making the code free for anyone to download. He said that Cisco would soon release the underlying toolset as well, because the security industry has heretofore relied too much on general AI models and needs its own.
RELATED: How to manage compliance and risk in a modern landscape.
RSAC research has found that AI-related topics are of greater importance to the event’s 44,000 attendees than anything else, according to Thompson. Organizations want to better understand how AI will affect their data governance and identity management processes, and how AI will affect security operations centers and the professionals who work in them.
Identity Is Still the Foundation of Security
For all the things that AI has disrupted in the field of security, one thing that has remained the same is how central authenticated identity is to an effective security program. Hackers continue to access networks via stolen or compromised credentials more than any other method, because it remains the most effective.
However, AI is providing cybercriminals with new tools for making their attacks. “Threat actors are now using very advanced AI techniques to break through — to actually impersonate people and target workflows,” said Rohit Gai, CEO of RSA (the identity security company that shares a name with the event but is not involved in managing it), in an interview. “Not necessarily at the time of authentication, but at other moments in an identity’s lifecycle.”
FIND OUT: A few data governance strategies for AI success.
Using AI techniques, hackers can make phone calls that mimic the voice of an authorized user, or send highly personalized phishing emails or texts at scale, Gai said. “That’s the power of AI, the more perfect impersonation as opposed to just some random person calling.”
Keep this page bookmarked for our coverage and click the banner below to receive related insights.