AI’s (artificial intelligence) massive impact has been both positive and negative. It’s excellent at some office tasks and terrible at others. It has revolutionised graphic design while also flooding social media with misleading, fake images.
AI relies on massive amounts of (sometimes incorrect) data. When the data is unreliable, so is the AI output. Cyber security is no different – but companies must be ready to embrace AI or risk being left behind.
Using AI for good
AI and machine learning (ML) can be used as tools to increase the efficiency of security operations centre (SOC) teams. Gone are the days when security analysts painstakingly combed through logs for anomalous activity. Now, AI shoulders much of the load, analysing massive volumes of data and flagging behavioural anomalies. This means analysts can spend more time on higher-order, pre-filtered alerts where their skills are most urgently required.
Where malware and script analysis were once tedious and time-consuming, AI enables almost instantaneous, accurate sample analysis. You can even paste a scrambled or disguised hacking script into a free ChatGPT account, ask it to explain what's going on and receive a surprisingly helpful breakdown.
Automating automation
In the past, detection engineers had to create, update and maintain their own automation rules. AI can now generate automation logic – such as disabling suspicious accounts, stopping identity-based attacks or cutting internet access to compromised machines.
This might sound risky to a SecOps manager or chief information security officer. After all, bringing operations to a halt in the name of security is counterproductive. But by placing proper guardrails on what AI can and cannot do, automation becomes a true asset – not a liability.
Although these advances might appear to replace humans in cyber security, there’s no substitute for the intuition and cognition that human beings provide. AI remains a tool that supplements skilled professionals in defending IT environments. Rather than replacing security teams, AI and ML optimise them – boosting the return on investment in security resources.
Where’s the double-edged sword?
AI in cyber security cuts both ways. Threat actors are also exploiting AI for malicious purposes. As soon as AI went mainstream with the release of ChatGPT, users began “jailbreaking” it – bypassing its built-in safeguards designed to prevent the misuse of large language models (LLMs).
Some jailbreaks are deceptively simple. For example, users can extract prohibited content simply by setting prompts in fictional or hypothetical scenarios. This has led to the emergence of a whole new category of vulnerability management tools to counteract such exploits.
Threat actors are using AI in a variety of ways. Novel malware is being developed at unprecedented speeds, as AI eliminates the need for laborious manual coding. It can also scan systems for weaknesses, suggest vulnerabilities and even automate exploitation.
Phishing e-mails are now crafted en masse and with alarming realism, increasing the success of phishing campaigns. And the impact on social engineering is especially concerning: AI can now mimic voices precisely and generate deepfakes to trick targets visually. By manipulating senses we typically trust – like sight and hearing – AI becomes a powerful tool for deception.
In short, malicious actors are streamlining their operations just like defenders are. If you’re not responding at AI speed, you’re already at a disadvantage.
Striking the balance
There are clear risks in over-relying on AI. Skilled humans are still needed to verify AI outputs. Security teams must remain alert, despite AI’s advances – because technology is fallible and trained professionals remain the final line of defence.
AI is not a silver bullet. Foundational practices like cyber security hygiene, reducing the attack surface and enforcing multifactor authentication are still essential. What’s certain is that AI must be a standard part of the modern security toolkit.
As AI continues to evolve, structured and strategic adoption is essential. The best time to begin planning was yesterday. The next best time is now.
Share
NEC XON
NEC XON is a leading African integrator of ICT solutions and part of NEC, a Japanese global company. The holding company has operated in Africa since 1963 and delivers communications, energy, safety, security, and digital solutions. It co-creates social value through innovation to help overcome serious societal challenges. The organisation operates in 54 African countries and has a footprint in 16 of them. Regional headquarters are located in South, East, and West Africa. NEC XON is a level 1-certified broad-based black economic empowerment (B-BBEE) business. Discover more at www.nec.africa.