Answering Key Questions About Embracing AI in Cybersecurity

As we witness a growing number of cyber-attacks and data breaches, the demand for advanced cybersecurity solutions is becoming critical. Artificial intelligence (AI) has emerged as a powerful contender to help solve pressing cybersecurity problems. Let’s explore the benefits, challenges, and potential risks of AI in cybersecurity using a Q&A composed of questions I hear often.

Q1. Are we in an AI revolution?

A1. Innovations in AI have propelled us into an AI revolution, leading to significant advancements in natural language processing, computer vision, and decision-making capabilities. AI systems are becoming more general and human-competitive in a wide range of tasks. For example, the recent breakthroughs of large language models (LLM) and generative AI, such as ChatGPT and GPT-4, can do an amazing job writing an article, creating  code, and drawings, and even passing a bar exam. It is becoming clear that these advances will have a profound impact on our society, including the potential to revolutionize the world of cybersecurity.

Q2. What are the benefits of using AI to solve cybersecurity problems?

A2. Cybersecurity, in many instances, resembles the task of searching for needles in haystacks. With the implementation of AI, the process can become more efficient and scalable, as AI excels at identifying patterns and conducting data analysis on a large scale. AI offers various advantages in addressing cybersecurity challenges, including:

• Detection of unknown, zero-day threats and anomalous behavior patterns, complementing heuristic and signature-based approaches
• Automatic classification and discovery of sensitive data and enterprise digital assets
• Simplification of complex policy configurations and management tasks, reducing the workload for cybersecurity professionals
• Identification of truly suspicious users and devices by efficiently analyzing large volumes of alerts and logs
• Providing additional intelligence around security incidents and recommending effective ways to respond. 

These benefits collectively lead to a more proactive and efficient approach to maintaining security and reducing cyber-attack risks. With the help of AI-powered tools, security professionals will become much more productive in identifying bad actors and conducting threat investigations. 

Q3. How is AI being used at Netskope?

A3. At Netskope, we have been using the latest AI and machine learning (ML) technology to power the Netskope Intelligent Security Service Edge (SSE) security platform. We have a team of dedicated ML scientists, security researchers, and product engineers who have track records of solving security and fraud problems in different domains. Leveraging our expertise in AI/ML and security, we are developing large-scale AI solutions for SSE. For example, 

• By applying deep learning-based natural language processing and computer vision techniques, we are able to detect sensitive and personal data in our customers’ network traffic, such as financial and legal documents, source code, and images of passports and credit cards, which helps our customers comply with privacy regulations and protect their digital assets.
• Through the use of embedded user and entity behavior analytics (UEBA), we have trained models to discern normal behavior patterns versus those that originate from malicious insiders, compromised accounts, data exfiltration attacks, and ransomware attacks.
• AI is used to power multiple malware detection engines in the inline fast scan, as well as static and dynamic analysis-based deep scan of Netskope’s threat protection system, improving its malware detection efficacy for various file types. 
• We have trained language models to classify URLs and web content, enabling Netskope’s customers to enforce their web security policy and perform effective web traffic filtering of sensitive or harmful information.
• Similar to generative pre-training of large language models, such as GPT models, we use a large number of web pages to train the HTML encoder and then use it to build the phishing classifier. The phishing classifier enables us to detect and block phishing web pages in the web traffic that goes through the Netskope SSE platform in real-time. 

Over the past three years, Netskope has been granted 15 U.S. patents for our innovative application of AI in addressing cybersecurity challenges. Unlike the general-purpose AI, our AI models are specifically designed to solve security problems, while prioritizing efficiency and accuracy. They are optimized for real-time processing, allowing for fast and accurate results, all while maintaining a small memory footprint. 

Q4. What are the challenges and risks of using AI?

A4. Cybersecurity has its own challenges when it comes to the adoption of AI and machine learning technology.

• False positives and negatives. AI may sometimes incorrectly classify threats or anomalous behavior, leading to either false alarms or missed threats. The costs of false positives and false negatives can be significant, presenting considerable challenges for AI models. General-purpose AI, without customized training and tuning, may not meet the required accuracy standards. Netskope takes a multi-layered approach that incorporates AI, heuristic, and signature-based components. This is to ensure that the Netskope SSE platform satisfies the high accuracy requirements that are necessary for effective data security and threat protection.
• Privacy concerns. AI systems need access to large amounts of data to train and improve their algorithms, which raises questions around data privacy and protection. In addition, the use of AI in cybersecurity often involves the processing of sensitive and personal information, which must be handled with care to ensure compliance with data privacy regulations. The recent incident involving Samsung workers accidentally leaking trade secrets via ChatGPT serves as a reminder of the importance of data privacy in the context of AI cybersecurity. At Netskope, we take these concerns seriously and prioritize the responsible use of data in all of our AI applications. We don’t use customers’ data for AI training unless they give us explicit permission. 
• Explainability and interpretability. In cybersecurity, it is crucial to understand how AI makes its decisions to ensure that the outcomes produced are reliable and consistent. However, some AI models can be highly complex and difficult to interpret, which makes it hard for security teams to understand how the AI is arriving at its conclusions. This challenge is compounded in the case of generative AI, which can produce highly complex and intricate patterns that may be difficult for humans to interpret and understand.
• Vulnerability to adversarial attacks. Hackers may attempt to exploit AI models by creating adversarial examples, making the AI model misclassify inputs and compromising its effectiveness. This risk is especially pronounced in the age of generative AI like ChatGPT/GPT-4, which can produce highly realistic synthetic data that may be difficult for AI security systems to distinguish from legitimate data.

While AI can certainly bring significant benefits to cybersecurity, it is essential to recognize and address the potential challenges and risks associated with its use, especially in the age of generative AI like ChatGPT/GPT-4. By acknowledging and addressing these challenges, security teams can ensure that AI is used responsibly and effectively in the fight against cyber threats.

Q5: Are hackers using AI to their advantage?

A5. I have no doubt that some cyber criminals are also exploiting AI for their benefit. As illustrated in this blog post, They can use AI technologies to improve their attack strategies and develop more sophisticated malware. This includes using AI to accelerate vulnerability exploitation, create self-propagating malware, and automate the extraction of valuable information. In addition, attackers can use a tool like ChatGPT to improve their social engineering skills. It can help them to write specific texts that would be used on phishing emails, redirecting victims to malicious websites or luring them into downloading attached malware.

Consequently, organizations must stay vigilant and adopt advanced AI-powered solutions to stay ahead of the ever-evolving cyber threats landscape.

Q6: There has been a lot of discussion lately about possible risks to humankind due to AI. Is the AI Labs team committed to acting responsibly?

A6. To ensure safety and security, we need to work together as a society—AI developers, businesses, governments, and individuals—to make AI systems more accurate, transparent, interpretable, and reliable while minimizing privacy and security risks. 

Netskope AI Labs is committed to the responsible use of artificial intelligence and machine learning. We will work with peers, academia, thought leaders, and governments alike to safely direct AI efforts in a way that will benefit and not cause harm to our customers, partners, employees, and their families. We will take precautions and maintain a posture of transparency in our efforts.

Summary

We are currently witnessing a golden age for AI research and development, as AI technologies continue to improve and gain unprecedented power with each passing day. We are thrilled about the potential of AI in the realm of cybersecurity. Organizations should embrace AI and invest in comprehensive security frameworks that include AI solutions while addressing various challenges and potential risks, ensuring a secured adoption of AI in their cyber defense arsenal.

To learn more about how we use AI to solve different cybersecurity problems at Netskope and get the latest updates, please visit Netskope AI Labs.