How AI can lead the fight against cyber threats

With threats rapidly evolving, artificial intelligence holds tremendous potential to revolutionize cybersecurity defenses, Janet Rathod from Citi and Bishop Garrison of the INSA write.

The cyber threat landscape has become increasingly complex, posing significant challenges for government, private companies, nonprofits, and other organizations. Malicious actors - nation-states, cybercriminals, hacktivists, and insiders - continually adapt their tactics, intensifying the risk to data, systems, and operations.

The rapid evolution of technology, particularly artificial intelligence, has further complicated the threat landscape, offering new opportunities for malicious actors to exploit vulnerabilities, automate attacks, and evade security measures with precision and scale.

While AI presents new avenues for exploitation, it also holds tremendous potential to revolutionize cybersecurity defenses. AI has played a vital role in cybersecurity for decades, and the continued adoption of new AI technology can help organizations proactively detect and respond to threats with greater speed, accuracy, and efficiency.

The Intelligence and National Security Council (INSA) has been at the forefront of the discussion on how AI can combat cyber threats, offering research, workshops and small group discussions centered on this topic.   

The first area in which AI is revolutionizing cybersecurity is the field of cyber threat intelligence, which involves collecting and analyzing threat actors’ motives, targets, and behaviors.

Traditionally, analysts relied on manual methods to review vast amounts of security data.  AI can inject speed and accuracy into the process, identifying anomalies, correlating seemingly disparate events, and ultimately pinpointing potential threats. 

AI can also be a powerful tool for attribution, the process of identifying the actor behind a cyberattack. By analyzing attack patterns, malware and other artifacts, AI can identify similarities with past attacks linked to specific threat actors. This can reduce the time and resources needed for analysts to attribute the source of an attack. 

AI continuously trains models on extensive threat data, leading to a deeper understanding of evolving attack methodologies and trends over time. 

Finally, AI has the potential to transform various facets of cybersecurity operations, spanning from the security operations center (SOC) to patch management, incident response, and pen testing.

In the SOC, AI can refine threat detection and response, addressing the challenge of data overload by discerning between relevant signals and background noise. In incident response (IR), AI can expedite the identification and mitigation of potential threats, thereby reducing response times.

Additionally, within patch management, AI offers improved system scanning capabilities, facilitating more effective prioritization of patches. Similarly, in penetration testing and red team operations, AI can enhance the identification of vulnerabilities and simulate cyber-attacks, helping organizations fortify defenses against evolving threats.

AI-driven approaches can also play a significant role in securing software development processes, aiding in the identification of vulnerabilities early in the development lifecycle, thus reducing the risk of exploitation by malicious actors.

Collaboration between human analysts and AI systems will be vital to ensure comprehensive protection against emerging cyber threats.

In this symbiotic relationship, AI serves as a force multiplier, empowering cybersecurity professionals to adapt and respond effectively in the ever-changing landscape of digital security. With proactive measures and strategic investments in AI-driven solutions, organizations can enhance their cyber resilience and safeguard their digital assets in an increasingly complex environment.

Janet Rathod is the global head of cyber threat intelligence at Citigroup Inc.. Bishop Garrison is the vice president for policy at the Intelligence and National Security Alliance.