The Revolutionary Impact of AI on Modern Software and Cyber Security

Artificial intelligence (AI) represents a groundbreaking achievement in computer science, poised to become a fundamental element of all modern software in the coming years and decades. This evolution presents both opportunities and challenges. AI will be utilized to enhance both defensive and offensive cyber operations, while also creating new methods of cyber attacks that exploit the specific vulnerabilities of AI technology. Furthermore, the significance of data will be amplified by AI’s need for vast amounts of training data, necessitating a reevaluation of data protection strategies. Effective global governance will be crucial to ensure that this transformative technology promotes widespread safety and prosperity.

AI and Big Data

AI generally refers to computational tools that can perform tasks typically requiring human intelligence. This technology is advancing rapidly, similar to the exponential growth of database technology in the late twentieth century. Databases have become essential infrastructure for enterprise-level software, and AI is expected to drive much of the new value added by software in the coming decades.

In the last decade, databases have evolved significantly to manage the phenomenon known as “big data,” characterized by the unprecedented size and global scope of modern data sets. These data sets are largely collected from the computer systems that now mediate nearly every aspect of daily life. For example, YouTube receives over 400 hours of video content every minute.

Researchers have trained computer models to accurately identify individuals’ personality traits based on their Facebook likes. This illustrates the symbiotic relationship between big data and AI. Recent AI advancements are primarily driven by “machine learning,” a technique that trains AI using large data sets instead of predefined instructions. For instance, AI chatbots can be trained on text recordings from messenger apps to learn how to understand human speech and respond appropriately. In this context, big data serves as the raw material that fuels AI algorithms and models.

The primary constraint on innovation is no longer the difficulty of recording and storing information but rather extracting useful insights from the vast amounts of data now available. AI can detect patterns in massive data sets that are beyond human perception. This capability makes even mundane data valuable, as demonstrated by researchers who have trained computer models to assess personality traits more accurately than friends, based solely on Facebook likes.

AI and Cyber Security

Daily news stories highlight high-profile data breaches or cyber attacks causing millions of dollars in damages. The International Monetary Fund estimates global financial sector losses from cyber incidents at $100–$250 billion annually. As the prevalence of computers, mobile devices, servers, and smart devices increases, the overall threat exposure grows. The integration of AI into cyber security is expected to bring significant changes.

AI aims to automate tasks previously requiring human intelligence, thus reducing the labor resources needed for projects and increasing efficiency. For example, chatbots can handle customer service queries, and medical AI can diagnose diseases based on symptoms.

In cyber defense, AI can label log lines of recorded server and network activity as “hostile” or “non-hostile” and classify future observations accordingly. This system can act as an automated sentinel, identifying unusual activity from the background noise of normal operations. Automated cyber defense is necessary to manage the overwhelming level of activity that needs monitoring. Only AI-powered systems can handle the complexity and speed of the modern cyber security environment.

Continuously retraining AI models is crucial, as both defensive and offensive actors use AI to recognize patterns and identify weaknesses. The cyber security landscape is a dynamic battlefield where both sides continually adapt their strategies.

A potent tool in a hacker’s arsenal is “spear phishing,” where personal information is used to create tailored messages. AI could automate this process, using data from browsing history, emails, and social media to craft personalized messages for numerous targets, significantly scaling up offensive operations.

AI can also automate the search for software vulnerabilities, which can be exploited either lawfully or criminally. Software designers can use AI to test their products for security flaws, just as criminals search for undiscovered exploits.

AI will not only enhance existing offensive and defensive strategies but also introduce new fronts in the cyber security battle. Hostile actors may exploit AI’s weaknesses, such as “data poisoning,” where training data is tampered with to manipulate AI behavior, or “adversarial examples,” where input data is subtly altered to mislead AI systems. For example, a modified stop sign could cause an autonomous car’s AI to misidentify it as a yield sign, with potentially fatal consequences.

The New Value of Data

AI’s data dependency will change the landscape of cyber security, as its need for data transforms what constitutes a valuable asset. Data that was previously uninteresting may now become a target for hostile actors.

Some cyber attacks aim to disrupt or inflict damage, while others seek to capture strategic assets like intellectual property. Aggressors in cyberspace increasingly aim to acquire data for future, unspecified purposes. AI’s ability to extract value from seemingly trivial data is driving the tactic of “data hoovering” – indiscriminately collecting data for potential future use.

A New York Times report illustrates this strategy, noting that the Chinese government allegedly stole personal data from over 500 million Marriott hotel customers. While financial misuse is a common concern in data breaches, this data could be used for espionage, tracking, or detaining individuals as bargaining chips.

Data and AI are interconnected, unlocking both tangible and intangible assets. The quantity of data is becoming a critical factor for success in business, national security, and even politics, as seen in the Cambridge Analytica scandal. The Marriott incident highlights how ordinary information can provide strategic advantages in intelligence and defense, with AI extracting valuable insights from disparate sources. Consequently, bulk data will likely become a more common target for cyber actors.

Implications for Policy and Governance

These developments necessitate a reevaluation of cyber security strategies. In an interconnected system, identifying and protecting the weakest link is crucial. As sensors, machines, and people increasingly provide data for AI systems, there will be more entry points for cyber attacks. A comprehensive strategy is needed to minimize vulnerabilities; a piecemeal approach to cyber policy will not suffice. Since AI training data is globally sourced, national-level governance alone is insufficient.

Global policymakers are beginning to address AI’s impact on cyber security. During the 2018 G7 summit, leaders pledged to “promote human-centric AI” through appropriate cyber security investments while respecting privacy and data protection.

AI’s application to cyber attack strategies like spear phishing will enhance their effectiveness and expand the pool of actors capable of executing them, underscoring the urgency of establishing effective global governance in cyberspace. Efforts like the United Nations Group of Government Experts’ attempts to create accepted norms of conduct are crucial.

AI technology, often seen as a privacy threat, also has the potential to enhance privacy and control over proprietary data. Policymakers must carefully regulate AI use, balancing the need to prevent misuse while fostering innovation. Harmonizing policies across jurisdictions is essential, as unilateral restrictions could disadvantage a country competitively.

As AI becomes more integrated into the economy and civilian sphere, legal and normative frameworks may need to adapt to novel attack forms like data poisoning and adversarial examples. Historically, data theft has been the main cyber concern. Moving forward, hostile actors may seek to access databases not only to steal but also to manipulate data. Legal definitions of cyber attacks may need to expand to cover these new threats.

AI algorithms derive value from data, and controlling the data’s value requires controlling the assets produced from it. The infrastructure for recording, storing, and analyzing big data should be treated as a critical asset. Certain sectors, like finance, have systemic implications and require heightened protection. Governing institutions must continually enhance their security measures in these and other areas, including identity fraud. Given the rapid evolution of AI for attack purposes, this is an ongoing requirement rather than a one-time investment.

Leave a Reply

Your email address will not be published. Required fields are marked *