Where Will AI Stand in the Security War?

Since computers first became useful tools, there has been malware to infect them. In the nearly 50 years since the first virus emerged, cyber-criminals have become smarter and sneakier, developing more powerful and less detectable methods of entering devices and stealing information.

Fortunately, cyber-defenses have also improved in that time. Now, every day brings an improvement to one side or the other, and both sides’ weaponry has become so efficient that any slight edge seems significant.

Unfortunately, a problem is developing — a problem that will undoubtedly impact all aspects of modern civilization, but cyber security first: artificial intelligence. Machines that can gather data, analyze it for trends, and make accurate predictions are undeniably formidable tools, especially in the fast-paced cybersecurity war. Yet, the problem stands: Which side will AI be on?

AI for Defense

To understand how AI might help with defense, one must first understand how most endpoint security functions. Antivirus is the primary program used for prevention, detection, and elimination of cybersecurity threats. The majority of antivirus software utilizes signature detection, which employs a catalog of known virus code and periodically searches the device for evidence of infection.

Unfortunately, there is a serious downside to this method: Every 4.2 seconds, a new malware emerges, and signature-based antivirus simply cannot update fast enough to protect against all these brand-new threats. Instead, effective antivirus needs to be able to predict malware before it emerges — hence, the application of artificial intelligence.

Most computer programs only change because programmers force them to. For example, over time, a piece of software might develop glitches or vulnerabilities. However, the program will never be aware of them; users of the program must alert the program’s developers, who will create patches to resolve those problems and updates to add new functionality.

AI is not like regular computer programs; it can change on its own. By collecting and analyzing specific types of data, AI learns about its environment and develops new behaviors that ensure greater efficiency. As one might expect, the applications of such a tool to antivirus are profound. Instead of waiting for malware to evolve and attack, AI can calculate the trajectory of malware development and devise protections before cybercriminals attack.

As yet, security AI is not foolproof. Most often, its biggest drawback is an overabundance of false positives, which require users to manually investigate each claim for accurate identification of danger. The anomalies AI uses to identify potential threats are sometimes created by harmless computer processes. In the future, security AI should be more proficient at sorting good and bad data and eliminating only true threats.

AI for Attack

Unfortunately, AI’s ability to learn and change is also applicable to the bad side of the cybersecurity battle. At last year’s DEF CON, an annual hacking conference in Las Vegas, one research company demonstrated an AI program capable of creating malware that can slip past search engines and antivirus programs. Other researchers have developed malware-generating AI to test their own defense AI. If white-hat hackers are capable of manipulating AI to spread malware, it is almost certain that black-hat hackers have been doing the same for years.

As yet, relatively few known instances of AI malware have been found in the wild. In November 2017, the first confirmed AI-powered cyberattack occurred in India. The software used AI to learn the best methods for remaining hidden on infected machines, allowing the virus to spread deeper without interruption. Fortunately, this malware wasn’t “fully AI” — meaning it only employed AI tactics after it gained access to a machine. As cybercriminals adopt AI in greater numbers, it is likely that AI will take over many more malware functions.

Returning to our title question, the answer is clear: In the impending war of cybersecurity, AI will stand on both sides in near equal measure. It is humankind’s inclination to personify inanimate things, and AI is no exception. Most of us like to imagine AI as the sentient androids in movies like “Blade Runner” and “Ex Machina,” but in truth, AI is merely a tool like any other computer program. Tools do not make choices; they can be used regardless of intent.

In the cyberwar, AI will fight — but it will fight for both sides. Whether AI will help one side win is yet to be determined.