AI holds immense potential in cybersecurity, with the ability to bolster defensive measures and mitigate threats while increasing efficiencies for threat detection and response teams.
However, malicious hackers are also wielding AI’s power to conduct cyber attacks. How can companies stay one step ahead? Learning directly from the experts and the perspective of an adversary can help.
To close out Cybersecurity Awareness Month, Elamaran Vengatraman, an ethical hacker in the Salesforce Bug Bounty Program, and Kelly McCracken, SVP of Information Security and leader of Salesforce’s incident response team, share their first-hand experience with AI-powered threats and how to adapt security protocols accordingly.
AI is a game changer for cybersecurity — and it’s both good and bad news
AI has paved the way for a new era of enhanced cyber defense, with the ability to analyze data to recognize anomalies, detect fraud and phishing attempts, predict behaviors, and automate tedious tasks. This not only allows security teams to increase their efficiency, but to also identify threats quickly, on a large scale, and shorten response times.
On the other hand, Elamaran Vengatraman explained how cyber criminals are leveraging AI to exponentially increase their attack surface area and evade traditional security measures. Some common tactics include automated attacks, code generation, password cracking, exploiting zero-day vulnerabilities, and more. For example, hackers are using generative AI to impersonate individuals through convincing social media profiles or fake audio recordings for social engineering attacks.
While experts agree that proper cyber hygiene measures, like enabling multi-factor authentication (MFA) and fostering a culture of cyber awareness, are undoubtedly effective, even the most vigilant teams can become vulnerable to one of these sophisticated cyber attacks.
“You can follow every best practice, but that doesn’t mean you aren’t leaving a digital breadcrumb behind that AI can use against you,” said McCracken. “A bad hacker only has to be right once. We have to be right every time.”
AI is only as good as the data that powers it
The biggest threats with AI in cybersecurity aren’t always from external adversaries. AI models are powered by data, and if that data is outdated, incomplete, or introduces bias, it can greatly skew the results. For instance, biases in data could result in false positives, and incomplete data could limit visibility on viable security risks or not recognize an emerging threat altogether.
“Discrepancies, overlooking anomalies, and introducing biases within AI models can significantly erode trust in an organization,” said McCracken. “To help stay ahead of these possible pitfalls, human interaction and oversight is crucial. Cybersecurity professionals should continually monitor the AI models and prioritize transparency in the decision-making process.”
To help stay ahead of these possible pitfalls, human interaction and oversight is crucial. Cybersecurity professionals should continually monitor the AI models and prioritize transparency in the decision-making process.
Kelly McCracken, SVP of Information Security
Collaboration is critical for staying ahead of evolving cyber threats
According to Elamaran Vengatraman, even the most effective intel tactics may soon become outdated as hackers learn new ways to leverage AI. “As the technology advances, attackers are developing AI models to circumvent AI-based security measures. Companies must work together to adapt their defense accordingly,” he added.
Building relationships with vendors, partners, and government agencies is among the most effective, proactive measures to help stay ahead of evolving AI-powered cyber threats. Experts agree that sharing information about threat intelligence, emerging threats, and potential vulnerabilities helps protect the entire digital ecosystem and reinforces trust in the event of a breach.
Companies should also prioritize relationships with ethical hackers through Bug Bounty programs and live hacking events. With ethical hackers like Elamaran Vengatraman helping to inform security teams on criminal hackers’ tactics, companies gain an advantage and can stay ahead of the malicious hacking trends.
Experts say that bug bounty programs, combined with a collaborative approach, is the best way to protect against malicious actors.
“Cybersecurity is a shared responsibility, and we are stronger together,” said McCracken. “I guarantee we are all going to need to lean on one another at some point, and having established relationships before an incident occurs leads to better outcomes.”
Explore further
- Learn more about Salesforce’s Bug Bounty program and recent live hacking event
- Hear from one of Salesforce’s top ethical hackers about his bug bounty experience
- Check out Salesforce’s cybersecurity tips and resources here
- Learn more about how to leverage AI without compromising security here
Related Articles
Get the latest Salesforce News