AI and Cybersecurity: A CTO Perspective - podcast episode cover

AI and Cybersecurity: A CTO Perspective

CXOTalk
Mar 20, 202346 min
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

#cybersecurity #ai
CXOTalk host Michael Krigsman interviews Michal Pechoucek, CTO of Gen and AI researcher, on the impact of AI on cybersecurity.
In this insightful discussion, the two participants explore the evolving relationship between AI and cybersecurity. The conversation covers a range of topics, from AI and machine learning (ML) tools in cyber defense and penetration testing to A/B testing in cyber attacks. The conversation also covers the challenges of AI and cybersecurity research and the maturity of AI-powered tools in the field. The conversation culminates in valuable advice for Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs), as well as thoughts on the future of AI in cybersecurity, including the potential for cognitive attacks and the spread of misinformation.
The conversation includes these topics:
► Early applications of AI and deep learning in cybersecurity
► Consumer cybersecurity and AI-enabled defenses
► Evolving cybersecurity threats and cognitive attacks
► AI and deep learning: Defending against automated attacks
► Signature-based AI and deep learning to scale malware detection
► The challenge of building AI for diverse cybersecurity threats
► Importance of AI explainability in cybersecurity
► AI-enabled cognitive attacks, identity theft, and the future of cybersecurity
► AI to detect phishing attacks: Large language models and classification
► Importance of AI in Cybersecurity for Boards of Directors
► Bridging the gap between cybersecurity experts and boards
► Personal data protection: Tips for better cybersecurity hygiene
► Algorithm manipulation and privacy concerns; Algorithm manipulation and privacy
► AI and ML tools in cyber defense and penetration testing
► A/B testing in cyber attacks
► AI recommendations on data collection
► Challenges in AI and cybersecurity research
► Advice for Chief Information Security Officers (CISO) and Chief Information Officers (CIO)
► Future of AI in cybersecurity: cognitive attacks and misinformation
Join our community: https://www.cxotalk.com/subscribe
Read the complete transcript: https://www.cxotalk.com/episode/ai-cybersecurity-cto-perspective
Michal Pechoucek leads the core technology, innovation and R&D teams driving security engines as well as Gen's technology vision for human centered digital safety and beyond. He is also responsible for the company’s scientific research in the fields of Artificial Intelligence, machine learning, and cybersecurity. He previously served as CTO of Avast.
Before joining Avast, Mr. Pechoucek spent over twenty years as a professor at the Czech Technical University (CTU) in Prague, during which he founded the Artificial Intelligence Center in 2001. Mr. Pechoucek has authored more than 400 high impact publications and contributed numerous innovative AI applications to research in computer science.
While pursuing his academic career, Mr. Pechoucek co-founded several technology start-ups including cybersecurity firm Cognitive Security (acquired by CISCO in 2013), AgentFly Technologies, which specializes in controlling autonomous aircraft traffic, and Blindspot Solutions, which develops AI for industrial applications (acquired by Adastra Group in 2017). He directed the R&D Center for AI and Computer Security at CISCO Systems and worked as a strategist in the CISCO Security CTO office. He is also a venture partner with Evolution Equity Partners, a VC firm specialized in cybersecurity. Michal Pechoucek co-founded the prg.ai initiative aiming to transform Prague into a world-class AI super hub. He sits on the board of several AI startups and as an early investor supports Czech AI ecosystem.
Michal graduated from University of Edinburgh and gained his PhD in Artificial Intelligence at CTU in Prague. He also worked as a visiting professor at the University of...

Transcript

We're discussing Ai and cybersecurity with one of the foremost AI researchers in the world McCall. Pacu check is the CTO of Jen. Yeah. Thank you know I'm a special breed in a way you know I've been an AI computer scientist for a kind of big part of my life. I've been a professor went through all these postdocs, sabbaticals, getting grounds advising team. 80 students. All this Gizmo and I always was super excited about what a I can have as a positive impact to

society. So I was going to one of those crab occasionally in fact researchers and can back in 2005. We started couple of research projects with my PhD students in the use of AI in the field of cyber security at a time. You know, the AIO Is only coming up as an application area and people were using AI for image analytics. And the video analytics we just wanted to make a breakthrough in the field over how Ai and machine learning can be used in cybersecurity.

And believe me those days, it was very difficult to sell AI am L to cyber security Specialists online today. Do they say, I is driving all the cyber security analytics in the majority of the systems that we use. Use these days. And but you're after a couple of startups and to working with the VCS, I was kind of invited that asked, by Andrea Bocelli, who is a former CTO of almost then a

CEO. We was being promoted and he, he kept talking to me and kind of getting me, slowly excited about how fun it would be to use a I not for B2B cybersecurity for Enterprise sector but try to use my creativity and experience for building cybersecurity for consumers. Ai and they both are basically for consumers and he planted

this bark. And here I am in the gym from a vast Building Systems and running the R&D departments and research labs and threat Labs. So that we build the best in class cyber security for consumers. Consumers are basically, this is what I do. Do you want to give us maybe a brief overview of the distinction between cyber security for the Enterprise and

cybersecurity for consumers? This one is extremely exciting, especially these days when the cybersecurity as a field, is undergoing a major change because you're in the the past attackers and the other Us. 30 years, actually at the girls were writing Malabar, and we'll start get it at computer systems at the networks and the programs operating systems that people used it was it was the duty of the Enterprise of the industry, the business to make sure that there is of them, death cell

every Hardware, they sell every net with it. Is there is a safe. Okay. So and then users. Consumers were pretty much users of this infrastructure. That the Enterprise sector have made to be safe with the with the recent change that we see in the industry were, it's not any longer, the vulnerability of the operating systems, and the networks and the computers on our devices, by it's more people that are the vulnerability.

And the supply chain, people are not only victims of cyber security attacks, but people are also a conduit and Pieces on the supply chain that not only consume but also participate in

deploying an attack. So people are getting in the front People Are People cognition and the way how people think and consume the internet is becoming the vulnerability because of this major change there is now a lot more interest in. Consumers are basic rate were the expectation of the industry is to build Old technologies that will be there covering people at the very end or when

they touch the internet. And this is a very, and as recognition is what they see what they read the messages, they receive the emotions they post. So the consumer service that created these days needs to be at this very edge of the internet, which is different Edge. That was exciting than 50 years

ago. And I'm not only going to talking about about my My what I think but your we have data, you know, Jen as a company is, is a technology company that is a house of a number of Technologic brands in the field of cyber security. I originally come from a vast, which is, which used to be the biggest European cyber security brand that merged last year was not LifeLock, which was the biggest consumer services with the brand and in others.

We because of our freemium offering, you know, animals. We were going to do the first and the biggest and the premium and consumer cyber security. We see close to half a billion and points. So we see a huge part of the internet and in this is visibility in gives us a data where we see that. Currently, it's only 30% of the attacks that we see on the internet.

And that are caused by a classical model board is targeting devices, and network infrastructure was 70% of all what we see are attacks like fishing and scamming attacks on human cognition. Give in that, weird is a I come into play to help prevent this aspect of the cybersecurity supply chain. As you described it, we see See attackers optimizing their costs and mocked and maximizing the effect of deployment of the attacks.

And they were using a different automation techniques and methodologies, including artificial intelligence.

Different kinds, not only emotional learning, but also automated planning, automated reasoning different types of a I4 G making detects as cheap as possible and as a large-scale deployment as possible, so there was a lots of AI under the hood or more Writing more attacks mobile deployment, in order to be able to respond and to protect our consumers, efficiently, the cybersecurity firms needed to deploy high-grade, AI to protect the consumers because as soon as you

stop deploying the right level of automation against automated attacks, you would be losing your Warfare. There is no way how by even analysts you can defend the automated High scale attacks that are coming from the attackers. So, for this reason, AI has been very well designed to be used on the side of the the defense. But there have been a number of problems that we've experienced as the Defenders. One of those were that for each different type of attack that we see on the internet.

We're gonna need it to build a new AI detector, new AI, classifier, we cybersecurity experts were building the classifiers by designing features and doing lots of training. And soon, we started to see that this doesn't scale because we need a lot of programmers, and cyber and subject matter experts who can help us to design those algorithm those algorithms do so much. E-learning tools. You're talking now about

signature-based. Yes, I'm talking about the signature bass time over detection, exact. Okay. And in order to be able to kind of cope with this scalable scalability problem, explosion of the types of malware that that we are seeing online. We needed to deploy a deep learning kind of my thoughts. That makes the programmers and the cybersecurity on the list free. Of Designing the features. So there is one type of algorithm.

If we're all design that you train on different types of data, large data, and classified the detector exhibits. More General detective detection capability and can be used across the pipeline and the, the cyber security company and, like, in a vast, what we did is we've build those a unique General AI based methods, that help the user has to be to be protected very well and you can imagine. You can imagine this kind of similar to a current way.

How AI is effective in building, the large language models, what we did is we've built a similar deep learning methods that were not trained on natural language. But or Json files, internet is written in Json. So like 70% of all Fossil the intent, our Json files structured, but with a variable length, and to be able to train a eye on any type of Json file, I was a complexity that we were trying to resolve and we're a success success success for resolving so.

So one Challenge in a cybersecurity is to be able to come up with generic enough AI, that can be effective across different types of current. And future threats. There is the other huge challenge that we have in cyber security. That is explained ability. Yo, cyber Security Experts are like medical doctors. They know the best. They don't need any AI to help

them classify moreover, right. So to establish the understanding between the AI researchers and so basically the expert is a non-trivial and ever, which is why there is a need to build a lots of explain ability. It could blow to explain AI to the Marlborough on the list so

that it's accepted. So and we were building a exciting novel tools, for example, expandability and cybersecurity, in order to accelerate the deployment of AI in cyber SEC, are the primary challenges here, lying with the ability to accumulate sufficient data for your models. Or in building the broader, General algorithms that will operate, effectively, on those models. It's one of the genetic. Let's say so we have an access to a fantastic data on the internet.

So we see a lot, but the generality. So that the detectors are fine-tuned, to be able to detect different types of Marlborough campaigns. This has been a challenge. So as, as much as, In other applications of AI. There has been a push to build an algorithm that is capable of doing more things. Such as in game, playing the designers design algorithm that can play goal and shotgun at the same time. This is the aspect of generality and game playing similar.

Aspects of generality is, is needed in building when we build AI for a cybersecurity today, the cybersecurity is different because it's not vulnerability of the operating Eames but is the vulnerability of people condition. So the attacks are different, and the attackers are writing something else. They are not writing Json files, there are not compiling assembler code with the attackers are doing there. There are writing text and

natural language. That is supposed to be deceptive and believable so that the users are willing to open an attachment or a willing to share their a cyber say there are financial data there are willing to click on the link. So it's Totally different type of warfare and their artificial intelligence is much more successful and much more impactful but it comes to attacking. Because in order to be able to craft and deploy successful couldn't attack, you need three things.

Number one is, you need lots of data about the victim. You need to kind of collect data about where Where the victim goes on the internet. Would they like what they did with the a show? Would they read? And through this? It's possible that the algorithms will create more personalized. Communication, more personalized, could attack. The second is that you need is to steal somebody's credentials. Identity theft are increasing the effectiveness of a couldn't

attack. If you receive your the condensate tank from a from an email of a friend. It's More likely that you will click or open the attachment. And the third one is high-performance AI, that is capable of building. A text that is believable, the text that is easy to believe in and adopt as a legitimate message and act accordingly and current high performance. AI is already by the large language models is the ideal tool for an explosion of the coordinate attacks and this is

what I'm worried about. This is why I wake up every day and go to work because I want to contribute to protection against AI enabled coordinate attacks. I have been the subject of very targeted phishing attacks. Not have ever been successful to my knowledge but where people have bad actors have impersonated people that I know and in texts and Annie Emails. How can a, i and the tools you're developing protect me,

these things are so believable. And I, I'm so used to being attacked that I research everyone and I know how to manually research it. But how can a I help in this on the contrary thinker? I think differently than others. And in the past the whole subdue, the consumer. Subsequently adopted this concept of Cyber security under the hood me as a user. I do not need to understand. I don't need to see. I just buy this product and I'm covered. It's gone.

This is history. Now we live in different times. Currently we need to build and gauging sophisticated tools tools that will be there for people will be there with people and will be helping people to be more resilient against coordinate attacks. So, assuming that your I installed this thing, And as a result of this, I will never be attacked by fish. Or scam is just false assumption. This will never happen.

So we as a as a Defender need to change the perspective and try to build a companion tools, that will be there with people will be gamifying cybersecurity for people will be rewarding people with more transparency and what is going on when they read and Receive a message. And when you ask me how a I can help the large language models that are now used for creating text. Can be also used successfully for being able to detect text. That is scam.

That is fraud that this extortion, that is by many other means malicious. So, the capability of detecting and classifying text Stacks with malicious intent, and this is currently enabled by large animal models. And by AI, which reach, we investigate and study in jenin here are looking for the patterns among very large numbers of phishing attacks and obviously based on your work and your research, those patterns are there if you can only find them quickly enough, I assume. Yeah.

And the old, we are lucky because we don't, we don't need to do this work or so this is what the AI does. Us, you know, we only need to provide a good quality training data and then let the Deep neural network to learn its classification. People are always asking me Miguel why I just can I use a GTP to do this for me? And you just just ask the question and the chat window and my response. Always is that cybersecurity is much more serious deed. We Zenda, lots of

responsibilities to our users. So whenever we help you sir, we need to be Crystal. Clear, what is it that we are here? What is it? That we are trying to user and if we are advised not to click, we just need to be certain and current setup of the large large, Which models that are generating generally designed Angela trained just do not give you the certain it. So our our added value, and AI pipeline of systems is twofold. Heh. And we just want to make sure

that the chat board. The large language model that we query is not giving some of the, your son don't senses answer and second, what we do is we do problem, think. So, we are prompting the language model with the data with like small amount of special sample data that are helping the rational model to do the classification. That is direct contextual to a situation in which the user receives the attack. So we have a question from our Salon Con on Twitter and he wants to know if AI is being

used for cybersecurity. Does that mean that Boards of directors don't need to worry about cybersecurity? In other words is the AI just handling this problem and the problem is going to go away. So it's very similar to my own In the third of consumer service regretted, the fact that we are in a world where ordinary consumers need to worry. The same applies to the board members so you can get insurance. But it doesn't mean that the

insurance will work always. So the difference between a board is that the bird do have a responsibility for business. So their budgets for an investing in cybersecurity She is a sort of a different order of magnitude while ordinary consumers who payday payday their daily bills. They're they're spotted their Spotify, their Netflix and whatever they need on the internet. For them. Can I think an extra for cyber security as a material part of the bill?

So I would say the difference is with the the investment but nobody neither ordinary users. Not import members are currently relief from a Let's intubate the tension and to make the right decisions. These are tough problems. And I think for board members, it's in some cases, even more difficult because they don't have the technology background. That's necessary to really understand this.

And so they have to therefore rely upon a group of Technology experts without without the transparency and explain ability that you described earlier. Yes, yes. I would say that. Currently, we have the fastest error, a change in the types of attacks from the Bad actors.

So I think that there is a huge expectation for the Cyber Security Experts to really be up to the speed to really try to understand what are the new dangerous threats and also what are the new technologies that people use for attacking as much as for protecting? So there is a huge amount on the experts to really be there for people who need their advice.

Many technology experts are Not sufficiently comfortable communicating with the boards, which presents a problem because the security officer, for example wants to explain but doesn't not know how to present it in terms that are straightforward enough for the board to understand. And, and that's a gap that causes problems.

In some cases, I agree with you Michael and there's the other problem, which is that there's the current economical environment, the budgets are stretched, Act with with

everybody. So and I guess in the past kind of big corporations were, if they didn't understand they, they were going to okay to pay an extra for like an extra tool that this under security guy, requested these days I think is going to be different, you know, they'll be budget fights for everything including cyber security. So this presents a accorded growth for cyber security personnel and Caesars. The big companies to be able to

explain better to the board. What is it that they are buying and why they need to invest? So the time is changing for everybody, it is always extraordinary to me the number of companies even security company. As I mean, look at last pass that have breaches and after the breach they always say we're going to invest more. We're going to well, why didn't they do this before?

The fact that the old are those centers on the internet that are worth breaching that store users private data and the Bad actors are interested in attacking. I think it's wrong design of the internet. We should have less and less of such places and more and more private data should reside with the users on their hands. Be much more difficult to kind of make a large curved breach, through which you steal hundreds of thousands of of By d's and passport numbers.

So I really believe that internet needs to undergo a change, but there is much more opportunity for users to take responsibility for their own private data and not those who just kind of need to validate and verify to check in the Privacy pre-selling manner. What is it that I keep in my wallet and my bullet needs to be secure and modern and good

quality. And powered by good compute so that whoever can and needs to check me check my wallet and doesn't need to contain the record of my personal data and the data base, which creates a danger for the vendor, who keeps keeps my data. Since you brought this topic up, can you just briefly give us advice the the the listeners for cxo? Talk are very smart, very bright and can you give us advice on? As individuals what we can do to

protect our data. Just along the lines of what you were saying, just briefly very briefly. We going to need to have a good cyber security hygiene to kind of work with a password manager. Do know that do not kind of store or send passwords by a text message. Use do good tools for cybersecurity understand where you weren't, where you are sharing private data for what purpose, whether this is really necessary.

Ask Then there's to delete data, because in many countries, there is registration of the vendor, is asked to delete the data. They are obliged to. So be cognizant of tracking. So we attract without tracking. There is no a personalized experience on the internet. So we gonna need tracking but gonna be focused on when. And why delete your cookies? Do not agree with every single cookie pop up that Is bothering

you. So these are the basic advice but the truth is and you will actually the storage of private data is is very much connected with algorithmic manipulation. The more data the vendors know about myself, the better personalized digital experience, our receive but the better digital experience means that the the vendors are restricting my choices. When I search for an interesting article if the internet Knows all about me, it tries to

second-guess. What is it that I want and serves the content that they assume and I need. So there's there's a piece of manipulation and I truly believe that people need better. People need better tools and Technologies for keeping their privacy in check. But also for understanding how the recommender algorithms That's on the internet. How they work? How they work for me? How they work for me in that situation. In the other situation?

I need to understand when YouTube offers me those tiles. Why are there? What is it that I did that? I see this offer what is it that I watch with this added a didn't watch? What is it that I posted about why the recommender is acting in a way he's acting. Well, you know, there's no transparency. We don't know, we are Expect accepting the recommend recommendations from the internet as they are. And this is because this great technology.

It's on the other side, the great technology is at the site of the vendors of the intent companies. The amount of technology that is with users in their wallets and their browsers and their phones is actually quite limited. So and as 30 years ago there were kind of first Bad actors and Attackers. And as a result, got going to big, massive cyber security industry, the game became reality, and this industry started to protect users, and as a result of this users are kind of safe.

I believe that something similar must happen, in the field of privacy and algorithm on Appalachian that there is a more tank covering people's back when it comes to algorithm manipulation misinformation. Ian and privacy handling, we have a couple of questions now that are popping up on Twitter.

So why don't we jump there? And first is from Chris Peterson, who says Ai and ml tool sound great for cyber defense is they're analogous research in penetration testing and Red Team Tools or better traps and honey pots for luring in threat. Hearse in my bread Labs, we have done research and we were able to demonstrate that the use of large language models. For generating malware is possible that you can generate more over by a lot but by GDP. The truth is that is it really necessary?

If I look back into how kind of moderate campaigns are Created writing a piece of mother is only a small component. And there are kind of script algorithms for automated model Breitling available in the mower Community for the last 15 years. So is the contribution of a GDP generated Marlborough. So changing for a Bad actors. Honestly, I don't think so.

I think that the added value is only limited, however, You talk about the attacks that are in the form of a coordinate, the tank, the form of scan and fishing and manipulation then the story is totally different. There are the role and added value of a large language models and modern, AI or Bad actors. It's just, it's just massive the rate through which they can create a believable unique content is just Amazing.

And not only the quality of the content but also the capability to test to A/B test the effectiveness of the cognitive attack, right? You're currently their attackers who are kind of writing fiction? Email they collect some data from the internet to learn how affected they have been. They take some learnings they end up the strategy. They try something else through a method. Two reinforcement learning together with large language model based tax generation. This cycle can get automated.

So this is my worry, you're in the Bad actors. Start to really automate to generate a unique dangerous content at the same time to be able to learn automatically how effective data has been and adapt the the text generation to me. This is very dangerous and this is this is an area where we as Defenders need to pay big attention. It's so interesting that you just Tribe this A/B Testing because among the attacks that have been against me because of who we interview, it's EXO too

awkward. You know, we're a Target and so I get these requests very, very strange. I got these requests from what appear to be women on the internet, you know, accomplished women and what I've noticed and I'm married. I have no interest. Okay. But I've noticed that the attackers because they're obviously fake because I research everything. So I noticed that the attackers have been changing specific variables.

So they'll change, for example, a little bit about the background, all the variables will be the same, the characteristics of the proposed connection, they'll change ethnicity, they'll change the tone a little bit but keep Everything else, the same. And so I've suspected very strongly that that this is a be testing going on. Yes, yes. And this would be testing can be automated if there's a Tracker in your email or tracker in your browser, that is hoping the attacker to can.

I report to understand how effective it has been, is going to be automated. We have another question now from Twitter and this is again from our Salon Khan who says, can a I make recommendations about not collecting certain kinds of data since it's prone to be attacked. I think he's referring to recommendations to individuals about what kind of tracking to allow. For example or not based on recommendations from an AI.

This is a big challenge or one of my teams we are trying to understand to which extent a I can help. People to make the right privacy decision. So we build good quality AI. That helps the user to assess and explain, what is the Privacy impact of using this or the other app or being on this or the other webpage. So kind of rebuild classifiers and detectors that help users to give them some basic information about that.

The truth is, Currently users are not ready for and I used in this information so that they would be impacting their privacy Behavior. So you're we see that users by big big parts are taking a binary decision. Okay. So I don't care or I just got think Anita or I don't care, I use Google search or I care and I use DuckDuckGo. Right.

There's actually couldn't nothing in between and I To the technologists and the technology firms need to build tools that would allow users to kind of set up their privacy approach in in very fine-tuned way in the context that the time ago. Based on what they do, where is with a search for base when they are physically and let the user to kind of fine, tune the preferences, and then the able to be with the user and adapt the privacy. Preferences based on the past

Behavior models. So I actually think this is a like a missing piece that the users needs to get the idea. That's an optimization problem. To get the best of the personalized, dental experience on one hand and protect your privacy. On the other hand because these are gonna joint. John, bardos macaw. Can you describe to us some of the most significant challenges? Especially the technology challenges that you face in your work and your research right now.

One of the really fascinating research challenge is explain ability in the field of cyber security. So Kara for the last 10 years, many areas and have been working in the fourth explainable at trying to deliver some good code explanations on AI verdict in cybersecurity. This is, this is Is this fascinating? Because if you're gonna dig deep into the mind of threat, researcher threat analysts, there is a combination of deep knowledge, great intellect, fantastic reasoning, and

intuition. And the intuition is the piece which is very difficult to optimize. So whenever there are AI scientists actually experts, they just want to do statistic, they want to optimize your, give me optimization functional training across the fire. This is, this is, this is how I people work and to be able to marry this statistical approach to world with the intuition that is, inside of the security. That's fast rate. And actually, I think it's transferable it's transferable

to to other domains. I would say that a medical doctors are very similar. I think that at a time when a I will be taking over in the healthcare, they would need to be able to resolve similar challenges, the challenges of explaining AI in such a way that we are getting a professionals that are not being replaced by AI, but their impact is being Then X multiplied by a proper use of high-performance Ai and I'm lucky to be in this field that I have a first-hand

technical experience. So this this definitely is is is is one of the challenges and then secondly, oh I'm I'm really excited to be in this time of explosion of the large language models and to see the first time in my lifetime when AI is Being a true consumer proposition. Until now a, I actually was a preposition was a B2B Enterprises firms.

Corporations were using good quality AI to deliver products to users, but this is the first time where users are exposed to Ai. And I would say that one of the big challenges for me and for my team's is to understand how this new AI Is threatening people. What are the dangers and limite an ethical limitations of this new age.

AI that can hack the can have impact on our users and going to be there and to think about those dangers and to try to build a technology that is protecting users against not current, but future AI dangerous. It's very rewarding. We have a question from LinkedIn. This is from From Nash in blue and she is a, she runs an organization. That works with Chief Information officers. And she says this, she says there are quite a few, a I powered cyber security tools out there.

What's your take on the level of maturity of these tools? What's the confidence level of organizations as far as adoption goes? Especially since the popularity of chat GPT? Should be explained ability. There are tools that people believe because they've been well explained and the users have trust in the tools and then there are going to New Kids on the Block that have hard times to prove their value. So um, Optimist, there are lots of great AI tools. That's understood.

Experts are using, is non-trivial to be able to detect what is working for your use case and was not what advice do you have? For Enterprise Chief information security officers. I know it's a hard, it's a really hard question to ask. Just brought it Vice, but you have such an overview not to play catch-up, but think for the future, I know that cisos often are busy with solving the crisis and with extinguishing Fires at this is pretty much a work.

Not try to find at least 50% of your tongue. Where you think about the future about What may come up as soon as the technology becomes better developed, and can more more powerful, do not us as a cyber Security.

Experts stuck in the, in the current situation, but let us find time to focus on the future because this is the only path to resilience and any advice for Chief Information, officers Chief Information officers need to partner well with see Usos and cdos and to gonna be in a good company and try to take the advantage of what the Cyber Security Experts can do for them and what's the technologist can help them and driving their future decisions until I don't invite and view the same with

investment in security, but will be under scrutiny. The same time, we will see investment in it and clothespin to undergo, big scrutiny in 2023 and R2 a year working on certain problems challenges in cybersecurity and AI. Where do you see the results ending up of your work over the next couple of years? The way how I see evolution of scan and fish the coordinate attacks on the Internet.

It's from like short. Thanks to long-term persistent coordinate attacks from manipulation to misinformation. And I actually think that in the future as current, the cybersecurity is changing from attacking people devices to people. Cognition, I think in the future, the subjects are basically will be changing from a immediate kind of attacks, which is this one click towards manipulation. How am I changing changing People mind that? There would be less.

Resilient and more susceptible to to an attack. How do I move people between a coach a, so that they would be more vulnerable? They will have more vulnerabilities for me as a bad bad actor. So I think that this combination of a scam and phishing attacks and misinformation and manipulation will be a big Topic in AI cybersecurity in the years to come. So your Saying that the shift takes place from AI in

technology attacks. Meaning attacking firewall, for example, to cognitive attack, such as fishing to broader overtime attacks that manifests as misinformation disinformation and broader psychological manipulation. Yes, yes, exactly. And this is where I see the job of a, I substitute cybersecurity expert needs to be even more exciting and would require a wider scope of knowledge comparing to subsidy Experts of the past.

It's fascinating, because essentially what you're saying is that the field of misinformation and disinformation, which right now we look at as a social media problem. In fact, it's a cybersecurity problem. It is, it is a security problem. Live on to today because the most effective weapon in this future cyber security, world is making people more resilient the

helping people to be fit. Mentally third, to be inquisitive to be excited about checking sources and to be a resilient against future attacks, which is why those who can expect the technology firms to build a manipulation firewall that I put in. My browser and doesn't show any fake news at the wrong approach for one. It it cannot be done and for a second, it reduces my mental Fitness are going to need to be there still.

I just want to be on the, I want to be independent autonomous and keep my life under control and to this, also belongs to my capability to distinguish, which news I believe and which use? I don't believe, I just don't want this right to be taken away from it. Seems like this is a A particularly difficult challenge because now what you're asking to take, place is silos of researchers to converge. Because right now, you have cyber security researchers.

And then you have folks who are looking at news. Essentially media researchers, these are different groups of people is they are, but they'll be soon. Sharing the same objective. We make the internet a safer place for everybody. Well, Well, on that, I'm afraid, we are out of time so I shall. I just want to say a huge. Thank you for taking the time to be with us today. Thank you for having me Michael. Thank you so much to McCall.

Piccu check the CTO of Jan. Now before you go, please subscribe to our YouTube channel. Hit the Subscribe button at the top of our website so we can send you our great newsletter.

Transcript source: Provided by creator in RSS feed: download file
For the best experience, listen in Metacast app for iOS or Android