Generative AI Unleashes a New Wave of Cybersecurity Threats, Turning the CISO Role Upside Down
The advent of generative AI has ushered in a new era in cybersecurity, presenting both novel threats and tools to combat them. As discussed in a panel at Fortune’s Brainstorm AI conference in San Francisco, Subha Tatavarti, CTO at Wipro Limited, highlighted the dual impact of generative AI on both defenders and attackers.
Generative AI, often referred to as Gen AI, is proving to be a game-changer in the realm of cybersecurity. Tatavarti emphasized that while it eases tasks for both defenders and attackers, it particularly enhances the sophistication of phishing attacks. Large language models, such as those used in generative AI, have created a significantly expanded attack surface, making organizations vulnerable to cyber threats.
One notable challenge is the emergence of hacker-targeted chatbots similar to OpenAI’s ChatGPT, being sold on the dark web. These malicious chatbots can rapidly initiate vector attacks, posing a serious concern for cybersecurity experts. The speed at which generative AI technologies have entered the market, including the illicit market, is creating a scramble among companies to understand and defend against these emerging threats.
Tatavarti expressed empathy for Chief Information Security Officers (CISOs) in this evolving landscape, stressing the need for rapid innovation. The traditional role of CISOs is undergoing a transformation, requiring them to not only comprehend and counter emerging generative AI-enabled attacks but also navigate challenges related to internal tool usage, policy formulation, and compliance.
Rodrigo Madanes, Global AI Innovation Leader at EY, highlighted the evolving nature of the CISO role, stating, “The CISOs role is incredibly challenging and evolving quickly.” He emphasized that as CISOs move toward shouldering the responsibility of protecting against conversational interfaces, a different skill set and a new set of tools are needed, many of which are currently in the early stages of development.
Itai Greenberg, Chief Strategy Officer at Checkpoint, recommended that CISOs carefully consider the tools they use and the data uploaded to public tools. Establishing guardrails and policies regarding data removal from systems are crucial steps in managing the risks associated with generative AI.
The discussion among panel participants also touched on the potential split of the CISO role into operational and governance-oriented functions. With CISOs now facing personal criminal liability for their handling of cyber attacks, concerns were raised about a potential shortage of CISOs in the near future.
As the industry grapples with the dynamic challenges posed by generative AI, the participants acknowledged that fighting generative AI attacks with generative AI is a work in progress. The industry is anticipated to witness a surge in building and deploying commercial solutions to counter these evolving cyber threats in 2024. Greenberg emphasized the importance of multiple lines of defense, cautioning against reliance on a single tool to address the multifaceted challenges presented by generative AI in cybersecurity.
