Has cyber security AI now officially outsmarted humans?

5 min read.

News Article
1 October 2020

We at NETprotocol work with AI every day and regularly hear these claims that it could – in the near future – outsmart us humans. Really? Is this a realistic claim to suggest that AI technology could out perform a human being? Afterall, AI wouldn’t actually exist if a human hadn’t created it to begin with.

That said, in certain fields of technology, the power of AI is simply groundbreaking. And cyber security is proving to be one of those. As Max Heinemeyer, Director of Threat Hunting at Darktrace pointed out in a recent blog, the odds are stacked against those working to defend their business or organisation from a cyber attack. Whilst savvy hackers only need to be successful at compromising one weak link to begin infiltration, those seeking to protect their data need to get it all right, all of the time.

And so this is where AI has come in to its own. With an expanding task list, cyber security experts are expected to monitor and identify threats coming from both inside and outside an organisation, often from multiple locations worldwide, identifying abnormalities before they cause any damage and reporting on these to Board members to justify their cause. Without knowing what the next threat is going to look like, it is impossible to keep ahead of the perpetrators whilst upholding day to day security standards.

Is there any doubt therefore that when it comes to cyber security, AI will and can do the job better and smarter than a team of expert humans could do? Digital networks handle terabytes of data every day – the scale is unthinkable for humans, who have limitations on how much information they can process at a time, and need regular breaks. But it’s more than just a scaling issue – the AI gets to better outcomes, uncovering damaging cyber attacks that the human can’t find.

Today, cyber AI technology is detecting the most sophisticated attacks out there including those from the sophisticated Chinese cyber espionage group known as APT41 and even the alleged Russian ransomware gang EvilCorp. As AI has advanced, it is now capable of pinpointing abnormal activity and behaviours which human teams are unable to detect amid the noise of normal digital activity – the first step in outsmarting humans.

The second step is more fundamental still – the AI now interrogates its own findings. In other words, instead of human beings looking at the outputs of the AI and applying their human understanding, AI is now taking care of this too. Known as an AI Analyst, this technology applies contextual understanding to launch a full-blown investigation into what has happened on the network. The result of the investigation is a much faster response to resolve the threat, plus a machine-generated, human-readable report about the incident.

The time savings are huge, and vital for overwhelmed human security teams. Where a human security analyst would take 3 hours on average to interrogate just one suspicious event – the AI does this in seconds. And the report can be generated in whatever language is required, enabling not just an instant response, but a global one too.

Cyber AI technology is now carrying out 1.4million investigations every week, elevating human teams to focus on tactical and strategic tasks like shaping long-term strategy and policies.

By 2021, the role of the ‘human’ security analyst will be changed for good. It will be normal for internal security investigations to be performed by AI. 2021 will also be the year where businesses fully embrace autonomous response – the application of AI that fights back against cyber-threats automatically, without a human being involved.

As we see this increased use of AI to defend our data, we are also seeing cyber attackers harnessing it’s power and using AI to identify a weakness in your security. This trend will only accelerate the growth of Cyber AI technology and eventually will cause Autonomous Response to be quite literally the means for survival – only AI can fight back against AI.

A recent survey highlighted this revealing 88% of security leaders say supercharged AI attacks are inevitable with over half of them anticipating the industry will see these attacks in the next 12 months.

Organisations will effectively delegate the first-line response to an emerging cyber-threat to machine algorithms, allowing the AI to react at computer-speed to fast-moving attacks. We are already used to the idea of AI recommending what to watch on Netflix based on our personal preferences – and there’s no difference in security, AI will be recommending what action to take in response to a cyber-attack.

In many cases, the action will be taken instantaneously to prevent the breach or damage – time is rarely on your side when dealing with computer-driven attacks. It is inevitabe that all of this will be normal protocol – AI will be expected to have your back at all times – when the team is busy, or they are resting at home, at the weekend, or simply when they can’t get there quickly enough.

So how does this affect the human role? The human role changes from the central character of threat detection and response, to a supporting role. But it also enables the human to step onto a bigger stage altogether and focus on shaping policy and longer term strategy.

AI has been advanced, perhaps to the greatest extent, in its ability to handle cyber-attacks. In cyber defence, AI has proven that it can outperform human capabilities in detecting, understanding and stopping cyber-threats. This step forward is necessary and should be welcomed – not feared.