How should I know? All I do know is that there will be a lot of changes happening faster and faster.
The above image is from a previous post that discussed “spam AI” a little.
Imagine a new world where you can ask a computer a question and it will answer by reviewing and looking or searching the Internet for an answer as best as possible. Hmmm isn’t this what we do every time we search on Google or DuckDuckGo? There is a slight difference with AI. as we are now receiving a more cogent answer instead of having to sift through several links and maybe even clicking on several links to review if the answer is located in that link.
One thinks of a smart computer that can act on its own in a good way, or one thinks of Terminator franchise movies which also have the overarching “Skynet” which controls all kinds of moving robots that can shoot and kill. Somehow a super AI being gets built that hunts a person in the past. Anyway instead of rehashing the plot which is elsewhere on the Internet… I want to discuss how intelligent computers actually are.
What does AI actually mean? It is a very specific sets if decisions (questions and answers). Such as does this picture contain a wheel? Or check the following addresses for vulnerabilities.
If it is straight forward then one can see the results faster than a human can. A good basic explanation is — “a series of IF then statements”.
A. If system has vulnerability ‘123AB’ then X else Y
X. Does vulnerability 123AB have port open(Do next step) or closed (goto Y)
Y. check another system
Next step in taking system – run a program that will take advantage of vulnerability 123AB with port open.
How fast do you think a human can do the above versus a computer with AI code (in this case a form of machine learning(ML).
The above program is not skynet nor is it the Terminator, but it can attack computers and perform penetration tests for vulnerability 123AB for example.
these types of programs are being written and executed by our adversaries on the Internet!!
Yes humans need to get better at spotting phishing emails. ( buy my books to learn how)
But we also need to have systems in place to protect against automated attacks by our adversaries.
What we need is to find Companies that use AI in ways that will help us perform our tasks in better ways. So that we can defend against more dangerous adversaries. Will 2024 bring to the fore more AI software to defend us? Maybe, but we do know that the attackers are using AI to trick us into opening emails, or transferring money to criminal bank accounts.
We have to try and keep up with all of the changes.
I found a good AI/ML article on Dark Reading (one of my Top30 links) https://www.darkreading.com/vulnerabilities-threats/adapting-security-to-protect-ai-ml-systems
And the reason I say that is for this paragraph in particular:
“The way AI and ML systems are built, trained, and operated is significantly different from the development pipeline of traditional IT systems, websites, or apps. While some of the same risks that apply in traditional IT security continue to be relevant in AI/ML, there are several significant and challenging differences. Unlike a Web application that relies on a database, AI applications are powered by ML models. The process of building a model involves collecting, sanitizing, and refining data; training ML models on the data; then running those models at scale to make inferences and iterate based on what they learn.”
Also the development of AI requires an immutable (unchangeable) set of rules that the ML can train from. Unfortunately the article mentions that security is not built into these programs, so some weaknesses exist which could create problems in the future. Apparently there are vulnerabilities within large data sets sometimes.
4 specific differences with AI and standard programming as per article: “There are four main areas where traditional software and AI/ML development diverge. These are, respectively, changed states versus dynamic states, rules and terms versus use and input, proxy environments versus live systems, and version control versus provenance changes.“
The issue is are you developing with security built in or testing much after the fact?
Contact us to discuss