Like it or not, every organization is now locked in a cybersecurity artificial intelligence (AI) arms race. It’s now all but inevitable cybercriminals will be employing AI to, at the very least, reduce the amount of time required to launch a well-crafted phishing attack using platforms such as Chat GPT. At the very worst, nation-states will be using large language models to not only discover more vulnerabilities but also eventually write malware.
The only way to combat AI is, of course, with AI. Many cybersecurity teams have been taking advantage of machine learning algorithms to augment cybersecurity teams for several years. The next frontier is incorporating large language models used to build generative AI platforms that will initially be accomplished by using application programming interfaces (APIs) to analyze cyberattacks from within a wide range of cybersecurity services hosted in the cloud.
Longer term, the cost of building and maintaining a large language model that is tuned for cybersecurity use cases is already dropping so it’s only a matter of time before they are embedded with cloud security platforms in ways that should surface even more accurate results than general-purpose platforms such as Chat GPT.
While none of these capabilities will eliminate the need for cybersecurity professionals, there’s no doubt each cybersecurity professional will, as a result, be imbued with additional superpowers. That may reduce the total number of cybersecurity professionals each organization needs to hire as it becomes faster to accomplish a wider range of tasks. However, given the fact that there are already millions of unfilled cybersecurity jobs, it’s not clear how AI advances might impact the overall demand for cybersecurity professionals. Instead of there being millions of unfilled positions, there might only be hundreds of thousands, and most of those positions are not likely to be what today are considered entry-level as more tasks are automated.
Even less clear is the impact AI will have on salaries, as the amount any organization is willing to pay for any type of expertise is naturally always going to be a function of supply and demand.
The AI genie, of course, is already out of the bottle, so there is no going back. Despite the potential downside, many cybersecurity professionals are eager to embrace AI because it makes their individual jobs better. In fact, the amount of turnover seen today should decline as many of the rote tasks that conspire to make cybersecurity frustrating are eliminated.
AI isn’t going to upend the cybersecurity world as we know it overnight but its obvious advances are now being made at a much faster rate than even the biggest advocates of cybersecurity AI might have predicted. The challenge and the opportunity now is to determine the best path forward. The longer it takes an organization to embrace AI, the more they are falling behind. It should not take a cyberattack enabled by AI for organizations to realize their existing defenses are no longer adequate. Time, as always, is not on the side of cybersecurity professionals.
By Mike Vizard
This article originally appeared on Journey Notes, the Barracuda blog.
Back