AI and the Future of Cybersecurity

The world of artificial intelligence is a rather exciting and interesting field. In just a few years, research into AI has exploded thanks to innovations in deep learning, machine learning, neural networks, and swarm intelligence. As someone whose always had a fascination with science fiction, and more specifically with artificial intelligence, it's interesting to consider what an impact AI will have upon the world. In the field of Cyber Security especially, AI opens many interesting possibilities into the revolutionizing of home, business, and national security. In the near future, AI will become a vitally needed asset to ensure the security of networks, computer assets, and cyber-security. To better explore this topic, we should first understand what artificial intelligence is, and how it functions.

Artificial Intelligence

Artificial Intelligence, as defined by Britannica.com, is “the ability of a digital computer or computer-controlled robot to perform tasks commonly associated with intelligent beings.” The goal of artificial intelligence is to develop a system that can perceive its environment and can act in such a way as to fulfill its stated goals. The goal of AI research is, as a result, very different from the goal of AI research in pop culture. There have been numerous different attempts made over the years to develop an AI system, however, the current most successful method has been the development of machine learning.

Machine Learning

Machine learning is the process of feeding data into a computer and giving the computer an algorithm and acceptable valid parameters which in turn allow it to process the given data for valid states.

Intelligent Automation

Intelligent automation is a further specialization of AI and machine learning that has allowed for AI to be used to automate repetitive or large-scale operations. IA has been employed in fields such as automotive assembly, data gathering, ad development, and many other fields.

AI in Popular Media

In popular media, the concept of intelligent machines and artificial life has been around almost as long as science fiction has been. Novels such as Rossum’s Universal Robots, I, Robot, Do Androids Dream of Electric Sheep, and I Have No Mouth and I Must Scream have all explored the what ifs of the relationship between man and machine. Some have viewed that relationship in a more positive outlook, such as the android Commander Data from Star Trek, while others have taken a more pessimistic approach such as Skynet from the Terminator franchise. Some portrayals of AI and thinking machines have more serious thought put into them, while others are merely the product of ignorance for the subject. There are three AI in particular that I would like to briefly explore in this article as to offer a better glimpse into how an AI might function in the future. 

Icarus & Daedalus – Deus Ex (2000)

Deus Ex is an interesting exploration of many science fiction concepts and philosophies such as trans-humanism, the dangers of a technological oligarchy, the nature of government, and AI. In the game are two AI systems which act as a foil to each other. Daedalus, the first AI introduced into the story, was designed to act as a surveillance and monitoring system that would identify threats to the conspiracy Majestic 12. The AI would instead identify them as a terror group and would go rogue to stop them. The second AI, Icarus, was created to track down and neutralize Daedalus. The two AI demonstrate many of the goals of AI research: they can utilize tools available to their systems to accomplish their objectives, are able to exercise general intelligence, and ultimately achieve self-awareness. They are in many regards the dream and nightmare of many cybersecurity professionals, a tireless self-improving security system that can exercise common sense and rationalize problems to counter other cyber threats. The cost of a rational and intelligent security system, however, is the threat of that system deciding it doesn’t like your objectives, or that they don’t fit into its own objectives.

HAL 9000 – 2001: A space odyssey (1968)

HAL 9000 was the brainchild of one of the most visionary minds in science fiction Arthur C. Clarke. In the 1960’s the idea of a thinking machine was considered outlandish to many. HAL 9000, however, showed a very grounded and realistic approach to an AI computer system, and how it could be implemented in future space exploration efforts. HAL spoke in a constant, monotonous voice, had eyes everywhere aboard the Discovery One, and could answer a wide range of questions thanks to his vast library of data. Unfortunately, however, due to a conflict between his commands from the US government and his programming he developed a logic error that resulted in him attempting to kill the crew of the Discovery. HAL wasn’t inherently good nor evil, but was simply attempting to obey his orders, which met with tragic results. In many ways, however, the modern-day smart home devices have many parallels to the integrated AI system of HAL, albeit on a more confined level and vastly simplified. 

Cortana – Halo: Combat Evolved (2001)

Cortana is for all intents and purposes a fully realized artificial intelligence. Throughout the Halo franchise, she demonstrates critical thinking, general intelligence, rational thought, as well as emotion. Cortana would be considered a more fantastical representation of an AI by our current understanding of AI, but many of her applications in the game are very well grounded. In the first Halo game, Cortana is used to perform sophisticated calculations for ship computer systems, launch electronic warfare against enemy computer networks, and override computer protocols on enemy vessels. All these things are viable applications for AI in computer networks and cyber security. 

AI: The Longbow and Castle of the Information Age

    In the last ten years, there has been a massive surge in database breaches, information theft, and other cyber-crimes. Companies such as Target, Facebook, and Amazon have lost billions due to database breaches, while entire nations have seen massive cyber-attacks which have cost them valuable national secrets and resources. In the events preceding the invasion of Ukraine in February of 2022, a massive cyber-attack was launched against government targets in Ukraine while a large-scale counterattack was launched from multiple independent parties against resources related to the Putin regime. The cost and nature of cyber attacks has been increasing at an exponential rate for over a decade now, and as the world becomes increasingly more connected to the internet the price of failing to prevent a cyber-attack is only increasing. AI may potentially become the first real and meaningful innovation in defense against said attacks. Currently, most systems rely upon large scale filters and algorithms that can help mitigate active assaults but do little in terms of active attack deterrence or identifying attack vulnerabilities in a system. An AI based security system may be able to do what most other systems fail at by being able to not only identify attacks and vulnerabilities but also actively working to prevent and mitigate such threats. In addition to this, AI systems could also probe attacks to identify the origin point of an attack and prevent future attacks before they could begin. 

    In contrast to this, AI could be employed in an offensive measure to deploy cyber-attacks against various entities such as individuals, corporations, or national governments. A rogue nation state could potentially develop an AI designed specifically to probe a national power grid, find weaknesses, and exploit said security flaws. For every defensive measure developed, there is always a new offensive device created to counter it. It is entirely possible that cyber-warfare could become an entirely AI focused domain, with increasingly sophisticated systems being developed and deployed by AI minds. Humans would likely become relegated to a supervisory role in said system, monitoring the status of their networks and AI systems ensuring nominal operations of all relevant devices. This would become a rather interesting paradox wherein the AI is both the shield of the defender and the sword of the attacker. 

Applications of AI in cyber security

    In the consumer market, it is unlikely that AI would be adopted into every home and smart device, however, AI could still find applications in these fields. Identity theft has become a massively lucrative market for morally dubious individuals, and identity protection has become a new form of personal protection. Most consumer smart devices have little to no security measures, often they’re included as an after thought by the designer. As a result, there have been thousands of home smart products that have been compromised and are routinely used by threat actors to launch attacks against other targets and collect personal information. I believe it is very likely in the near future we will see home security systems expanding the domain of their protection services to also include protection from cyber threats via machine learning algorithms and AI. Home security companies will likely adopt AI systems to routinely monitor individual home level defense algorithms. The algorithms will mostly function to ensure nominal operation of devices on the home network and will send threat reports to the company level AI. The AI would then in turn analyze the incident report and respond accordingly. The AI will also actively be able to develop security patches for newly discovered vulnerabilities to actively prevent home level attacks. AI technology could also be deployed to monitor the internet for sensitive personal information and prevent identity theft. 

    In the corporate world, AI would perform many of the same applications as in the consumer market except on a larger scale. Where a private level AI would mostly be focused on defense against intrusions of individual privacy, a corporate level AI would likely be built to ensure defense of corporate secrets and databases. Companies such as Target would employ an AI to monitor the security of store networks and prevent breaches such as the 2013 data breach which cost the store 300 million dollars in damages. Research companies like Tesla or Boeing may also be able to employ AI to prevent loss of corporate research and secrets by actively patrolling system networks as well as the internet to ensure confidential data is not lost. This would especially be useful to hospital networks, which can stand to lose billions of dollars from data breaches targeting patient health records and financial statements. 

    On the national level, an AI security system could be an astonishingly powerful tool. Following the events of the September 11th terrorist attack in the United States of America, the U.S. Federal government approved the passage of the Patriot Act. This act, designed primarily to actively search for and identify potential terror actors, allowed for the creation of a large-scale surveillance network which utilized a variety of means to sift through massive quantities of data to find meaningful threats to the nation. This system was met with varying degrees of success; however, it also caused a large degree of controversy due to many of the tools utilized to identify threats. An AI system could potentially perform a similar function with far less intrusiveness. Such in depth and potentially all-encompassing surveillance would, however, introduce a wide degree of moral and philosophical issues. As mentioned earlier, AI could also be employed in an offensive capability to target sites of strategic importance and neutralize their computer systems. Highways, power plants, water treatment, etc. could all be threatened by highly sophisticated AI lead cyber-attacks. This could and would be disastrous for any nation that lacked the defensive measures to counter such an attack. As such, AI lead attacks may become a new component of the mutually assured destruction doctrine or MAD doctrine.  

Concluding Thoughts

    Complicated times require equally complicated tools. AI would offer an unparalleled tool in cybersecurity that could potentially change everything we know about the field. In such a relatively young field, AI could effectively write the book on cybersecurity for the next generation and potentially more after. Currently, most cybersecurity professionals are employed in a corrective and preventative position. Said professionals correct security flaws in existing systems and develop preventative measures for future systems. Unfortunately, they are always chasing after threat actors, who are almost always one step ahead of the current security measures in place. The introduction of AI and other forms of machine learning may finally level the playing field between offense and defense in the digital domain. Would the average person see a major change in their way of life because of this? In some ways yes, and in some ways no. More than likely, the average person would scarcely notice the deployment of an AI to monitor their personal security. Should the average person be worried about the development of AI in the cybersecurity field? Again, yes and no. AI does in many ways pose a vast number of new existential threats. Much like the development of the bow, gunpowder, and the nuclear bomb, there’s a good chance that suffering will occur before mankind fully understands the potential calamity that AI may cause. However, with every machine there is always an inherent risk and benefit from its utilization. The nuclear bomb ushered in a new and unknown world of innovation and potential catastrophe on a global scale. Likewise due to the advent of the information age, AI will likely have a similar impact upon the world. While we cannot predict the future, we can make speculations and predictions based on current trends and information. I believe AI may usher in a new era of cybersecurity which may see many of the largest threats we face today eradicated, however, we will likely see new challenges and obstacles arise. A new chapter, a new challenge, and many new and exciting discoveries to be found.