As platforms continue to introduce AI features into the tech landscape, attackers are making their own adjustments. This trend is changing how we look at security—and presenting defenders with an ongoing battle of attrition.
The explosion of automation has led to a revolution in the tech industry; as AI has increased in importance, many experts are urging that humans remain in positions of oversight.
That has Mick Baccio, Cisco Foundation AI global security advisor, wondering how the technology is expanding the threat surface, thanks to the insatiable drive of industry professionals to always move forward. Progress is an admirable goal in many ways, but it does have the side effect of ensuring the architecture is continually layered, what Baccio described as a kind of “Rube Goldberg machine of the internet.”
“We keep upgrading, and it’s just what we have to do because we can’t stop and turn it off and start over again,” Baccio said.
Easy in. For Splunk CISO Michael Fanning, the effect of AI on the attacker landscape is like “script kiddies on steroids,” where the barrier to entry has been significantly lowered. That means there’s more room for threats across the security space, whether from pros or amateurs. The same applies to defenders, who are seeing agentic AI streamline cybersecurity workflows.
“If our barrier to entry is lower, so is the attackers’—and their ability to develop exploits and develop new command and control capabilities,” Fanning said.
That comes with complications, in part because of the speed with which AI systems can often be put in place by organizations. Petros Efstathopoulos, VP of research at RSAC, told IT Brew that quickly deploying AI solutions creates other problems.
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
“We’re opening up security threats, we are expanding the attack surface,” Efstathopoulos said. “We are creating opportunities for biasing the output in ways that may be interesting, if not dangerous for society—so it’s always good to have a human in the loop.”
Adjusting tactics. Baccio agreed, telling IT Brew priorities have shifted, with the concept of “assumed breach”—assuming attackers can access your system and reacting on that basis—a priority now. That may well change once it’s an “agentic AI-powered defensive stack against an AI agentic-powered offensive attacker.” At that point, the detection side will be of the highest importance.
“It’ll be the stack that you have, the processes that you have in place,” Baccio said. “I think that becomes more critical and will replace assumed breach.”
Ultimately, Fanning said, the right approach is to find the way defensive technology works seamlessly with your organization. Those left behind could see threats multiply.
“The people who are going to be successful in this space are the ones who understand how to use AI to their advantage and use it as that tool to improve their quality and their velocity of output and their role,” Fanning said. “I think that the at-risk individuals are those who haven’t understood how to adopt AI to help support them.”