At this year’s RSA security conference in San Francisco, one of the biggest topics was the potential of generative AI and its implications for digital security. Robert Joyce, the NSA’s Cybersecurity Director, had a lot to say on the topic, presenting his ‘State of the Hack’ for the year. Joyce remarked on the explosive growth of generative AI, and the security concerns raised by products such as ChatGPT and similar technologies. He warned the security community to ‘buckle up’, as the security issues raised by these technologies are just beginning to emerge.
Joyce had specific thoughts on how AI can be used maliciously. He believes that generative AI will help already effective scams like phishing, by enabling malicious hackers to quickly create convincing and tailored communication and materials. Similarly, he expects that attackers will use the coding skills of AI chatbots to make small modifications to existing malware, making them harder for scanning technologies like antivirus software to detect.
Joyce felt more optimistic about the potential of generative AI for defense, though he cautioned that we still have much to learn about how it can be manipulated and exploited. He hopes it can be used as an ‘accelerant for defense’, aiding in certain tasks such as scanning digital logs and helping identify and prioritize security issues in networks.
Rob Joyce, NSA Cybersecurity Director, has underscored the importance of being prepared for the unpredictable impacts of generative AI on security. He has reminded the security community to take steps to harness the technology for defense and to be conscious of the ways it can be exploited. Joyce believes that the security environment will continue to rapidly evolve, calling for ‘consistent vigilance, focus, and investment’ to keep up with the growing and changing threats.
