How 4 Cybersecurity Leaders Are Thinking About AI in 2024

In the second half of 2023, the global focus on artificial intelligence (AI) and its security implications intensified, with governments and technology leaders recognizing the need to address the challenges posed by this rapidly advancing technology. The Biden Administration's Executive Order on AI and the inaugural AI Safety Summit were significant milestones, underscoring the urgency of understanding and managing the risks associated with AI.  

As we enter 2024, World Economic Forum's Annual Meeting in Switzerland next week is poised to shed further light on AI's role in shaping our collective future.  

In response, we asked four cybersecurity business leaders and experts to share how they’re thinking about AI in the new year and what they’re prioritizing in the face of AI’s fast-paced innovation.  

The AI advantage: Short-term gains for attackers

One prevailing theme that emerged from our discussions is the recognition that whoever wields AI power first will have the greatest advantage — at least early on. According to Andrew Rubin, CEO and cofounder at Illumio, threat actors will likely benefit from AI in the near future.  

“In its early innings, the AI advantage will go to attackers,” he said. “Criminals operate with no guardrails, whereas defenders must think about regulations, downstream implications, morals, ethics, and many other things when developing methods to keep organizations and their data safe.”  

The time it will take organizations to develop and implement AI into their cybersecurity processes will be time bad actors use to leverage AI to their advantage. This asymmetry allows attackers to experiment more freely with AI, posing an immediate upside for them in the short term.

However, Rubin does see some benefits coming out of the intersection of AI and cybersecurity: “In the long run, either AI will become an effective tool for both, or defenders will find interesting and creative ways for us to use AI to better defend ourselves,” he noted.

AI-generated attacks require Zero Trust principles

With attackers leveraging the benefits of AI in the short term, our experts agreed that organizations will start seeing the frequency of cyber threats increase — especially as AI makes it easier for bad actors to automate the creation and execution of attacks.

“Today’s attacks are simple,” said Paul Dant, Senior Systems Engineer and reformed hacker at Illumio. “They’re continuing to target the shortcomings that we’ve failed to remedy from the beginning, like too many connections with not enough visibility or insight into what’s communicating with what.”

To counter the growth of AI-generated attacks, Dant emphasized the critical need for a paradigm shift in cybersecurity strategies. Organizations must focus on building cyber resilience rather than just preventing breaches from occurring, starting with prioritizing Zero Trust.

“More widespread adoption of Zero Trust and an assume breach approach is really the only way we’ll make progress when it comes to building cyber resilience,” he said.

In an era where interconnectedness prevails, traditional security models have proven insufficient. The assume breach mindset compels organizations to operate on the assumption that a breach has occurred or is imminent. This proactive approach challenges cybersecurity professionals to continuously validate and authenticate all entities within their networks, minimizing the risk of undetected intrusions.  

Dant emphasized that without a widespread adoption of the Zero Trust framework, organizations will continue to grapple with massive losses in cyberspace. The ever-changing and ever-growing nature of cyber threats requires a fundamental reevaluation of traditional security methods.

For another practitioner’s perspective on Zero Trust and adopting “assume breach,” check out of Illumio’s The Segment Podcast, with Dr. Zero Trust, Chase Cunningham.

More AI access means greater cybersecurity needs

As the number of AI-generated attacks grow, our experts believe that this will in turn cause the demand for cybersecurity to spike. Every day, companies and threat actors alike take on new AI initiatives, and with them, the threat landscape continues to grow in sophistication.  

Anup Singh, Chief Financial Officer at Illumio, believes that this will mean a major increase in AI use and, subsequently, unprecedented spending in the cybersecurity space.  

“We continue to see AI/ML be an investment opportunity for organizations in the new year,” he said, “both in terms of strengthening their existing defenses, but also, we’ll see more resources being put towards companies that are using AI/ML to advance progress and algorithms to counter increasingly ruthless and dynamic attackers.”  

In the future, the combination of AI advancements and cybersecurity solutions will be pivotal in safeguarding digital assets — particularly in ensuring organizations are proactively preparing for the next unavoidable attack.

2024 will be the year of AI commoditization

In the past year, the accessibility of AI has reached a point where even individuals with limited technical expertise can harness its power using platforms like ChatGPT. This shift has happened quickly — ChatGPT’s first birthday was only in November 2023 — and parallels historical developments such as the democratization of the automobile industry, said Michael Adjei, Senior Systems Engineer at Illumio.

“When the automobile was first introduced, certain people only had access. Then Ford came along and built a production line and made it accessible to everyone which meant that we needed new roads and infrastructure because so many people suddenly had cars. That’s exactly what we are starting to see with AI,” Adjei explained.  

However, this accessibility raises concerns about how AI will be used, especially when it comes to cybersecurity issues.

“Now that more people are using AI, we need to accommodate every possibility — the good, bad, and what we don’t yet know,” Adjei said. “The latter of which is the most unnerving, particularly as systems like ChatGPT and machines like robots start to combine.”

This highlights the need for resilient infrastructure development that will address the challenges posed by the widespread adoption of AI, including Zero Trust principles. As a foundational Zero Trust technology, Zero Trust Segmentation helps organizations proactively prepare for attacks. ZTS contains the spread of breaches and ransomware across the hybrid attack surface by continually visualizing how workloads and devices are communicating, creating granular policies that only allow wanted and necessary communication, and automatically isolating breaches by restricting lateral movement proactively or during an active attack.

Read more about Adjei's expectations for AI safety and security.

The bottom line: Be proactive about AI attack preparation

Our discussions with cybersecurity business leaders shed light on the evolving relationship between AI and cybersecurity in 2024. As AI becomes more accessible, the challenges and opportunities it presents to cybersecurity demand a collective effort from industry leaders, policymakers, and technology developers alike. As we continue into a new year, the intersection of AI and cybersecurity and the balance between defense and offense will continue to evolve, shaping the future of security in ways that are yet to be fully realized.

Protect your organizations from AI-generated attacks. Contact us today to learn more.