NightDragon hosted our annual NightVision Live event live from Black Hat 2023 in Las Vegas, the second biggest cybersecurity event of the year. At this event, NightDragon Founder and CEO interviewed seven top companies and government officials leading the way when it comes to artificial intelligence, including innovation, investment, policymaking and more.
Guests included:
- Jen Easterly, Director, Cybersecurity and Infrastructure Security Agency
- Sami Khoury, Head, Canadian Centre for Cyber Security
- Justin Boitano, VP, Enterprise AI, NVIDIA
- Christopher Sestito, CEO, HiddenLayer
- Kelly Bissell, Corporate Vice President, Microsoft Security Services
- Heather Adkins, VP, Security Engineering, Google
Check out the full recordings of the events from Black Hat 2023 below and a summary of some of the key takeaways:
- AI Hype at All-Time High – While it may seem obvious, AI has quickly become the center of nearly every conversation around cybersecurity happening at Black Hat 2023 and beyond. “This word AI came up once or twice in our State of Cyber earlier this year, and now it comes up every sentence we talk about here at Black Hat,” said NightDragon’s Dave DeWalt. The hype isn’t unwarranted, either, said Microsoft’s Kelly Bissell. “We now have the compute power to solve massive problems,” he said.
- Generative AI Applications to Cybersecurity – NVIDIA’s Justin Boitano said the rise of Generative AI has many applications within cybersecurity, including ransomware detection, log management, phishing and spear phishing management detection, search for misconfigurations, support threat hunting, and more. Additionally, he said there remains additional opportunity take large LLMs and tune them to your own specific data for additional benefits or to write policies at scale. “Generative AI is the next big thing. It makes it easy for humans to program machines and understand what’s going on,” he said. Google’s Heather Adkins agreed, saying there are many use cases for Generative AI that can give the power back to defenders and serve as a powerful tool. “What we’re really talking about is how to make the job easier for cybersecurity professionals and give team defense a leg up against the bad guys,” she said.
- AI Adoption Increasing – NightDragon’s Morgan Kyauk said, while AI isn’t a new technology, it has seen a massive adoption wave since the advent of ChatGPT and other Generative AI tools within organizations around the world. “The pace of innovation we’re seeing in AI has been rampant. As part of that, every CISO and CEO is thinking about AI adoption within their organization,” he said. This creates a huge opportunity for innovators and investors within the sector, he said.
- AI Rapidly Expanding Risk Surface – With every new technology comes new risk, but that risk is particularly pronounced when it comes to AI, said HiddenLayer’s Christopher Sestito, citing the rapid adoption with little security scrutiny and expansion of technology categories as drivers for this. “It’s creating a scenario where we’re rapidly deploying this amazing technology that’s giving us results that we may never have dreamed of before but we’re really opening up the threat surface quite a bit,” he said.
- AI Actively at Risk – Christopher Sestito said HiddenLayer is seeing threat actors actively looking for ways to attack this surface, as well as exploiting it. He said that is happening at the code level, with attackers looking to disrupt AI models, seeing model theft, models poisoned and then redeployed, and more. “We’re seeing attacks across the board,” he said. Canada’s Sami Khoury echoed this statement, citing reports on Generative AI being used for phishing and malware creation, state-aligned cyberattacks, misinformation, deep fakes, and more.
- Cybersecurity is a Team Support – Government and private sector, both in U.S. and internationally around the topic of AI and cybersecurity more broadly. “None of us can do it alone,” said Canada’s Sami Khoury. CISA’s Jen Easterly agreed, talking about the progress made by the CISA and the JCDC around collaboration, advancing secure by design, corporate cyber responsibility, cyber civil defense, and other efforts.
- Secure by Design for AI – Just like any technology, secure by design principles need to be applied to artificial intelligence, said CISA’s Jen Easterly. Secure by design is about baking in security out of the box for technologies of all kinds, ultimately shifting the burden of security to the technology manufacturers that have the resources to bear that burden. “If we don’t apply these broad secure by design principles to this technology as we need to all forms of technology… I think we will end up in a really bad place where it will be incredibly difficult to manage the myriad of risks that we’re experiencing,” she said. CISA is looking at how to responsibly use AI tools for cyber defense, how to assure AI systems, and the full range of AI threats to critical infrastructure, among other efforts.
- Recommendations to CISOs – Recommendations from the guests to CISOs and security leaders included applying existing policies and principles to AI technology, working together with government partners when offered, asking vendors to be forward looking on how to apply AI analysis to their solution, put the correct controls in place for AI, and embrace the technology for the power of what it can do for their cybersecurity practices, keep up with the industry conversation, and more.
To see upcoming NightDragon events, visit our Events page.