Ais Dark Side: Most Security Pros Say Generative Tech Poses Greater Threat Than Benefit

Generative artificial intelligence (AI) is a topic of ongoing debate regarding its security benefits. A recent survey by CrowdStrike found that only 39% of security professionals believe the rewards outweigh the risks associated with generative AI.

This technology has many potential applications in cybersecurity, including threat detection and analysis, automated incident response, phishing detection, enhanced security analytics, and synthetic data for training. Generative AI can analyze large amounts of data to identify potential security threats, automate the response to security incidents, detect phishing attacks by analyzing patterns in email communications, provide enhanced security analytics capabilities, and generate synthetic data for training machine learning models.

However, 64% of respondents have either purchased generative AI tools for work or are researching them, while 32% are still exploring the tools. Despite this, only 6% are actively using them. The main motivations for adopting generative AI in cybersecurity are not related to improving general use or meeting leadership mandates but rather to improve the ability to respond to and defend against cyberattacks.

Security professionals are cautious about the potential risks associated with generative AI, including data exposure, lack of guardrails or controls, AI hallucinations, and insufficient public policy regulations. To mitigate these risks, organizations must implement safety and privacy controls as part of any generative AI purchase.

These controls can include protecting sensitive data, complying with regulations, and mitigating risks such as data breaches or misuse. CrowdStrike suggests leveraging generative AI to protect against cyber threats in several ways:

1. Threat detection and analysis
2. Automated incident response
3. Phishing detection
4. Enhanced security analytics
5. Synthetic data for training

While the benefits of generative AI in cybersecurity are promising, it is essential to carefully consider the potential risks and implement necessary safety and privacy controls.

Key takeaways from the survey include the need for thorough risk assessments before adopting generative AI in cybersecurity, implementing safety and privacy controls as part of any generative AI purchase, providing regular training and education to employees on the use and risks associated with generative AI, staying up-to-date with the latest developments in generative AI and its applications in cybersecurity, and considering partnerships with experienced cybersecurity professionals or consulting firms.

Conducting thorough risk assessments before adoption is crucial to mitigate potential risks. Organizations must prioritize data protection, regulatory compliance, and mitigating risks such as data breaches or misuse when implementing generative AI solutions.