January 25, 2021

VMware exec: AI’s two Achilles’ heels keep me up at night

The sudden switch to remote working during the COVID-19 pandemic left a huge gap of visibility for cyber security attacks.

In some cases, on-premise security tools couldn’t immediately extend to the cloud or into home-working environments.

This meant between March and May, teams scrambled to render their technology into a risk-free format.

Achilles heel

“AI has two Achilles heels,” says VMware exec

Microsoft’s CEO Satya Nadella said his company has seen two years’ worth of digital transformation in just two months as a result of the pandemic.

AI – a force for good and evil

Against this backdrop, Tom Kellermann, cyber security strategy head at major US software firm VMware, points out the particular threat of artificial intelligence (AI).

“AI has two Achilles heels,” he explains at a roundtable attended by FinTech Futures. One is that timestamps and data can be manipulated, he says. The other is that the technology can be “turned against its mission”.

“It’s what keeps me up the most at night,” says Kellermann.

According to a 2019 Capgemini report, some 69% of enterprise executives think AI is “essential” for responding to cyber threats.

But whilst AI can defend a system from attacks, it can also execute them.

Cyber criminals can employ AI themselves, as well as turning AI used by companies against them. AI can be switched to convince victims to compromise their own networks and or hand over sensitive data.

As Steve Durbin, managing director at Information Security Forum, tells Forbes: “All the social techniques cybercriminals currently employ could be improved immeasurably with the help of AI.”

There’s also scope to use AI to identify fresh vulnerabilities in networks, devices and applications as they emerge, he adds. “The best policy in these cases may be to fight fire with fire.”

Light at the end of the tunnel?

But the silver lining for 2021 defenders, VMware says, comes from the “significant” advancements in AI and machine learning (ML) set to land in firms’ security stacks.

And as awareness of how attackers use automation increases, it’ll become harder for attackers to pull off AI-based takeovers.

But at a time when budgets are already stretched and under great scrutiny due to an looming recession, it’s clear only those companies with cash to spare will be able to invest in these advancements.

Which leaves many smaller firms vulnerable, whether they use AI or not.

Read next: Monzo replaces chief risk officer Lisa Nowell