Is security pending from GenAI?

Is security pending from GenAI?
Is security pending from GenAI?

In recent months, there hasn’t been a single IT technical conference or sales pitch without at least one chapter on AI. But what does this mean for security, for example, a sector in which we would prefer not to face mind-blowing attacks? To find out, we went to the European security firm Eset.

GenAI is also a very present subject at Eset. This is how the Slovak security company announces its first AI Advisor. The chatbot aims to help security analysts, in particular by sifting through the numerous published research reports. “We’ve further optimized it to work largely independently of the terminals,” says Richard MarkoCEO of Eset, to the audience at the Eset World conference in Bratislava, Slovakia.

This offline work is surprising, as we are meanwhile getting used to the constant need for an internet connection that tech giants need to run their artificial intelligence in the cloud. But for security reasons, it also makes sense that you want to disconnect the network from time to time. As in the case of an active attack. ‘We also have many customers who remain off-grid with ‘airlocked’ environments for example’ adds Juraj Jánošík , head of AI/ML learning at Eset. Think for example of container ships, which are not on the network, but which need to be updated from time to time and are then vulnerable to infections. “Here too, we want to be able to install modules capable of detecting malicious code,” he explains.

Not new

Esets Protect security software’s scanners, and those of most other vendors, have for several years already incorporated machine learning and algorithms to better detect malware. ‘This is nothing new,’ Jánošík emphasizes to Data News. ‘We’ve been using algorithms to detect malware and attacks for years now, and we’ve been refining them for just as long. We now use the latest technologies for this purpose, such as transformers. The trick, however, is to reduce the size of the AI. In the cloud you can do whatever you want: run very large models that consume a lot of power, but on their device users want security to slow down operation as little as possible.’

These models are currently optimized to run on CPUs. ‘But we are working with Intel to create designs that can run on new chips in an NPU (Neural Processing Unit). This should be even more effective,’ adds Janošík.

NPU

This kind of NPU is the secret weapon of AI-enhanced PCs, which have been popping up in recent months. ‘There are now a range of suppliers making these products,’ says Alastair Edwards of Canalys. “We predict that by 2027, some sixty percent of all PCs sold will contain an NPU.” An NPU must, among other things, provide better results when processing artificial intelligence. “It allows you to run AI functions on the device itself, rather than in the cloud,” says Edwards. ‘It’s faster and because you’re taking some of the work off the GPU and CPU, it can also be more energy efficient. This is good, among other things, for the battery life of such a device.’

By also running part of the malware detection on this NPU, Eset hopes to create a faster and more independent module, also capable of using the new technology offline.

‘The other side’

Security firms therefore recognize the value of AI, but doesn’t the technology also offer the same advantages for the ‘other side’? ‘Eset doesn’t directly distinguish much movement in the AI ​​for criminal gangs,’ says Juraj Malcho, CTO of Eset: ‘We see that the gangs themselves do not form LLMs. They are mainly concerned with trying to ‘jailbreak’ existing models like those of OpenAI or Mistral. They thus try to use them for their own ends.’

Elod Kironsky , vice president of Endpoint Solutions, agrees: ‘Criminals don’t have the hardware or data to create models themselves.’ And because these models work with older data, the danger is less than you think. ‘The data of a Lama or a Mistral is frozen in time, while the organizations they wish to reach are constantly evolving. Criminals do not have the data necessary to create offensive AI. To be clear, we are not talking here about nation states that have the necessary resources and personnel. But within the security firm, we currently see mainly the positive sides. ‘Until now we have always tried to keep up,’ says Juraj Jánošík. ‘We try to create layers of protection while attackers try to get around them. They can also bypass the AI, which is an extra layer, but that gives us a little advantage. The templates we have today can be used to help researchers with reporting and administration, allowing them to focus on what’s important, like finding threats. As there is currently a shortage of security researchers, this is an important asset.’

-

-

PREV KM Consini Fire, A number of ships are deployed for electricity panels
NEXT Live – Follow the results of the European elections: in France, a hit for the far right