AI-Powered Security Tools: Your Secret Weapon Against Future Cyber Attacks

In the world of cybersecurity, it's a well-known fact that attackers only need to find one vulnerability to cause havoc, while defenders must protect against every possible threat. This dynamic becomes even more complex with the integration of AI into cybersecurity, turning it into an arms race where both attackers and defenders have access to powerful AI tools.

Cisco, a giant in the networking industry, is at the forefront of this battle, constantly working to shield its clients from AI-powered cyberattacks. In an exclusive interview with ZDNET, Anand Raghavan, Cisco's VP of AI Products, sheds light on how AI is reshaping cybersecurity and expanding the potential attack surfaces for organizations.

ZDNET: Can you briefly introduce yourself and describe your role at Cisco?

Anand Raghavan: I'm Anand Raghavan, the VP of Products for AI within Cisco's AI Software and Platforms Group. My team collaborates with various product teams at Cisco to develop and deliver safe and secure generative AI-powered products to our customers. Recently, we launched the Cisco AI Assistant, which simplifies customer interactions with our products through natural language, and Cisco AI Defense, which ensures safe and secure AI usage for both employees and cloud applications developed for customers.

ZDNET: How is AI transforming the nature of threats enterprises and governments face at the network level?

AR: AI has revolutionized network security, enabling hackers to execute more sophisticated and efficient attacks. They're using AI to automate and personalize phishing campaigns, making them more convincing and increasing the likelihood of employees falling for them. We're also seeing AI-powered malware that can adapt to evade traditional security measures. As AI tools become more widespread, they not only expand the attack surface but also amplify the issue of shadow IT.

While companies leverage AI to innovate, malicious actors use the same technology to craft new threats. It's crucial now more than ever to use the latest AI advancements to detect and mitigate these emerging threats quickly.

For instance, our Encrypted Visibility Engine technology can stop malicious connections in real-time within our firewalls, and our Email Threat Defense product uses language-based detectors to identify fraudulent emails. With the rise of AI applications facing customers, vulnerabilities in AI models have become a new critical attack surface. These models can be targeted with prompt injection or denial-of-service attacks, potentially leaking sensitive data. The security industry is racing to integrate AI into solutions to detect unusual patterns and suspicious network activity.

ZDNET: How do AI-driven tools help enterprises stay ahead of increasingly sophisticated cyber adversaries?

AR: In today's dynamic threat landscape, AI-powered security tools provide continuous and self-optimizing monitoring at a scale that manual efforts can't match. AI allows security teams to analyze data from across an organization's ecosystem, quickly detecting unusual patterns or suspicious traffic that might indicate a breach. This rapid analysis enables near real-time responses to potential threats.

AI complements human security professionals by enhancing visibility and response times, creating a "better together" scenario. In a world where top-tier security analysts are scarce, AI can support Tier 1 and Tier 2 analysts, significantly reducing the time needed to address new incidents and threats. Workflow automation for extended detection and response (XDR) using AI is key to staying ahead of cyber adversaries.

ZDNET: Explain AI Defense, and what is the main problem it aims to solve?

AR: The rapid adoption of AI applications is undeniable, yet within organizations, the pace of AI development and adoption is slower due to concerns about safety and security. According to Cisco's 2024 AI Readiness Index, only 29% of organizations feel fully equipped to detect and prevent unauthorized tampering with AI. Companies face a dilemma: move too quickly and risk security, or move too slowly and risk falling behind competitors.

AI Defense addresses this by enabling and safeguarding AI transformation within enterprises. It tackles two main risks: the exposure of sensitive data through the misuse of third-party AI tools, and the security of AI models developed and deployed by businesses. Our AI Access solution provides visibility into third-party AI usage and allows setting policies to limit data sharing or restrict access to unsanctioned tools. For businesses developing AI applications, AI Defense uses algorithmic red team technology to automate vulnerability assessments and provides real-time protection against threats like prompt injections and data extraction.

ZDNET: How does AI Defense differentiate itself from existing security frameworks?

AR: AI presents unique security challenges that traditional frameworks aren't designed to handle. AI Defense is specifically built to protect enterprises from the risks associated with AI application usage and development. It's based on Cisco's custom AI models, focusing on continuous AI validation and protection at scale.

Traditional applications are secured by human red teams, but this approach doesn't scale for non-deterministic AI models. AI Defense uses algorithmic red teaming to continuously monitor for vulnerabilities and recommend guardrails. Our platform approach ensures these guardrails are distributed across the network, providing total visibility over the AI footprint.

ZDNET: What is Cisco's vision for integrating AI Defense with broader enterprise security strategies?

AR: Cisco's 2024 AI Readiness Index highlights the pressure organizations face to adopt AI, yet many are unprepared and unaware of AI security risks. AI Defense is designed to help organizations unlock AI's benefits securely in a multi-cloud, multi-model environment. It provides visibility and control over AI applications, making it easier for developers to innovate without compromising security.

The adoption lifecycle for AI includes visibility, validation, and runtime protection. AI Defense supports these steps, with enforcement happening through Secure Access or SASE products for employee protection, and through Cloud Protection Suite applications like Cisco Multicloud Defense for cloud applications.

ZDNET: What strategies should enterprises adopt to mitigate the risks of adversarial attacks on AI systems?

AR: AI applications introduce new security risks due to their unpredictable and non-deterministic nature. Models can suffer from hallucinations or be vulnerable to attacks like training data poisoning and prompt injection. In a multi-cloud, multi-model environment, inconsistent safety and security standards can be a problem.

To protect against AI tampering and data leakage, organizations need a unified security approach across all clouds, apps, and models. This is especially crucial when accountability is fragmented across different stakeholders. A common AI security product that monitors and enforces guardrails across all AI safety and security categories, as outlined by standards like MITRE ATLAS, OWASP LLM10, and NIST RMF, is essential.

ZDNET: Could you share a real-world scenario or case study where AI Defense could prevent a critical security breach?

AR: AI Defense addresses two main areas of enterprise AI risk: the use of third-party AI tools and the development of new AI applications. In one scenario, an employee might share customer information with an unsanctioned AI assistant to help with a presentation. This data could become part of the AI's retraining data, risking a privacy violation. AI Defense can limit this data sharing or restrict access to the tool, mitigating the risk.

In another scenario, an AI developer might use an open-source model to create a customer service assistant, inadvertently weakening its guardrails. The assistant could then start providing incorrect responses and become vulnerable to attacks. AI Defense would identify this flaw through continuous monitoring and automatically apply the necessary guardrails.

ZDNET: What emerging trends in AI security do you foresee shaping the future of cybersecurity?

AR: One significant trend is the decreasing time between vulnerability discovery and exploitation by attackers, thanks to AI. Organizations must detect and patch vulnerabilities faster than ever. AI can accelerate vulnerability detection, enabling real-time responses.

Deepfakes are another major concern for the next five years. The security industry is just beginning to prepare for defending against them, but they will pose a significant risk. Just as denial-of-service attacks and ransomware have been major threats in the past, deepfakes will be a sleepless night for many security professionals.

ZDNET: How can governments and enterprises collaborate to build robust AI security standards?

AR: Collaboration between governments and the private sector can leverage diverse knowledge and perspectives to develop best practices in the rapidly evolving AI security landscape. Last year, Cisco worked with the Cybersecurity and Infrastructure Security Agency's (CISA) Joint Cyber Defense Collaborative (JCDC), which included industry leaders and government agencies to enhance collective response to AI-related security incidents.

We participated in a tabletop exercise and contributed to the "AI Security Incident Collaboration Playbook," which provides practical guidance for responding to AI-related security incidents and sharing information about AI system vulnerabilities. This collaboration can raise awareness of the security risks associated with AI technology.

ZDNET: How do you see AI bridging the gap between cyberattack prevention and incident response?

AR: AI-enabled security solutions are already providing continuous and scalable monitoring, helping human security teams detect suspicious activity and vulnerabilities. AI is an invaluable tool that enhances visibility and provides recommendations for incident response.

In the future, AI could automatically deploy and implement security patches under human oversight. The benefits include continuous monitoring, scalability as the attack surface grows, increased accuracy in detecting subtle indicators, and faster response times compared to manual reviews.

AI is transforming cybersecurity, but are enterprises truly prepared for the risks it brings? Have you encountered AI-driven cyber threats in your organization? Do you think AI-powered security solutions can stay ahead of increasingly sophisticated attacks? How do you see the balance between AI as a security tool and a potential vulnerability? Are companies doing enough to secure their AI models from exploitation? Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.