Several characters in the Terminator franchise actively try to stop the creation of the fictional, self-aware artificial intelligence Skynet, which attempts to exterminate humanity.
That’s the analogy National Motor Freight Traffic Association (NMFTA) Cybersecurity Director Artie Crawford used to reference today’s AI landscape.
“Skynet is real, and it's getting ready to happen,” Crawford said.
But as cybercriminals use AI to attack and companies use AI to defend themselves, it raises the question of how AI will fight against AI. How will humans use AI for good to fight the humans using AI for bad?
Crawford said the difference is that defensive cyber operations are placing far more boundaries on AI than threat actors. That will allow AI on the threat actors’ side to start making decisions about how to attack next, he said, and cybersecurity professionals need to be prepared to interact with AI in defense.
“It's really an interesting cat-and-mouse game at that point in time because how far will you allow the defensive AI to respond, and respond quickly, and respond in a fashion that doesn't take down the rest of your network,” Crawford said. “This is going to be another case where a human needs to stay in the loop so that we can manage, monitor, and visualize what the defensive side is going to do against the offensive side.”
Cybercriminals are using AI to bypass traditional security measures and accelerate their campaigns. They’re finding vulnerabilities faster, but cybersecurity teams can use AI, too, to find and eliminate vulnerabilities, detect anomalies earlier and respond quicker.
NMFTA CCO Joe Ohr agreed that the use of AI in both scenarios will depend on the human element: whoever is piloting the AI. Mollie Breen, CEO of Perygee, said the AI will continuously get better on both defensive and offensive sides, but she doesn’t ever see a point where AI will act autonomously and create an Armageddon-like situation.
“There will always be some amount of execution strategy at play that will prevent against that type of scenario,” Breen said. “It's getting better, but it's because some developer somewhere made this tweak or wrote this rule. It can self-learn… but learn based on a fixed set of data based on a specific environment. The developer is still behind it telling it the rules or applying thresholds around how to update based on the environment.”
Beyond the heat of the moment
Though AI can help defend against cyberattacks, it’s not a sure bet that it can completely protect a company. When a company is in the thick of a cyberattack, the primary goal is to get their network back online to keep business running.
But when the company digs itself out of the tunnel, AI can help on the post-mortem side as well. Breen said AI can take logs of data and identify what a security team missed before an attack.
“I think this is where I see some of the benefits of AI the most for cybersecurity teams—trucking and more broadly—is helping them look at existing datasets that they have people looking at but also looking at unmined datasets that they've never been able to have people look at… because it's expensive and instead have AI look at some of those logs to identify things that they didn't know they should be looking at.”
Crawford said when he was working inside the intelligence community, they would feed rudimentary large language models vast amounts of data and would find similarities in what they thought were completely different threat actors. They learned that the attackers were the same threat actors with the same code and the same indicators of compromise. They simply had slightly modified their tools, tactics, and procedures.
Human cybersecurity analysts were unable to spot the similarities.
“I think this is how organizations will start to be able to co-sponsor or add or subtract from their internal or their partner networks in order to use these large language models—or in this case, agentic AI—to sift through this data to understand what those tools, tactics, and procedures are and figure out who's actually attacking me, and do we have some type of defense for that particular bad actor,” Crawford said.
