Emerging Threats

What it means to 'fight AI with AI'

Mar 25, 2024
Fighting AI with AI

Editor's note: The following is a guest contribution by Nat Smith, Senior Director, Product Management, Zscaler

I recently read an article reporting a new, generative AI worm dubbed “Morris II” and I immediately began to worry. Would AI learn the best ways to phish me? Could AI predict where my vulnerable systems and users are? Would it easily find new and previously unreported vulnerabilities by which to compromise me? Would all of this happen at quantum speed? 

For many, a new, generative AI worm is an understandable reason to panic. 

Pushing back against hysteria, however, we discover that Morris II only targets AI apps and AI-enabled email assistants. No attack is a good one, but at least this one’s very specific. More importantly, I would suggest, is the recognition that just as AI is helping to accelerate and automate attacks, it will also drastically improve security efficacy. 

While AI threatens to overwhelm reactive security teams with the pace and sophistication of its onslaught, it can likewise enable proactive prevention through predictive processes and controls. This is critical to giving security teams the chance to withstand the barrage that awaits them.

Scaling alongside AI-enabled attacks

There are two proactive efforts that scale well when accelerated attacks become the norm. Neither of these efforts need to be AI-powered to be effective against AI-based attacks, but AI can certainly enhance both of them. I believe not having these techniques in place will almost guarantee security teams will fail to keep up with AI-enabled attacks.

The first is zero trust. Zero trust is not a single product or solution – it is a paradigm for architecting infrastructure. Individually authenticating each access request is a good starting place. A core tenet of zero trust entails eliminating the assumption (i.e. “implicit trust”) that a user on the inside is already authenticated and authorized to use a resource. 

Crucially, zero trust is capable of scaling in the face of accelerated attacks. As a Gartner analyst, I saw many organizations benefit from zero trust’s tendency to automatically contain attacks. This reduces the blast radius of any successful intrusion and can even foil attackers’ reconnaissance efforts. Isolating users and assets with techniques such as microsegmentation prevents attacks from spreading. 

However, complete network microsegmentation can be challenging. Instead of jumping into full microsegmentation, many organizations benefit by focusing on isolating access to their most important resources – their “crown jewels.” They do this by expanding zero trust network access (ZTNA) for remote workers into the office, so all workers in the office also use ZTNA. ZTNA expansion, typically referred to as universal ZTNA, can even eliminate the need for network access control (NAC).

The other important effort is vulnerability management. Today, vulnerability management  is often done in ways that do not scale. Many organizations, in the face of massive numbers of published common vulnerabilities and exposure (CVE), recognize they cannot patch everything and must prioritize. Prioritization is the right decision, but how you prioritize CVEs matters. 

In my experience, most organizations prioritize CVEs by severity, choosing those with the most severe risk rating to patch first. The problem with that thinking, as my former Gartner colleague Craig Lawson points out, is that only a small number of CVEs are ever actively exploited. It therefore makes more sense to prioritize actively exploited CVEs over severe but rarely exploited vulnerabilities. Smarter prioritization of patching, as can be enabled by AI, will make a material difference in how organizations reduce their exploitability.

This, among other areas, is where our recent acquisition of Avalor offers essential capability enhancements. Unified vulnerability management, a part of Avalor’s data fabric offerings, will help organizations more effectively triage their outstanding vulnerabilities.

Although AI will inevitably be used by attackers to improve the quality and enhance the pace of their attacks, there are proactive measures we can take to scale our defenses. Zero trust and smart vulnerability management can help prevent attacks by proactively reducing the attack surface and lowering real risk. 

This is what Zscaler CEO Jay Chaudhry means when he discusses “fighting AI with AI.” Given the likelihood that attacks will accelerate, AI-enabled proactive protection should be considered mandatory.

What to read next

The power of prediction: Harnessing AI and ML for cybersecurity [podcast]

What’s in a name? Defining zero trust for leaders