Robert Hannigan, the former head of GCHQ, has said that there is very little evidence of artificial intelligence (AI) being used in cyber crime or terrorism.
Hannigan was speaking at an event hosted by the London Office For Rapid Cybersecurity Advancement (LORCA), where he delivered a keynote on the so-called 'myths' and 'buzzwords' around AI in cyber security.
In his opinion, while AI has transformed many aspects of modern life, it is yet to prove all that useful to state-sponsored hackers. He suggested there were not enough benefits to outweigh the "trouble" of investing in the technology for malicious purposes.
"The cyber industry is great at scare stories, and I've read lots and lots of scare stories about criminal groups and even terrorists using AI, and to be honest, I've seen virtually no evidence for this at all, with a couple of exceptions," Hannigan said. "I would say that I think it's again a confusion with automation."
He added that AI would likely form a part of a hackers arsenal in the near future, but right now it simply presented too much "risk". As an example, he cited the SolarWinds hack, which he said was sophisticated but also appeared to be "hand-curated".
"You can understand why the attackers might have wanted to do that, in order to hide themselves," Hannigan said. "And doing it at the scale, and going to the trouble of doing it through AI would probably be at high risk for them."
From there the subject of AI in cyber security flipped, with Hannigan expressing concerns about the security of AI. He said the issue was "high on everyone's list" because technologies such as driverless cars and automated medical diagnostics were rapidly becoming the norm.
"The data is a huge vulnerability, and there have been lots of studies on so-called data poisoning, adversarial models, which basically say, we can trick the machine into misdiagnosing, for example, an MIT study on chest X rays," he said.
"And if you have a malicious actor, or even an accidental actor, it is perfectly possible to see how data poisoning or incorrectly categorised data can lead the machine to do something completely wrong with potentially very serious consequences."
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Three ways to evolve your security operationsWhitepaper Why current approaches aren’t working
-
Beat cyber criminals at their own gameWhitepaper A guide to winning the vulnerability race and protection your organization
-
Quantifying the public vulnerability market: 2022 editionWhitepaper An analysis of vulnerability disclosures, impact severity, and product analysis
-
Same cyberthreat, different storyWhitepaper How security, risk, and technology asset management teams collaborate to easily manage vulnerabilities
-
Business value of ServiceNow security operationsWhitepaper Experience transformational gains from automating workflows and data-sharing among IT, security, and risk teams to rapidly remediate threats
-
Cybercriminals are resilient. How about you?Whitepaper Stay ahead of those agile bad actors
-
Threat Intelligence: Critical in the fight against cyber attacks, but tough to masterWhitepaper Discover why many claim Threat Intelligence is extremely important in protecting their company and data
-
State of ransomware readiness 2022Whitepaper Reducing the personal and business cost
