AI and Cybersecurity: Innovation Trends Evolve Along with Threats

We are witnessing a shift in the security landscape across all aspects of our digital world. As cyber threats become more sophisticated and frequent, they pose new challenges for individuals and organizations alike. A single security breach can have devastating consequences for millions of internet users – from disruption to daily life and loss of access to everyday services to identity theft and loss of privacy.

But on the bright side, these threats are driving a wave of innovation and cutting-edge solutions that can help protect our sensitive data and ensure business continuity. At the forefront of this evolution are artificial intelligence and machine learning. These technologies are equipping cybersecurity professionals with the tools to identify and mitigate threats more effectively than ever before, with unprecedented speed and accuracy.

It’s no surprise that the rise of AI and machine learning has become a major topic at industry conferences and among cybersecurity professionals. This was evident at this year’s RSA Conference, where tracks focused on automation using AI and machine learning, as well as the benefits and threats of generative AI and large language models (LLMs).

Other key topics include the increasing use of software bills of materials (SBOMs) and the associated security threats, and zero-trust sessions focusing on policy-based authentication. In case you missed it, CableLabs covers these topics and provides more detailed keynotes from the RSA 2024 conference in a recent technical briefing, available exclusively to members. Here are some general notes from the conference.

rapier

Generative AI and the LLM program have been discussed at summits hosted by organizations including the Cloud Security Alliance (CSA), the Worldwide Open Application Security Project (OWASP), and Techstrong Group. Topics covered at the summits include:

Using LLM and generative AI to accelerate code analysis and fix code vulnerabilities, accelerate incident response, detect multi-modal malware, as well as improve threat detection, and manage ongoing risks and vulnerabilities for organizations. Demonstrations of LLM attacks that can produce incorrect and/or malicious outputs in whole or in part. Common attacks presented in different sessions included hot injection, insecure output handling, poisoning of training data, denial of service on LLM, leakage, etc.

OWASP has provided a summary of its work on the “Top 10 LLM Programs” project, which addresses common LLM security risks and provides guidance and checklists when implementing and managing LLM programs.

There are also several policy challenges related to generative AI such as copyright protection of AI-generated works and tracing of training data back to their original owners, lack of recommendations or regulations from the US Patent and Trademark Office regarding AI and human invention and also regarding the privacy of personal data shared with generative AI vendors with the risk of this data being re-identified by AI tools.

Long live short certificates

One ongoing trend in the world of public key infrastructure (PKI) is to shorten the lifetime of operational certificates. Specifically for web and cloud infrastructure environments, Google has published a roadmap that reduces the validity of TLS certificates from 398 days to 90 days. The primary benefits touted for shorter validity certificates include reduced exploitation time for compromised certificates and cryptographic flexibility, collectively called certificate resiliency.

However, this also poses challenges for access network operators and certificates dedicated to device identities that can have a validity period of decades. Typically, these device certificates are intended to provide immutability, provability, and uniqueness, and are primarily used to authenticate access networks. In this context, providing consistent identity using rotating certificates requires a shift from current deployment models. It highlights the need to implement automated certificate management tools and involves additional costs and time required to deploy them as part of a network infrastructure upgrade.

Software and Coding Material Invoices

SBOMs are gaining momentum as a key component of the software development life cycle. The RSA conference also featured some interesting sessions and demonstrations on the adversarial use of SBOMs and the development of guidelines on how to use them correctly.

From a security perspective, crypto bills of materials (CBOMs) provide a mechanism to track crypto assets and their dependencies. They also provide a path towards delivering and tracking quantum-secure solutions by facilitating the tracking of abandoned crypto. This is an area that is rapidly evolving with many vendors offering SBOM tools and SBOM best practices.

Other Hot Topics

Other notable technologies and topics discussed at the conference included:

Zero Trust and Identity Protection – Identity compromise remains a major threat and the root cause of data breaches. With current trends around remote work, virtualization, and cloud deployment, data and identities are now stored outside the corporate perimeter. Incorporating a zero trust model (never trust, always verify) plays a critical role in protecting identity and corporate assets. Multi-factor Authentication – More and more companies are moving toward multi-factor authentication to reduce account compromise. However, various attack methods to bypass multi-factor authentication – such as MFA fatigue, SIM swapping, and session hijacking – complicate this. Post-Quantum Cryptography (PQC) – The debate around Post-Quantum Cryptography (PQC) continues with the general guidance that the industry incorporate a “hybrid mode” of deployment for any new encryption solutions. As of August 2024, there is no stable quantum computer capable of widespread practical use; however, cybercriminals continue to steal encrypted data with the expectation that it will be decrypted in the future. NIST plans to publish the first set of PQC standards by the end of this summer.

The RSA Conference is the leading conference for cybersecurity professionals. This year, it brought together more than 41,000 professionals, 650 speakers across 425 sessions, and 600+ exhibitors in San Francisco. Read more about these cybersecurity trends and more RSA Conference topics in the technical brief, available exclusively to CableLabs member operators.

Did you know?

In addition to in-depth technical reports covering events like the RSA Conference, CableLabs publishes event briefs — written by our technology experts, exclusively for our members. You can view the latest briefs (member login required).

Leave a Reply

Your email address will not be published. Required fields are marked *