from Hacker News

Ask HN: Is AI causing companies/individuals to rethink their security?

by donclark on 5/5/23, 2:55 PM with 4 comments

I am a security and AI noob, so please pardon my stupidity and thank you in advance for your patience, honest responses and feedback on this.

Are companies/organizations rethinking their security models/processes/etc based upon the use of AI in hacking? If so, how(in detail)? Is there a live list of things to consider in protecting against?

Based upon what I have read/seen, there may be an increase in hacks based upon the use of AI in hacks (faked voice/video/etc) - which may have not been previously considered in the security processes and/or user journey. *I'm not saying that AI alone is the problem, its in the addition to social engineering, gaps in current security, current risks, etc. What about for personal use devices? Network/wifi/mobile/desktop/etc? Is there a live list of AI hacks? How is security leveraging AI to protect against AI hackers? Or is there a simple website putting things into 3 columns - what is susceptible, what is not, and unsure.

  • by obpe on 5/5/23, 3:23 PM

    If your security posture is mostly filled with current best practices then AI hacks aren't anymore scary than regular hacks.

    Phishing is by far the number one way we have been hacked in the past. Education, MFA and soon passwordless logins are the best way to prevent phishing. If your CEO calls you and asks for your network credentials, DON'T DO IT!!! It doesn't matter that it sounds a lot like them.

    For personal use devices, we are are already required to install some "endpoint protection" app if we want to access company resources. I don't do it simply so I don't have to and I get to say I don't have access to email outside of work hours.

    AI hacks are not any more sophisticated than regular hacks; it's more like the level of technical sophistication has been lowered to make use of them. This is constantly happening anyway, as hacks are integrated into commodity pen testing frameworks.

  • by thephyber on 5/5/23, 7:59 PM

    AI doesn’t yet do any hacking. It is a force multiplier for both red teams and for blue teams. Red teams (hackers) can use AI to learn to program/script better or faster, or more importantly to more accurately speak in the natural language of their target (thereby building more trust).

    Basic security hygiene is the most important first priority for every company. Basic password reuse, unpatched applications, email/SMS phishing, false invoices, etc are the most common security issues. If a company didn’t have a handle on those things before ChatGPT, AI helps their adversaries be more efficient.

    There was already an issue where the value / reliability of cyber insurance was questioned, and if ChatGPT creates more successful fraud, premiums will likely continue to risk, making insurance increasingly unaffordable.

  • by eimrine on 5/5/23, 3:15 PM

    How can I be afraid by AI if my smartphone use to give its root to anybody but me (bank apps, the vendor, Quallcomm, FBI, Pegasus)?