If you've been in the cybersecurity market for more than five minutes, you know that every product vendor is offering some variation of artificial intelligence (AI), machine learning, or blockchain technology as a means to prevent the next zero-day attack. If you're in the market for cybersecurity technology, the waters are muddy at best. Many security companies use the same language to describe their wares. Many claim to use AI or some other shiny gizmo in their software and hardware. Others use fancy marketing lingo like “zero trust” to draw you in for a further look. Even under the best circumstances it can be challenging to pick security software, and with all these new terms being tossed around, it can be impossible to understand what you’re even looking at. And at the end of the day, relying on the only objective measure – price – leads to a proliferation of half-baked security solutions and consumers picking the cheapest fly-by-night security vendor.
Do a quick Google search for cybersecurity and artificial intelligence with your favorite term: endpoint, firewall, etc. You'll quickly be overloaded with marketing fluff, and in my case, the desire to reach for another beverage to ease the pain.
So, let’s start with the basics…
What Is Artificial Intelligence?
Artificial intelligence (AI) refers to the simulation of human intelligence in machines that are programmed to think like humans and mimic human actions. The term AI may also be applied to any machine that exhibits traits associated with the human mind, such as learning and problem solving. As you dig further, you enter the realm of "machine learning" and start wading into neural networks. At its core, AI is programming with the ability to rationalize and take actions that have the best chance of achieving a specific goal.
When most people hear the term artificial intelligence, the first thing they think of is robots. That's because Hollywood movies and sci-fi books weave stories about human-like machines that wreak havoc on Earth. But nothing could be further from the truth. AI is based on the principle that human intelligence can be defined in a way that a machine can easily mimic to execute simple to highly complex tasks. The goals of AI include learning, reasoning, and perception.
A key point worth highlighting: AI is not intended to replace human thinking, human emotion, or seemingly irrational behaviors that humans display. It's an accumulation of decisions with bounded datasets from which an automated decision can be made and a subsequent task performed. That's a far more linear capability than you are likely getting sold.
The Dawn of Artificial Intelligence as a Marketing Tool
AI has long been part of our collective landscape. For many of us, our first introduction occurred in the early 1990s, when IBM came out with the Deep Blue computer. Deep Blue became famous when it defeated the great chess champion, Garry Kasparov. Quickly, IBM and Deep Blue appeared to be ushering in new era of artificial intelligence and automation. To the average person, Deep Blue was magical because, let's face it, most couldn’t begin to explain how it worked. The magic behind Deep Blue was a very brute force method of playing chess. With each move, Deep Blue took a look at all the possible legal moves that could be played and would map out possible results of various approaches to future moves. As the game went on, Deep Blue would keep exploring move after move forming a huge decision tree of thousands of moves. It would then make move selections based on that tree to provide good results. What is a “good result?”
This is the point where we start to see AI autonomy fall apart. Deep Blue had many carefully designed chess strategies built into it by expert chess players to help it make better decisions (e.g., How to decide whether to protect the king or get advantage somewhere else). Programmers made a specific “evaluation algorithm” for this purpose to compare how advantageous or disadvantageous different board positions are based on the IBM-programmed expert chess strategies. Each move would call on this evaluation and based on the outcome, Deep Blue would select a move. For each turn, Deep Blue goes through the whole process again. So, was Deep Blue an advancement in AI or hardware? I'd argue that the real achievement with Deep Blue was the hardware created by IBM that was way ahead of its time and advanced enough to quickly process all possible chess move combinations over and over again. Today, this technology exists in a simple handheld phone or computer.
So, while Deep Blue was perceived to be the future of advanced AI in the '90s, today that title has passed to IBM's Watson. Deep Blue, as well as other forms of AI fall victim to the AI effect in time. In other words, as technology becomes more advanced, forms of AI begin to show their age and we no longer consider them intelligent. Take early picture recognition versus modern, dynamic, facial recognition software, for example. We would no longer consider the early systems used to identify objects in photos as intelligent compared to contemporary software.
Artificial Intelligence Is Just Doing What We Tell It To Do
Author Pamela McCorduck writes: "It's part of the history of the field of artificial intelligence that every time somebody figured out how to make a computer do something – play good checkers, solve simple but relatively informal problem – there was a chorus of critics to say, 'that's not thinking'."
AIS researcher Rodney Brooks complains: "Every time we figure out a piece of it, it stops being magical; we say, 'Oh, that's just a computation." Does this degrade our understanding of AI, or is this the reality of its capabilities and does it really matter?
If we bring the conversation back to cybersecurity technology, the picture becomes even less clear. Most vendors mash the term artificial intelligence into marketing fluff next to blockchain, machine learning, and zero trust. I've even seen vendors go so far as to claim that artificial intelligence stops zero-day attacks, a very bold claim. Remember that whole thing about AI requiring inputs to make decisions? Zero-day means that the inputs were unknown, so unless AI can also predict the future, we can assume it's not going to stop an attack that has never presented itself before. More importantly, progressive attacks have a live attack operator on the other end of the network cable, an operator that is human with human emotion and irrational and unpredictable behavior. Even the most advanced AI barely scrapes human emotional actions and reactions, and as we discussed earlier, this isn't the intent of AI.
In the End, What Should We Expect from Artificial Intelligence?
AI is finding its way into every aspect of our lives, and cybersecurity is certainly not immune to this growth. In fact, there are many systems out there benefitting significantly from the strengths of AI. Cybersecurity software can better identify and escalate attacks because of AI and the result is fewer nuisance alerts and less organizational complacency. So why are we taking issue with AI in cybersecurity? It's when we see vendors selling capabilities that are unrealistic and potentially put your organization at risk. The day will come, and maybe it already has, when a widescale zero-day attack arrives that no one's security technology can identify. AI has yet to replace a human cyber defender and it could be years before we can trust software to fully protect us. Yet, at the same time, many cybersecurity marketers missed the real benefit. AI combined with human intelligence has changed the world and together can change cybersecurity for the better.
Justin (he/him) is the founder and CEO of NuHarbor Security, where he continues to advance modern integrated cybersecurity services. He has over 20 years of cybersecurity experience, much of it earned while leading security efforts for multinational corporations, most recently serving as global CISO at Keurig Green Mountain Coffee. Justin serves multiple local organizations in the public interest, including his board membership at Champlain College.