As Chief Technology Officer for Unit 42 and a cybersecurity educator, I have a unique vantage point into the cyberthreat landscape. I recently had the honor of testifying before the House Committee on Homeland Security to share the Palo Alto Networks perspective on the intersection of AI and cybersecurity. The hearing was bipartisan in nature, and our company appreciates the commitment from Chairman Green, Ranking Member Thompson, and the rest of the committee to thoughtfully explore this important topic.
Adversarial Innovation
Cyber adversaries are already leveraging AI to advance their trade craft and will continue to do so going forward. For example, we see evidence that adversaries are using AI to enhance what we call social engineering attacks – phishing emails designed to lure users to “click the link.” Historically, these messages have been littered with poor grammar and typos, making their fraudulent nature relatively easy to detect, but they are becoming more accurate and therefore more believable. Adversaries are now able to generate flawless, mistake-free text, enabling click-through rates to skyrocket.
Additionally, bad actors are innovating with AI to accelerate and scale attacks and find new attack vectors. They could execute numerous simultaneous attacks on one company across multiple vulnerabilities. Adversarial use of AI can allow faster lateral movement within networks and more rapid weaponization of reconnaissance data. Going forward, there is the potential for a significant surge in malware variants as the cost of creating customized malware drops substantially.
None of this should be a surprise. Adversaries are always evolving, with or without AI, and we can never be complacent. As cyber defenders, our mission is to understand and track adversarial capabilities while relentlessly innovating and deploying best-in-class security tools to stay ahead.
Harnessing AI for Cyber Defense
This backdrop only heightens the importance of fully harnessing the substantial benefits AI offers for cyber defense.
Indeed, the demonstrated impact of AI-powered cyber defense is already significant. By leveraging Precision AI, each day Palo Alto Networks detects an average of 2.3 million unique attacks that were not present the day before. This process of continuous discovery and analysis allows threat detection to stay ahead of the adversary, blocking an average of 11.3 billion total attacks every day.
A particularly compelling use case for AI-powered cyber defense is upleveling and modernizing the Security Operations Center, or “SOC” as cyber practitioners call it.
For too long, our community’s most precious cyber resources – people – have been inundated with security alerts that require manual triage, forcing them to play an inefficient game of whack-a-mole, while vulnerabilities remain exposed and critical alerts are missed. Making matters more difficult, this legacy approach often requires defenders to stitch together security data from across dozens of disparate cybersecurity products at the same time – a difficult and often counterproductive task to achieve desired cybersecurity outcomes.
This inefficient, manual posture results in suboptimal Mean Time to Detect and Mean Time to Respond times for security operations teams. As the terms suggest, these metrics provide quantifiable data points for network defenders about how quickly they discover potential security incidents and then how quickly they can contain them. Historically, organizations have struggled to execute against these metrics – responding to breaches in close to 6 days on average when many attackers begin exfiltrating data in just hours.
AI-driven SOCs can flip this paradigm and give defenders the upper hand. This technology acts as a force multiplier for cybersecurity professionals to substantially reduce detection and response times. Early customer adoption of this technology is proving transformative – reducing Mean Time to Respond from 2-3 days to under 2 hours and increasing incident close out rates by 5x.
Securing AI by Design
While the adoption of AI continues to soar, so too do the associated security risks. From unauthorized AI usage to the proliferation of malicious models, organizations must rethink how they are safeguarding their AI infrastructure.
Multiple Members of Congress asked me how AI app adoption is changing the way enterprises must think about security. The era of AI indeed does necessitate an evolved security approach that we like to call Securing AI By Design. This approach requires several abilities:
- Securing every step of the AI app development lifecycle and supply chain.
- Protecting AI applications, models and data from threats in runtime.
- Overseeing employee AI usage to ensure compliance with internal policies.
These principles are aligned with, and based on, the security concepts already included in the NIST AI Risk Management Framework (RMF). Securing AI by Design builds off the secure by design momentum highlighted in CISA’s recently released pledge, of which Palo Alto Networks is a proud signee.
Collective Defense in the Era of AI
Cyber resilience takes all of us working together. Ultimately, people and partnerships work in concert with technological innovation. To that end, Palo Alto Networks is proud to participate in threat intelligence sharing forums like CISA’s Joint Cyber Defense Collaborative and to steward innovative accelerated onboarding programs like the Unit 42 Academy.
As I reinforced during the hearing, the topics we discussed are important to me on a personal level. I’m honored to have spent decades both as a cybersecurity practitioner partnering with governments to stop threats and as an educator training the cyber workforce of tomorrow.
It’s with that background that I can say confidently that homeland security, national security and critical infrastructure resilience are being enhanced by AI-powered cyber defense at this very moment. And we must keep the pedal to the metal, because our adversaries are certainly not sitting on their hands.
Learn more about the hearing and view the full testimony.