AI in Cybersecurity: How It's Being Used and Risks to Navigate

Key takeaways

Artificial intelligence (AI) is a transformative emerging technology that's changing what it means to work in cybersecurity. A study by CompTIA reports that 77 percent of businesses and IT professionals already use AI to address cybersecurity concerns [1].

• AI poses both improvements and risks for the field of cybersecurity.

• AI can benefit cybersecurity teams in numerous ways, such as detecting and preventing evolving threats.

• But it can also enable more complicated and large-scale attacks.

Learn different ways AI is being used in cybersecurity, along with the key challenges to keep in mind when implementing this new technology. Afterward, build your cybersecurity knowledge with Vanderbilt University's Generative AI Cybersecurity & Privacy for Leaders Specialization.

How can AI be used to enhance cybersecurity?

Cybercrime stands to be an expensive problem in the coming years. According to SentinelOne, it will cost organizations and individuals $27 trillion by 2027 [2]. While AI poses significant challenges for the field of cybersecurity, it also stands to deliver compelling solutions that keep pace with evolving threats. Let's review some of the primary use cases for AI in cybersecurity.

1. Malware detection

AI leverages neural networks and ensemble methods to analyze different types of data for irregular file characteristics and code patterns. This can include:

• Zero-day malware identification: Uses convolutional neural networks (CNNs) to analyze binary file structures without requiring known signatures.

• Fileless malware detection: This type of malware operates without files, making it harder to detect. AI analyzes behavior to detect and prevent such attacks.

• Polymorphic malware recognition: Uses recurrent neural networks (RNNs) that identify malicious patterns.

• Advanced persistent threat (APT) detection: Detects often undetected presences in a network.

2. Security analytics

AI processes security records and logs using natural language processing (NLP) and machine learning algorithms to uncover complex attack patterns. This can include:

• User and Entity Behavior Analytics (UEBA): Detects irregular behavior or devices that may indicate compromised accounts.

• Network traffic analysis: Monitors network activity to identify anything potentially suspicious.

• Threat intelligence correlation: Tracks activity across different data points to signal a unified threat campaign.

• Dark web monitoring: Analyzes communications from potential or established threat actors in real-time.

3. Threat prevention

AI systems trained on historical attack data can anticipate and prevent future threats. This can include:

• Reinforcement learning models: Updates defense strategies based on attacker behavior.

• Graph neural networks: Maps out attack paths and predicts likely escalation routes.

• Time-series analysis: Identifies attack timing patterns and seasonal threat variations.

• Automated threat hunting: Reduces the mean time to detection (MTTD).

4. Continuous monitoring

Security Orchestration, Automation, and Response (SOAR) platforms that integrate AI technology can provide constant monitoring with instant response capabilities. This can include:

• Real-time endpoint detection and response (EDR): Uses computer vision to analyze system processes.

• Cloud workload protection: Analyzes behaviors across different environments.

• Automated incident response workflows: Executes established playbooks based on threat classification.

• Dynamic risk scoring: Prioritizes alerts using context-aware algorithms integrated with SIEM platforms.

5. Emerging applications

While the AI-powered threat detection and automated response capabilities discussed above have become cybersecurity staples, there are emerging AI security applications that continue expanding what AI can do for cybersecurity teams.

Identity and access management

As the types of threats to identity and access evolve, authentication will too. AI-powered identity solutions offer stronger controls by analyzing behavioral patterns and contextual factors that make each user unique, creating virtually unbreakable authentication systems.

• Behavioral biometrics: Uses keystroke dynamics and mouse movement patterns for continuous authentication.

• Risk-based authentication: Scores login attempts based on a high number of contextual factors.

Vulnerability intelligence

The list of vulnerabilities keeps expanding, and security teams tax their resources addressing patches for each one. AI has the potential to transform reactive patching to strategic risk mitigation by predicting which vulnerabilities are most likely to be exploited and prioritizing remediation based on real-world threat intelligence.

• AI-driven patch prioritization: Correlates CVSS scores with exploit prediction models.

• Supply chain risk assessment: Uses graph analytics to map third-party dependencies.

Advanced threat detection

Cybercriminals will continue using AI to exploit organizations and individuals. AI-powered defenses that can recognize and counter artificially generated attacks. These next-generation detection systems represent the front lines of the AI-versus-AI battlefield in cybersecurity.

• Deepfake detection algorithms: Protects against AI-generated social engineering attacks.

• Adversarial ML defense systems: Protects AI models from poisoning and evasion attacks.

How is AI a risk to cybersecurity?

In the same way AI has revolutionized cybersecurity defense, it’s enabled much more complicated and larger-scale attacks. For instance, traditional cybersecurity measures, such as antivirus software that relies on threat signatures, can fail due to the adaptive nature of today’s cyber threats. AI poses a risk to the field of cybersecurity in several ways:

• Deepfakes: AI can create synthetic videos and audio that mimic real people. By engaging victims in conversation with seemingly familiar people, malicious actors can convince them to share sensitive information or spread misinformation. 

• Password guessing algorithms: AI-powered password-cracking software such as PassGAN can guess common seven-digit passwords in mere minutes. For other password types, the AI cracked 51 percent in under a minute, 65 percent in under an hour, 71 percent in under a day, and 81 percent in under a month [3].

• Adaptive attack patterns: Metamorphic and polymorphic software can change its code to adapt to the system through which it spreads. Traditional detection methods can find these types of transformative attacks challenging to manage, given that they can change shape by the time they’re detected. 

• Generative malware: Recent advancements in generative models such as GPT-4 enable people with little to no programming knowledge to generate working code. These tools can be prompted to create malicious software or solve problems related to circumventing cybersecurity defense measures in the wrong hands. 

• Social engineering: Employees may be manipulated into divulging sensitive information or engaging in harmful tasks, such as downloading suspicious software or purchasing unauthorized items with company funds. Although some social engineering attacks are easily spotted, AI tools are increasing their effectiveness and the scale at which they can be carried out. For example, chatbots can compose phishing emails quicker, more often, and with fewer mistakes that can be easily screened.

• Data poisoning: AI is also creating new cyber attacks like data poisoning, which refers to the manipulation of machine learning training data. Poisoned data is injected into a database, spoiling the algorithm and causing it to produce inaccurate results. In other instances, data poisoning attacks may create hidden vulnerabilities in a database, allowing malicious actors to secretly control the model or trick it into trusting unsafe file types.

AI tools for cybersecurity solutions

There are several key cybersecurity tools that can help teams construct secure networks. AI expands those options. Some examples of AI-based cybersecurity tools in today’s market include:

• IBM Security Verify. This AI-powered identity and access management solution is ideal for hybrid work environments and provides automated on-premise and cloud-based security governance. It’s a software-as-a-service (SaaS) approach that protects both internal members and customers.

• Amazon GuardDuty. AWS systems can obtain continuous monitoring and machine learning (ML) powered threat detection through Amazon GuardDuty. It creates detailed security reports for increased visibility and faster resolutions for your cyber team. 

• CylanceENDPOINT. CylanceENDPOINT focuses on preventative defense against malware, zero-day threats, and fileless memory exploits. Its AI uses less than 6 percent of CPU processing power, making it a lightweight option for businesses with cloud-native, hybrid, and on-premises systems. 

Build your AI knowledge on Coursera

Keep your finger on the pulse of AI with our LinkedIn newsletter Career Chat. Or, check out the following digital resources to keep expanding your AI knowledge: 

• Watch on YouTube: How Does GenAI Work? or 5 Fun Facts About GenAI 

• Hear from a faculty expert: AI Creativity Unleashed: Expert Insights from Vanderbilt’s Dr. Jules White

• Learn whether an AI career is right for you: Take our AI career quiz

Whether you want to develop a new skill, get comfortable with an in-demand technology, or advance your abilities, keep growing with a Coursera Plus subscription. You’ll get access to over 10,000 flexible courses from over 350 top universities and companies. 

Build job-ready skills with Coursera Plus

Start 7-day free trial

• 
• 
• 
• 

Start 7-day free trial