Kevin Bocek is vice president of security strategy and threat intelligence at Venafi.
Last year, Gartner predicted that businesses would increase spending on cybersecurity products and services by 11%, or $188.3 billion— a number that is expected to continue to increase. However, even after dedicating these resources to cybersecurity, breaches remain. happening at record speed due to ransomware and malware attacks.
Current spending also does not fully account for the impact AI will have on cybersecurity. More … than half of the organizations expected to integrate the use of AI and automation technologies in 2023. Without the right security tools and checkpoints, organizations will face major challenges due to malicious code. developed by AI tools.
While AI holds many promises for efficiency and automation, it also creates security risks, which I will explore in this article.
Protecting the Network Amid Code Democratization
The breakneck pace of AI innovation is driving an unexpected new shift: the democratization of coding.
This opens up unprecedented opportunities for innovation, but also introduces a myriad of risks. As more people, including what we now call “citizen developers” – non-professional developers empowered by generative code from sources like ChatGPT and Bard – become an integral part of businesses, the democratization of coding presents both opportunities and complexities.
On the one hand, the democratization of code puts the power of creating code within the reach of everyone, not just traditional developers. Whether they are financial professionals, factory workers, or people working across multiple sites, sophisticated systems now allow individuals to create scripts on the fly.
Another development introduces a new level of complexity: the possibility for generative AI not only to self-replicate but also to create numerous instances. Whether spontaneously or through malicious activities, this exit from confinement increases the risks that organizations face.
Google DeepMind CEO Demis Hassibas’ prediction in May that we could see artificial general intelligence – or AI with human-level intelligence –in a decade highlighted the growing exposure of generative AI, in which machines make decisions and generate code autonomously. The complex web of interconnected threats intensifies as machines communicate with each other, make infrastructure decisions, create code, and generate content.
These factors introduce entirely new concerns that go beyond the domain of professional developers or adversaries. To safeguard their digital future, organizations must navigate these nuances, highlighting the critical need to authenticate all code for effective governance.
Prevent unauthorized code from running your network
Responsibility in this new world of software orchestration falls squarely on the shoulders of Chief Information Security Officers (CISOs) and Chief Information Officers (CIOs). This responsibility extends beyond traditional software management, covering the entire spectrum from conventional coding to cutting-edge generative AI technologies used in business operations.
Boards of directors, recognizing the gravity of this responsibility, are prepared to hold CISOs and CIOs accountable for the effective implementation of these safeguards, thereby reinforcing their central role in steering organizations through the intricacies of era of democratization of codes.
To meet these challenges, organizations must prioritize a comprehensive defense strategy. Each piece of the coding puzzle must now have a unique workload identity for authentication and accountability, especially in a world where developers and AI systems interact seamlessly.
Organizations should also prioritize authentication, authorization, and regulation of the behavior of AI and machine learning models. This means first understanding what you use and access. From there, models must be assigned and machine identities approved so that they can be monitored or controlled.
Additionally, the inclusion of a crucial kill switch, which I written elsewhere– is essential for responding quickly and efficiently to unforeseen issues, ensuring a comprehensive approach to securing the ever-changing landscape of code creation.
By establishing robust defenses, adopting machine identities, and integrating a kill switch, organizations should be better positioned to harness the transformative power of these technologies while safeguarding their digital future.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Am I eligible?