Renowned cybersecurity expert Bruce Schneier told a conference recently that he’s concerned that AI penetration of computer systems is inevitable. Experts say that AI attacks are a growing threat. “With AI becoming increasingly helpful from a hacking perspective, the data of users and consumers may be significantly more at risk,” Andrew Douglas, a cybersecurity expert at Deloitte Risk & Financial Advisory, said in an email interview. “Hackers typically look for the easiest target with the least amount of effort, and AI would allow them to target more people with better defenses in less time.” Schneier was the latest to sound the alert over the dangers of AI. “Any good AI system will naturally find hacks,” Schneier reportedly said at the recent conference. “They find novel solutions because they lack human context, and the consequence is that some of those solutions will break the expectations humans have—hence, a hack.”
AI Phones Into Your Home
Hackers already are using AI to pry into computers. One AI-driven cyberattack was launched against TaskRabbit in 2018, compromising 3.75 million users, but proving to be untraceable, Chris Hauk, a consumer privacy advocate at the website Pixel Privacy, said in an email interview. “The attack was launched by hackers employing a large botnet controlled by AI, which used slaved machines to perform a massive DDoS attack on TaskRabbit’s servers,” he added. Machine learning algorithms were used to successfully penetrate systems at Defcon back in 2016, noted Ray Walsh, a data privacy expert at ProPrivacy, in an email interview. At that time, seven teams competed for DARPA’s Grand Challenge to win a $2 million prize. “During the challenge, competitors used AI to find vulnerabilities, create exploits, and deploy patches via automated means,” he added. Bruce Young, a professor of cybersecurity at Harrisburg University of Science and Technology, said in an email interview that AI is being used to control botnets, a group of compromised computers under the control of a bad actor used to attack other computers. “AI can be used to automatically gather a person’s information, for example, bank, medical, driver’s license, birthdays,” he said. “They can formulate a sophisticated phishing attempt and deliver to a user an email that appears to be legitimate.” AI can be used to hack by discovering vulnerabilities and exploiting them, Paul Bischoff, a privacy advocate at the website Comparitech, said in an email interview. “AI and machine learning can spot patterns that humans would miss,” he added. “These patterns can reveal weaknesses in a target’s cybersecurity or operational security. AI can then exploit those vulnerabilities much faster than a human, but also more flexibly than a traditional bot.” AI can alter and improve its attacks without human input, Bischoff said. “AI is particularly well-suited to concealment and can hide within a system where it harvests data or launches attacks over a long period of time,” he added.
Protecting Yourself From AI
Unfortunately, there’s nothing specific that users can do to protect themselves from AI-based hacks, Bischoff said. “Just follow the usual guidelines,” he said. “Minimize your digital footprint, update your software, use antivirus, use a firewall, only download reputable software from reputable sources, don’t click on links or attachments in unsolicited messages.” But, brace yourself for more AI-guided attacks. “AI is used both for cybersecurity and cyber attacks, and in the future, we might see AI systems attacking each other,” Bischoff said. “For example, AI can be used to identify non-human behavior and take action against bots. Conversely, AI can be used by bots to mimic human behavior more accurately and bypass bot detection systems.” State-sponsored groups will be a likely source of AI hacks in the future, Kris Bondi, the CEO of cybersecurity firm Mimoto, said in an email interview. “This category is already driving an increase in breaches that are increasingly more sophisticated,” Bondi added. “If AI is effectively used for hacking, it will likely mean even more breach attempts that are even more sophisticated. This has implications for individuals, infrastructure, corporate espionage, and national security.”