While artificial intelligence (AI) technology has existed since the 1960s, it wasn’t until the 2010s that its subspecialty, generative AI, began to take center stage, transforming booming industries from marketing to manufacturing. Dr. Ian Goodfellow is largely recognized as the pioneer of this, particularly for his innovative concept of Generative Adversarial Networks (GANs) in 20214. Since then, the global generative AI market has grown exponentially, predicted to reach $136 billion by 2031.
Despite the tremendous potential, however, the integration of generative AI also brought along an array of cybersecurity risks that are enough to keep security teams on high alert. Let’s look at several high-profile incidents that have spotlighted the potential threats posed by generative AI.
Data Leakage
Generative AI relies on user prompts to create content. Should this data be intercepted during the AI training process, it may lead to significant data leaks. Researchers at Google’s DeepMind unit demonstrated this vulnerability on ChatGPT by asking it to repeat the word “forever.” This caused the program to eventually churn out entire passages of literature and even sensitive personal data.
What to Do
While OpenAI has appeared to address this problem already (by placing limits on similar prompts), businesses can also do their part. When entering prompts, ensure that these do not contain any private or sensitive information.
Deepfakes
The term “deepfake” refers to synthetic media, where an existing image or video is manipulated or replaced with someone else’s likeness using generative AI. A recent example of this includes the viral deepfake images of Taylor Swift that dominated social media platforms for a while. In the business world, cybercriminals could also manipulate a video of the CEO or an executive to defraud the company or its stakeholders.
What to Do
Combatting the threat of deepfakes is multi-faceted. Organizations can invest in technologies like deepfake detection software that can analyze videos for potential manipulations. You can also implement authentication processes for critical business decisions to prevent cases of impersonation.
Phishing Scams
Back then, malicious emails were easier to spot due to poor spelling and grammar. But with the rise of generative AI, the line has blurred. AI-enhanced phishing scams are becoming more sophisticated, as AI can generate plausible, believable content personalized to the target.
In Hong Kong, an employee of a multinational firm was tricked into transferring $25.6 million to scammers after the latter used a combination of a convincing message and a deepfake video meeting.
What to Do
Use AI-powered security to your advantage. You can embed proactive monitoring technologies that detect malicious activity, anomalous behavior, or questionable emails. It’s also crucial for each employee to be properly trained and be proactively engaged on the latest measures to identify and respond to threats accordingly.
What Generative AI Can Do For Cybersecurity
Just as much as generative AI can pose security risks, it can also provide a robust defensive system. For instance, generative AI can produce realistic examples of phishing emails, which can then be used to train employees about what to look out for and how to appropriately respond. Additionally, it can simulate various cyber-attack scenarios, making security systems smarter by providing regular ‘practice’ against advanced threats without the actual damages.
The technology itself is a double-edged sword. But to be realistic, any new advancement opens the door to potential misuse or vulnerabilities. As a particular generative AI post points out, guarding against misuse is a key consideration for AI companies when developing this technology.
Keeping such discussion alive helps them address potential threats and devise stronger cybersecurity systems.
Wrap-up: Does Using Generative AI Pose Any Cybersecurity Risks to Businesses?
Yes, generative AI does pose certain cybersecurity risks to businesses. However, it also presents opportunities to strengthen a company’s security efforts. As new technologies continue to emerge, so too will the cyber threats that come with them. It’s imperative that organizations remain vigilant in identifying these risks and training teams accordingly.