AI creates mix of cybersecurity fear and hope in equal measures

A large majority of cybersecurity professionals appear to be coming to the conclusion that artificial intelligence (AI) needs to be regulated.

A survey of 600 cybersecurity professionals conducted by StrongDM, a provider of a platform for managing access to IT infrastructure, finds 87% of respondents are concerned about AI threats, with more than three quarters (76%) believing AI should be heavily regulated. However, 15% are concerned that excessive oversight could stifle innovation.

President-elect Trump has already signaled that he intends to appoint David Sacks to be his "White House A.I. & Crypto Czar.” It’s not clear how much influence such a czar might wield but the general expectation is the new administration will opt for a lighter touch when it comes to AI regulations than what the previous Biden administration had been advocating.

As such, cybersecurity professionals should assume while hoping for the best should continue to assume the worst. Nearly two-thirds of respondents (65%) admit their organization is fully prepared for AI-driven cyberattacks, with specifically malware (33%) and data breaches (30%) being identified as the top concerns.

On the plus side, however, two-thirds (66%) expressed optimism about the impact AI will have on their jobs, with 40% believing AI will enhance job roles without replacing them compared to 25% that foresee the creation of new job opportunities. Conversely, 30% expressed fears of job replacement.

As it is with most professions, cybersecurity teams are conflicted when it comes to AI. There’s plenty of opportunity to use AI to improve cybersecurity but only 32% of respondents said their company is actively investing in AI defenses and nearly half (48%) said there is still much to be done. In fact, only a third (33%) of respondents said they are very confident in their current cybersecurity defenses, compared to 46% that are somewhat confident.

The issue, of course, is cybercriminals are experimenting with AI as well. Given their resources, it’s also probable that many of them will determine how to take advantage of AI faster than defenders so there might come a time soon when cybersecurity teams are perceived to be losing what amounts to be an AI arms race.

Ultimately, however, cybersecurity professionals have a lot more to gain from AI than they might lose. In addition to augmenting chronically understaffed teams, the overall amount of toil experienced should decline as it, for example, becomes easier to both discover threats and automate remediations. The challenge, as always, is funding the acquisition of the next generation of AI-enhanced tools and platforms that will be required because the one thing that is certain is AI is anything but free.

In the meantime, the one thing that cybersecurity teams can assume, like it or not, is AI technologies, no matter the consequences, are going to be readily available for both good and ill. Hopefully, the benefits will far outweigh the current harm that will be be inflicted as cyberattacks continue to increase in both volume and sophistication.