"But ultimately, this is all the result of bad software, ridden with vulnerabilities. "We don't have a cybersecurity problem. We have a software quality problem," she said. The main reason for this was software vendors' prioritization of speed to market and reducing cost over safety. AI is making attackers more capable, helping them create stealthier malware and "hyper-personalized phishing," and also to spot and surface vulnerabilities and flaws more quickly."
"CISA has responded with its own AI action plan, and "I believe if we get this right, we will actually be able to tip the balance to the defenders and protectors." That includes through detection, countermeasures, and learning from attacks, but also identifying vulnerabilities and ensuring software is secure by design. Ultimately, she said, "if we're able to build and deploy and govern these incredibly powerful technologies in a secure way, I believe it will lead to the end of cybersecurity.""
Proliferation of data, platforms, and devices has expanded the attack surface, enabling state actors and cybercriminal groups to exploit weaknesses. Poor software quality and vendor prioritization of speed and cost over safety have produced widespread vulnerabilities. AI is increasing attacker capability by enabling stealthier malware, hyper-personalized phishing, and faster discovery of flaws, while also offering defenders enhanced detection, countermeasures, and learning from incidents. A coordinated AI action plan and focus on secure-by-design development and governance can shift advantage to defenders, potentially making security breaches anomalies instead of a business norm. Demystifying and deprioritizing the glamorization of hackers supports realistic response strategies.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]