While Gen AI heightens vulnerabilities, more than half of organizations also anticipate faster threat detection and increased accuracy through its use.
The Capgemini Research Institute’s new report, “New defenses, new threats: What AI and Gen AI bring to cybersecurity”, published recently, suggests that while new cybersecurity risks are emerging, due to the proliferation of AI and generative AI (Gen AI), these technologies represent a transformative shift in reinforcing cyber-defense strategies for the long term to predict, detect, and respond to threats. Two thirds of organizations are now prioritizing AI within their security operations.
According to the report, while AI is considered by organizations as a strategic technology to strengthen their security strategies, the increased adoption of Gen AI across various industries brings heightened vulnerability. Gen AI introduces three major risk areas for organizations: more sophisticated attacks with more adversaries, the expansion of the cyber-attack surface, and a growth in vulnerabilities in the entire lifecycle of custom Gen AI solutions. These risks are also compounded by the misuse of AI and Gen AI by employees which can significantly increase the risk of data leakage.
Two in three organizations are wary of increased exposure to threats
Almost all organizations surveyed (97%) say they have encountered breaches or security issues related to the use of Gen AI in the past year. Gen AI also brings additional risks, including hallucinations, biased, harmful, or inappropriate content generation, and prompt injection attacks. Two in three organizations (67%) are worried about data poisoning and the possible leakage of sensitive data through the training datasets used to train Gen AI models.
Moreover, Gen AI’s ability to generate highly realistic synthetic content is posing additional risks: more than two in five organizations surveyed (43%) said they have suffered financial losses arising from the use of deepfakes.
Nearly 6 in 10 believe they need to increase their cybersecurity budget to bolster their defenses consequently.
AI and Gen AI are paramount for detecting and responding to attacks
Surveying 1,000 organizations that have either considered AI for cybersecurity or are already using it, the report finds that most rely on AI to strengthen their data, application and cloud security due to the technology’s ability to rapidly analyze vast amounts of data, identify patterns and predict potential breaches.
More than 60% of them reported a reduction of at least 5%, in their time-to-detect, and nearly 40% said their remediation time fell by 5% or more after implementing AI in their security operations centers (SOCs).
Three in five organizations surveyed (61%) believe AI to be essential to effective threat response, enabling them to implement proactive security strategies against increasingly sophisticated threat actors. In addition, the same proportion of respondents foresee Gen AI strengthening proactive defense strategies in the long term, anticipating faster threat detection.Over half of them believe also that the technology will empower cybersecurity analysts to concentrate more on strategy for combating complex threats.
“The use of AI and Gen AI has so far proved to be a double-edged sword. While it introduces unprecedented risks, organizations are increasingly relying on AI for faster and more accurate detection of cyber incidents. AI and Gen AI provide security teams with powerful new tools to mitigate these incidents and transform their defense strategies. To ensure they represent a net advantage in the face of evolving threat sophistication, organizations must maintain and prioritize continuous monitoring of the security landscape, build the necessary data management infrastructure, frameworks and ethical guidelines for AI adoption, and establish robust employee training and awareness programs,” said Marco Pereira, Global Head Cybersecurity, Cloud Infrastructure Services, Capgemini.