Oakseed Ventures sponsored a panel at the Information Systems Security Association (Silicon Valley Chapter) on March 19 2024 to discuss the Impact of Generative AI on Cybersecurity.

Startup panelists – Tibo, Ridge Security and SlashNext

Mike Skurko, incoming president of the ISSA Silicon Valley Chapter, was the moderator.  Startup panelists were Daragh McGraph representing Tibo, Hom Bahmanyar representing Ridge Security and Patrick Harr representing SlashNext.

While ChatGPT and other AI tools promises to unleash productivity across coding to network troubleshooting, organizations are at risk of leaking confidential information to these engines. Tibo is pioneering the world’s first-of-its-kind platform to detect sensitive information sent to ChatGPT and AI tools, redact them automatically and/or prompt the user to be aware.

Penetration testing is critical to ensure the security of infrastructure of organizations and software and hardware products of tech companies. Ridge Security provides autonomous agents that mimic a white hat to identify exploitable vulnerabilities. It provides CISOs with kill chains so that they can prioritize which vulnerabilities to patch.

Since launch of ChatGPT, there is a 12.7x increase in Phishing emails. Generative AI can now create phishing emails that have context, are customized, and without the usual flaws like grammatical errors. SlashNext is pioneering next Gen AI Email+ Security.

Challenges of AI to Cybersecurity

Patrick shared that since the advent of ChatGPT, there has been not only a huge spike in phishing attacks and deep fakes. These phishing attacks have become “three-dimensional” and more sophisticated.  Phishing is now “polymorphic”, meaning they dynamically change.  Deepfakes across voice and video are easy to create.  Bad actors scrap photographs from the internet and create fake accounts in social media that can impersonate you and add your friends to these fake accounts.  It takes only 15 seconds of a person’s recorded speech to be able to impersonate his/her voice through deepfakes.

Meanwhile malware has also become polymorphic and evade traditional signature based detection.  Generative AI will further the automation capabilities of malware and ransomware as a service.

Daragh spoke about how Generative AI opens up a hole for organizations to lose their most sensitive data as their staff leverage engines like ChatGPT to enhance their productivity.  Many organizations have chosen to completely block out ChatGPT and others, but there are many work arounds.  Organizations need to embrace AI in a way that does not compromise the loss of proprietary information.

Opportunities for AI in Cybersecurity

Yet, AI can be for good.  Hom discussed how AI is critical for helping CISOs respond to attacks quickly.  In the shift-left paradigm, code and products need security and penetration testing at the same time as unit tests.

The panel and the audience exchanged many ideas on how Generative AI can be used in Cybersecurity. Generative AI is now used in coding.  It is used to create synthetic data for training detection engines, for example clones of phishing or business compromise emails.

Final Thoughts

As organizations embrace AI, one of the threats that FBI has identified is in the access that Co-pilots and Large Language Models (LLMs).  It is critical that CISOs vent Access Control Lists of AI engines.

Thank our startups Tibo, Ridge Security and SlashNext for their exciting sharing!