The common idea of artificial intelligence (AI) as portrayed by media like films and TV shows has been mostly hype rather than functional–including depictions of robots and sentient networks that have their own personalities. Modern AI today has applications in a wide variety of sectors and is reaching capabilities far beyond what have encountered in recent years. It is not limited to powering smart chatbots. Modern AI can generate different kinds of media and enable automation and even autonomy in various scenarios. However, as AI grows, so do the risks surrounding and emanating from it. Organizations are aware of these risks, and that’s why many are adopting new security solutions like the incorporation of security into DevOps, or DevSecOps. The security strategies employed in the past are no longer effective at present. There is a need for better tactics, methods, and approaches in view of the rise of AI.

AI’s relationship with cybersecurity and DevSecOps

AI cyber security can mean two main topics: the use of AI to enhance cybersecurity solutions or cybersecurity needed to protect AI systems. This discussion covers both topics, although the greater focus here is on the latter because of DevSecOps. Simply put, AI can enhance security solutions or mechanisms that can then be applied to DevSecOps to build software systems that are secure from the get-go.

DevSecOps is about integrating security into DevOps, which is characterized by the acceleration of the software development cycle. AI can provide the benefits of greater efficiency, accuracy, and continuity as organizations develop software systems rapidly. It addresses many weaknesses in ensuring secure software development through automated security testing, more accurate threat detection, and predictive analytics.

Automated security testing predates AI, but modern AI used in cybersecurity is notably different because it goes beyond predefined sets of rules in automating processes. DevSecOps can use AI-powered automated security tests that include advanced vulnerability scanning, code analysis, simulated penetration testing, and purple teaming. These enable repeatable testing procedures that can be undertaken repeatedly without limits or the need for pauses.

Threat Detection

Meanwhile, AI supports more accurate threat detection in the software development process by consolidating threat intelligence sources and scrutinizing exhaustive volumes of security-related data without the risk of information overload and alert fatigue. It can continuously monitor system activity to detect malicious code and indicators of risks and threats. Notably, AI does not only rely on threat databases. It can automatically run parts of the software being developed to detect vulnerabilities and run behavior analytics to spot security issues based on activity patterns or deviations from benchmarks of safe or regular activities.

Moreover, artificial intelligence powers predictive analytics to anticipate threats even before they become actual problems. based on huge amounts of historical data, AI can forecast possible security issues in the software being built. This is highly important in complex setups, especially collaborative projects, which can introduce a wide range of unpredictable actions and consequences.

Responsibility for AI cybersecurity

In the context of AI used to enhance cybersecurity, AI cybersecurity is a product developed by security firms that specialize in cybersecurity for organizations and other computing technology users. They produce solutions like AI-powered Extended Detection and Response (XDR), Security Information and Event Management (SIEM), and Next-Generation Antivirus (NGAV) that can be used by enterprises as part of their security posture.

When it comes to cybersecurity used to secure the development of AI systems, organizations can develop their own security systems. However, they can also take advantage of already existing AI-driven cybersecurity systems for their DevSecOps processes. They can use AI-aided SIEM or XDR to detect and resolve vulnerabilities in their projects. Also, they can use products that provide safe and accurate data for AI training. In other words, it is possible to use AI-powered solutions to secure the development of AI systems.

Depending on how the phrase AI cybersecurity is used, the responsibility can be on the cybersecurity firm that develops AI cybersecurity solutions or the DevSecOps team that is building an AI system. Either way, this role is becoming more important as AI creeps into the different aspects of everyday life.

Addressing broader and more complex attack surfaces

There are many beneficial uses of artificial intelligence, from automating interactions with customers through smart chatbots to running automated marketing and sales campaigns. AI can even automatically localize websites and marketing content to expand to new markets. These growing benefits, however, also expand an organization’s cyber-attack surfaces.

Organizations face more cyber threats because of the new layer of complexities created by using AI systems. AI solutions require data storage, processing power, as well as communication channels, which can have vulnerabilities in them. Organizations that are new to using AI tools will easily oversee the potential risks, especially if they do not have a dedicated cybersecurity team to address threats proficiently. Putting up an AI-powered e-store chatbot, for example, opens up the possibility of exposing sensitive data, just like how ChatGPT can be manipulated to leak sensitive information from their training data.

AI can also have algorithmic vulnerabilities that cybercriminals can exploit to manipulate systems, expose sensitive data, or introduce malicious code into the system. This problem is particularly a concern in organizations that integrate AI with legacy systems and use third-party dependencies without proper vetting.

Organizations need advanced cyber defense strategies that do not only monitor threats through file and network traffic monitoring. It is also important to have mechanisms to monitor how AI systems are affecting overall security posture. The possibility of AI chatbots giving away delicate data, for instance, cannot be easily detected by conventional tools and security testing procedures. Organizations need new ways to cover the broader and more complex attack surfaces attributable to the use of AI.

These new realities that come with the adoption of artificial intelligence infer the need for better cybersecurity solutions. These solutions can be achieved with the help of AI, which in turn, can also be used in DevSecOps to develop secure AI systems and other software. Confounding as it may sound, this is just how the links between AI, cybersecurity, and DevSecOps work.

In conclusion

To answer the question posited in the title, AI cybersecurity can mean two things. First, it can be the use of artificial intelligence to enhance the security aspect of DevSecOps through AI-driven automated testing, vulnerability scanning, and behavioral analysis, among others. Secondly, it can mean the development of an AI-powered cybersecurity solution using DevSecOps principles and practices. It can be said that there is some sort of cyclical application of AI in the two contexts since AI can be used to enhance cybersecurity solutions (like SIEM and XDR), which can then be used in the DevSecOps setting to develop AI systems including AI-powered cybersecurity tools.

Featured Image by Fotis Fotopoulos: Unsplash; Thanks!