Introduction
Many years ago, John Denver read a poem about the ambulance down in the valley which highlighted the small-town struggle to decide between putting a fence on top of the cliff to stop people falling or to buy an ambulance in the valley to pick up those who fell. It ends with a local sage observing that “That people give far more attention to repairing the results than to stopping the cause, when they’d much better aim at prevention”. As I look at AI and Cybersecurity discussions today, I somehow get the feeling that we revisiting this principled discussion but fuelling the arms race on both sides.
I understand that AI focuses on building intelligent systems through automation and learning to support our lives and decisions. Cybersecurity, on the other hand, focuses on protecting our digital assets from threats. Obviously, we will need the cybersecurity skills to protect our AI systems from being hacked or misused and AI could be used to enhance cybersecurity by improving threat detection capabilities and auto-responses – but the bad guys could also use AI to learn how to attack systems. This means that it is not a simple decision between the fence and the ambulance but an ongoing struggle to keep the balance between the forces for good and evil.
New definition of Cybersecurity in the AI era.
We are slowly becoming aware that our realities are being subtily altered. The stream of news we get over the internet is being tailored to make money for someone and to do this they profile us and send us each more of what “they” think we like. This means our news stream can be very unbalanced as the search engine, browsing algorithm or even friends’ postings get screened to what the system believes we want to see. It gets more problematic if the content we’re being offered is AI generated and not based on reality at all.
So maybe we need a new generation of Cybersecurity tools that tell us when we are being send modified data – or worse, selective data where we don’t get to see the full picture.
The misuse of AI tools is not just limited to the criminal classes – it is now pervasive in the production of many research papers, business plans and strategic views. This is fine as long as we know what we are doing. If we are just asking a tool to paraphrase the text OK, but if we are asking the tool to do more, we need to be careful. Large language models can be used to summarize text or translate text between languages, but accuracy is not guaranteed and requires checking by a human — particularly when working in languages other than English.
Somehow many of us seem to learn the vital swear words and bad language when learning languages and particularly if we allow AI to learn dialogue from our TV programs, we may risk the tool learns improper language use.
The second new use of the AI tools is to help regulate from where AI tools learn. Just like people, there are sources you can’t trust and should not take as references for future behaviour.
So my new approach is to use AI supported Cybersecurity not only to keep the bad guys out but also to filter out the bias and misinformation in what I allow into my world.
How to train our AI Cybersecurity
We need to adopt some logic and methodology now to help us navigate our complex information space and the basic rule is to use many sources to get a good clear picture. Scott Adams (famous for creating Dilbert) proposed the Six Filters of Truth [1] to capture how we try to see what’s true and what’s false: personal experience, experiences of people you know, experts, scientific studies, common sense, and pattern recognition. Of course, each of these can be flawed so depending on one alone is a risk. The more filters something can pass the greater the likelihood that it is true.
We still need a new AI tool to tell us when something has been modified, when people are lying and when things are being hidden – only then will I feel Cyber secure.
[1] How to Fail at Almost Everything and Still Win Big: Kind of the Story of My Life, Scott Adams, ISBN-13 978-1591846918