Sophos: Gen AI Flaws Could Negatively Impact Cybersecurity

AI is as embedded in cybersecurity as it is any other area of the modern enterprise. Security providers are quick to point out the advanced AI that underpins their platforms and helps keep organisations worldwide protected and, speak to any CISO or senior leader, and AI will be at the top of the list when it comes to capability focus. 

In this climate it’s easy to assume that AI adoption is always the answer and that, for cybersecurity, the technology will improve protection from threats and improve return on spend. While largely true, security solutions leader Sophos has conducted research that suggests the reality might not be as straightforward.

As part of its Beyond the Hype: The Businesses Reality of AI for Cybersecurity report, Sophos surveyed 400 IT and cybersecurity leaders on how they use AI in security with a particular focus on generative AI (Gen AI). 

Some form of AI is embedded in the cybersecurity infrastructure of 98% of the organisations surveyed. 

Sophos’ goal was to cut through some of the noise around AI and gain measurable insight on adoption, desired benefits within organisations, and the understanding of associated risks. It said the research found ‘a major blindspot when it comes to the use of AI in cyber defenses’. 

Adoption and expectations

The pace of AI adoption and forecasted future usage means understanding both the risk and associated mitigations in cybersecurity is a priority for every organisation. 

Sophos found that nearly three quarters of those surveyed use cybersecurity tools that include deep learning models, 65% use tools that include Gen AI capabilities, and 34% use Gen AI in house to elevate their cybersecurity posture. 

These stats will only grow, with AI capabilities now on the requirements list of 99% of organisations when they’re selecting a cybersecurity platform. 

Different sized organisations expressed different priorities for how they approach Gen AI, with improved protection from cyberthreats and better business performance ranking as high priorities. 

The question of risk

As with any new enterprise technology, introduction of AI brings many benefits but also increases the risk and threat landscape. Gen AI and other AI-powered defense solutions bolster cybersecurity but Sophos said that any potential gain can be offset by poor quality and poorly implemented AI models. 

Specifically, it found that 89% of IT and cybersecurity leaders are concerned that flaws in Gen AI tools could harm their organisation.

The cost of Gen AI capabilities to develop and maintain remains a priority for organisations, with 80% of leaders expressing concern that the technology will ‘significantly increase the cost of their cybersecurity products’. 

“As with many other things in life, the mantra should be ‘trust but verify’ regarding generative AI tools. We have not actually taught the machines to think; we have simply provided them with the context to speed up the processing of large quantities of data,” says Chester Wisniewski, Director, Global Field CTO, Sophos. 

“The potential of these tools to accelerate security workloads is amazing, but it still requires the context and comprehension of their human overseers for this benefit to be realised.”

Embracing AI

Like any new technology adoption, AI opens up the potential for risk, but Sophos recommends a thoughtful and human-centric approach to bringing in cybersecurity tools that enhance defences as well as broader strategic objectives.

To mitigate key risks, organisations should collaborate with vendors and potential partners to understand how they develop their AI capabilities, including in areas such as data quality, modelling and engineering. 

Setting clear goals and rigour around investment decisions can help define potential AI outcomes, and leaders should view AI as one item in a cyber defence toolkit rather than a solution for every threat and challenge.  

Explore the latest edition of Cyber Magazine and be part of the conversation at our global conference series, Tech & AI LIVE and Cyber LIVE.

Discover all our upcoming events and secure your tickets today. 

Cyber Magazine is a BizClik brand