1. AI will be a huge boon to cybercriminals
before it becomes a help to security teams.
– Cybercriminals will gain an advantage with advanced AI tools before their targets can implement AI defenses.
– Legitimate businesses face hurdles in adopting new technologies due to costs, regulatory requirements, and reputational risks, giving cybercriminals an initial advantage.
– Mario Duarte anticipates a leveling of the playing field over time, but expects challenges and vulnerabilities during the transition.
2. Generative AI will make lowbrow
– The deployment of advanced AI by cybercriminals raises concerns about potential sci-fi-level malevolence and sophisticated attacks.
– Mario Duarte emphasizes that, initially, cybercriminals are likely to leverage basic, effective attacks, with phishing remaining a significant threat.
– Generative AI is expected to enhance the success of phishing attacks, potentially catching people off guard.
3. Cyberattackers will continue to shift left.
– The shift towards DevOps/DevSecOps emphasizes moving testing and remediation left in the software development lifecycle, reducing human error in production through automation.
– Automation in the production environment minimizes opportunities for human error that cybercriminals exploit as entry points.
– Cyber attackers are targeting developer environments for potential human mistakes, posing a challenge for security teams to defend against, given the inherent chaos and experimentation in development.
– Despite the difficulty in creating baselines for acceptable development activity, Mario Duarte expresses confidence that, with time, security teams will effectively counter these shift-left attacks using a combination of human efforts, machine learning, and AI.