GenAI Is The Biggest Cyber Security Risk

Uploaded on 2024-10-29 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The leading ethical hacking platform, HackerOne, has found that 48% of security professionals believe AI is the most significant security risk to their organisation. Ahead of the launch of its annual Hacker-Powered Security Report, HackerOne has revealed early findings, which include data from a survey of 500 security professionals. 

Respondents were most concerned with the leaking of training data (35%), unauthorised usage of AI within their organisations (33%), and the hacking of AI models by outsiders (32%).

When asked about handling the challenges that AI safety and security issues present, 68% said that an external and unbiased review of AI implementations is the most effective way to identify AI safety and security issues. 

AI Red Teaming offers this type of external review through the global security researcher community, who help to safeguard AI models from risks, biases, malicious exploits, and harmful outputs.  “While we’re still reaching industry consensus around AI security and safety best practices, there are some clear tactics where organizations have found success,” said Michiel Prins, co-founder at HackerOne. “Anthropic, Adobe, Snap, and other leading organisations all trust the global security researcher community to give expert third-party perspective on their AI deployments.” he said 

Further research from a HackerOne-sponsored SANS Institute Report explored the impact of AI on cybersecurity and found that over half (58%) of respondents predict AI may contribute to an “arms race” between the tactics and techniques used by security teams and cybercriminals. 

The research also found optimism around the use of AI for security team productivity, with 71% reporting satisfaction from implementing AI to automate tedious tasks. However, respondents believed AI productivity gains have benefited adversaries and were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%). “Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations - or risk creating more work for themselves,” said Matt Bromiley, Analyst at The SANS Institute. “Our research suggests AI should be viewed as an enabler, rather than a threat to jobs. Automating routine tasks empowers security teams to focus on more strategic activities.” Bromiley said. 

HackerOne’s AI-powered co-pilot Hai can help security teams by automating tasks and saving  security teams an average of five hours of work per week. Indeed, AI-focused products continue to drive HackerOne’s business, with AI Red Teaming growing 200% quarter over quarter in Q2 and a 171% increase in security programs adding AI assets into scope. 

Test your AI risk readiness with this HackerOne interactive quiz HERE 

HackerOne   |   HackerOne   |    SANS Institute   |   

Image: Allison Saeng

You Might Also Read: 

The Crucial Role Of AI Red Teaming In Safeguarding Systems & Data:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 


 

« AI-Driven Air Defense System Takes Aim At Drones
What Security Teams Need To Know About The EU’s NIS 2 Directive »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Cybersecurity Credentials Collaborative (C3)

Cybersecurity Credentials Collaborative (C3)

C3 provides a forum for collaboration among vendor-neutral information security and privacy and related IT disciplines certification bodies.

ISARA Corp

ISARA Corp

ISARA Corporation is a security solutions company specializing in creating class-defining quantum-safe cryptography for today's computing ecosystems.

Cycura

Cycura

Cycura provide advanced, customized, and confidential cyber security services, cyber investigation services, and digital forensic services to governments, companies, and organizations.

GovCERT Austria

GovCERT Austria

GovCERT Austria is the Austrian Government Computer Emergency Response Team. Its constituency consists of Austria's public administration.

Smart Contract Security Alliance

Smart Contract Security Alliance

The Smart Contract Security Alliance supports the blockchain ecosystem by building standards for smart contract security and smart contract audits.

ECOLUX

ECOLUX

ECOLUX is a professional IoT security service company committed to developing world-leading “IoT Lifecycle Security” technologies and products.

Paladin Capital Group

Paladin Capital Group

Paladin is a leading global investor that supports and grows the world’s most innovative cyber companies.

Jobsite

Jobsite

Jobsite is an award winning job board in the UK providing job listings in the key sectors of IT, Engineering and Finance.

DataViper

DataViper

Data viper is a threat intelligence platform designed for organizations, investigators, and law enforcement.

SECFORCE

SECFORCE

SECFORCE is a leading information security consultancy specialising in bespoke penetration testing and red team engagements.

FraudLabs Pro

FraudLabs Pro

FraudLabs Pro detects fraud and helps merchants to reduce e-commerce chargebacks by identifying high risk transactions.

Nonprofit Cyber

Nonprofit Cyber

Nonprofit Cyber is a first-of-its-kind coalition of global nonprofit organizations to enhance joint action to improve cybersecurity.

IriusRisk

IriusRisk

IriusRisk is an open Threat Modeling platform that automates and supports creating threat models at design time.

Incyber

Incyber

Incyber is a fully integrated network and cybersecurity solutions provider contracted to safeguard public and private enterprise, high value data and sensitive industries.

rThreat

rThreat

rThreat is a cloud-based SaaS solution that challenges your cyber defenses using real-world and custom threats in a secure environment, ensuring your readiness for attacks.