GenAI Is The Biggest Cyber Security Risk

Uploaded on 2024-10-29 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The leading ethical hacking platform, HackerOne, has found that 48% of security professionals believe AI is the most significant security risk to their organisation. Ahead of the launch of its annual Hacker-Powered Security Report, HackerOne has revealed early findings, which include data from a survey of 500 security professionals. 

Respondents were most concerned with the leaking of training data (35%), unauthorised usage of AI within their organisations (33%), and the hacking of AI models by outsiders (32%).

When asked about handling the challenges that AI safety and security issues present, 68% said that an external and unbiased review of AI implementations is the most effective way to identify AI safety and security issues. 

AI Red Teaming offers this type of external review through the global security researcher community, who help to safeguard AI models from risks, biases, malicious exploits, and harmful outputs.  “While we’re still reaching industry consensus around AI security and safety best practices, there are some clear tactics where organizations have found success,” said Michiel Prins, co-founder at HackerOne. “Anthropic, Adobe, Snap, and other leading organisations all trust the global security researcher community to give expert third-party perspective on their AI deployments.” he said 

Further research from a HackerOne-sponsored SANS Institute Report explored the impact of AI on cybersecurity and found that over half (58%) of respondents predict AI may contribute to an “arms race” between the tactics and techniques used by security teams and cybercriminals. 

The research also found optimism around the use of AI for security team productivity, with 71% reporting satisfaction from implementing AI to automate tedious tasks. However, respondents believed AI productivity gains have benefited adversaries and were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%). “Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations - or risk creating more work for themselves,” said Matt Bromiley, Analyst at The SANS Institute. “Our research suggests AI should be viewed as an enabler, rather than a threat to jobs. Automating routine tasks empowers security teams to focus on more strategic activities.” Bromiley said. 

HackerOne’s AI-powered co-pilot Hai can help security teams by automating tasks and saving  security teams an average of five hours of work per week. Indeed, AI-focused products continue to drive HackerOne’s business, with AI Red Teaming growing 200% quarter over quarter in Q2 and a 171% increase in security programs adding AI assets into scope. 

Test your AI risk readiness with this HackerOne interactive quiz HERE 

HackerOne   |   HackerOne   |    SANS Institute   |   

Image: Allison Saeng

You Might Also Read: 

The Crucial Role Of AI Red Teaming In Safeguarding Systems & Data:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 


 

« AI-Driven Air Defense System Takes Aim At Drones
What Security Teams Need To Know About The EU’s NIS 2 Directive »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Tukan IT

Tukan IT

Tukan IT provides a data classification and protection solution.

Executive Women's Forum (EWF)

Executive Women's Forum (EWF)

The Executive Women's Forum is the largest member organization serving emerging leaders and influential female executives in the Information Security, Risk Management and Privacy industries.

Applied Risk

Applied Risk

Applied Risk is an established leader in Industrial Control Systems security, focused on critical infrastructure security and combating security breaches that pose a significant threat.

Dark Cubed

Dark Cubed

Dark Cubed is an easy-to-use cyber security software as a service (SaaS) platform that deploys instantly and delivers enterprise-grade threat identification and protection at a fraction of the cost.

Dale Peterson

Dale Peterson

Dale Peterson, a leading ICS security and control system IT information expert, provides consulting services to assess and improve the security of SCADA and DCS.

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub

Cybersecurity Innovation Hub is a non-profit network organization focused on cooperation, information sharing, research and implementation of cutting-edge technologies in cybersecurity.

Rostelecom Solar

Rostelecom Solar

Rostelecom-Solar is a Cyber Security Company, providing software and managed detection and response (MDR) services to protect critical information from advanced cyber threats.

Tego Cyber

Tego Cyber

Tego Cyber delivers a state-of-the-art threat intelligence platform that helps enterprises deploy the proper resolution to an identified threat before the enterprise is compromised.

JaCIRT

JaCIRT

JaCIRT is the national Cyber Incident Response Team for Jamaica, established to deliver on the mandate outlined in the GoJ’s National Cyber Security Strategy.

Sikich

Sikich

Sikich LLP is a leading professional services firm specializing in accounting, advisory, technology and managed services.

Third Point Ventures

Third Point Ventures

Third Point brings deep technical expertise, a strong network of relationships, and decades of investing experience to add value to our partners throughout their journey from idea to IPO and beyond.

Siren

Siren

Siren provides the leading Investigative Intelligence Platform to some of the world’s leading Law Enforcement, National Security and Cyber threat investigators.

JanBask Training

JanBask Training

JanBask Training is a dynamic, highly professional, global online training provider committed to propelling the next generation of technology learners with a whole new way of training experience.

Silk Security

Silk Security

Silk is the first platform that enables enterprises to take a strategic, sustainable approach to resolving code, infrastructure and application risk.

TrafficGuard

TrafficGuard

TrafficGuard is an award-winning digital ad verification and fraud prevention platform.