GenAI Is The Biggest Cyber Security Risk

Uploaded on 2024-10-29 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

The leading ethical hacking platform, HackerOne, has found that 48% of security professionals believe AI is the most significant security risk to their organisation. Ahead of the launch of its annual Hacker-Powered Security Report, HackerOne has revealed early findings, which include data from a survey of 500 security professionals. 

Respondents were most concerned with the leaking of training data (35%), unauthorised usage of AI within their organisations (33%), and the hacking of AI models by outsiders (32%).

When asked about handling the challenges that AI safety and security issues present, 68% said that an external and unbiased review of AI implementations is the most effective way to identify AI safety and security issues. 

AI Red Teaming offers this type of external review through the global security researcher community, who help to safeguard AI models from risks, biases, malicious exploits, and harmful outputs.  “While we’re still reaching industry consensus around AI security and safety best practices, there are some clear tactics where organizations have found success,” said Michiel Prins, co-founder at HackerOne. “Anthropic, Adobe, Snap, and other leading organisations all trust the global security researcher community to give expert third-party perspective on their AI deployments.” he said 

Further research from a HackerOne-sponsored SANS Institute Report explored the impact of AI on cybersecurity and found that over half (58%) of respondents predict AI may contribute to an “arms race” between the tactics and techniques used by security teams and cybercriminals. 

The research also found optimism around the use of AI for security team productivity, with 71% reporting satisfaction from implementing AI to automate tedious tasks. However, respondents believed AI productivity gains have benefited adversaries and were most concerned with AI-powered phishing campaigns (79%) and automated vulnerability exploitation (74%). “Security teams must find the best applications for AI to keep up with adversaries while also considering its existing limitations - or risk creating more work for themselves,” said Matt Bromiley, Analyst at The SANS Institute. “Our research suggests AI should be viewed as an enabler, rather than a threat to jobs. Automating routine tasks empowers security teams to focus on more strategic activities.” Bromiley said. 

HackerOne’s AI-powered co-pilot Hai can help security teams by automating tasks and saving  security teams an average of five hours of work per week. Indeed, AI-focused products continue to drive HackerOne’s business, with AI Red Teaming growing 200% quarter over quarter in Q2 and a 171% increase in security programs adding AI assets into scope. 

Test your AI risk readiness with this HackerOne interactive quiz HERE 

HackerOne   |   HackerOne   |    SANS Institute   |   

Image: Allison Saeng

You Might Also Read: 

The Crucial Role Of AI Red Teaming In Safeguarding Systems & Data:

DIRECTORY OF SUPPLIERS - AI Security & Governance:

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

 


 

« AI-Driven Air Defense System Takes Aim At Drones
What Security Teams Need To Know About The EU’s NIS 2 Directive »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LEXFO

LEXFO

LEXFO specializes in the security of information systems, assisting clients in protecting information assets using an offensive and innovative approach.

Sintef Digital

Sintef Digital

Sintef Digital carries out research in Information and Communication Technology for industry and the public sector.

NovaTech Automation

NovaTech Automation

NovaTech products and services make the world’s power grids and essential process industries more reliable, efficient, sustainable and secure.

Risk Ident

Risk Ident

RISK IDENT specializes in supporting enterprises in identifying and preventing criminal activity like payment fraud, account takeovers and identity theft.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Phoenix Cybersecurity

Phoenix Cybersecurity

Phoenix Cybersecurity Services and Managed Security Services help clients just like you take full advantage of leading cybersecurity technologies and industry best practices.

IP2Location

IP2Location

IP2Location provide services to identify geolocation by IP address, and to detect IP addresses associated with anonymous proxy servers, which are often used for fraud and spamming purposes.

Unlimited Technology

Unlimited Technology

Unlimited Technology offers a wide range of talent and experience, from assessing your requirements to implementing technologically advanced security solutions to best fit your needs.

Samurai Digital Consulting

Samurai Digital Consulting

Samurai Digital Security are a cyber and Information security services provider, specialising in penetration testing, incident response, user awareness and information governance solutions.

A&O IT Group

A&O IT Group

A&O IT Group provide IT support and services including IT Managed Services, IT Project Services, IT Engineer Services and Cyber Security.

Asimily

Asimily

Asimily’s IoMT risk remediation platform holistically secures the mission-critical healthcare devices that deliver safe and reliable care.

Locuz

Locuz

At Locuz, we’ve made it our mission to help businesses like yours create an actionable digital strategy.

CyberloQ Technologies

CyberloQ Technologies

CyberloQ Secure is a cybersecurity solution that enables clients to implement highly robust Multi-Factor Authentication (MFA) that includes client-defined location-based geofencing constraints.

The Purple Guys

The Purple Guys

The Purple Guys offer Trouble-Free IT Support to businesses across the Central and Southern US. Safe and Secure, Rapid Response, Friendly Support that’s our Purple Promise.

Judy Security

Judy Security

Judy (formerly AaDya Security) provides smart, simple, effective, all-in-one cybersecurity for SMBs. Get the 24/7 protection and support you deserve, at a price you can afford.

Deloitte Denmark

Deloitte Denmark

Swift incident management, worldwide support, and advanced defense strategies ensure comprehensive recovery and enterprise security with our IR service.