AI & Cybersecurity: Context is King

AI & Cybersecurity: Context is King

In today’s guest post Evans Mehew, founder of FastFulcrum, explains that AI is currently in the “Narrow Intelligence” phase, and it has tremendous importance for defending shifting, expanding attack surfaces.


“You keep using that word. I do not think it means what you think it means.” – Inigo Montoya, from The Princess Bride


Artificial Intelligence. It’s the flavor of the month.


Hands down, Artificial Intelligence (AI) is one of the sexiest terms floating around in both technical industries and popular culture today. We see it in myriad contexts, from ads touting AI-enhanced diapers to the biggest and flashiest science fiction movies.


But what does ”Artificial Intelligence” actually mean?


There are many different definitions of AI in the wild – some fuzzy and others highly nuanced. For utility’s sake, I prefer Wait But Why creator Tim Urban’s explanation. Per Urban, AI can be defined using three categories (or “calibers”).


AI Caliber 1) Artificial Narrow Intelligence (ANI): Sometimes referred to as Weak AI, Artificial Narrow Intelligence specializes in one area. There’s AI that can beat the world chess champion in chess, but that’s the only thing it does. Ask it to figure out a better way to store data on a hard drive, and it’ll look at you blankly.


AI Caliber 2) Artificial General Intelligence (AGI): Sometimes referred to as Strong AI, or Human-Level AI, Artificial General Intelligence refers to a computer that is as smart as a human across the board — a machine that can perform any intellectual task a human being can. Creating AGI is a much harder task than creating ANI, and we’ve yet to do it. Professor Linda Gottfredson describes intelligence as “a very general mental capability that, among other things, involves the ability to reason, plan, solve problems, think abstractly, comprehend complex ideas, learn quickly, and learn from experience.” AGI would be able to do all of those things as easily as you can.


AI Caliber 3) Artificial Superintelligence (ASI): Oxford philosopher and leading AI thinker Nick Bostrom defines superintelligence as “an intellect that is much smarter than the best human brains in practically every field, including scientific creativity, general wisdom and social skills.” Artificial Superintelligence ranges from a computer that’s just a little smarter than a human to one that’s trillions of times smarter – across the board.


Say what you will about cash, it’s context that’s king. Within the context of cybersecurity, all AI is currently Artificial Narrow Intelligence. AIs deployed by cybersecurity experts and threat actors alike are used for specific purposes. All tools in a toolbox have a specific purpose and are used to achieve that purpose in accordance with the technology’s design. In this context, the broad-spectrum, general utility of duct tape is rare.


Does this mean we shouldn’t remain mindful of AGI, ASI and the potential issues they’ll pose when they emerge? No. Keep your ears on … things change fast in this space. For now – as far as we know – AGI and ASI have not yet been achieved, but their capability (think SkyNet) is what many people imagine when they hear “Artificial Intelligence.”


Cybersecurity is a single arena and context in which we deploy (or will soon) ANI solutions, but we must remember that said arena is beyond colossal. Cracking open the Matryoshka doll of cybersecurity terrain, we have to keep in mind a number of players and layers, including:


  • Nation states
  • Non-governmental actors
  • Corporations
  • Individuals


These entities use assorted technologies to various degrees to achieve a multitude of ends, and they all interconnect to form a global economy. The Fourth Industrial Revolution (as defined by Klaus Schwab of the World Economic Forum) will drive global economic gains via further development / interconnection of:


  • AI / robotics
  • Internet of Things
  • Autonomous vehicles
  • 3-D printing
  • Nanotechnology
  • Biotechnology
  • Materials science
  • Energy storage
  • Quantum computing


COVID-19 is providing an unexpected accelerant to adoption of automation and other technologies as companies strive to dampen risk vectors and increase efficiencies.


All these factors fold together to comprise a highly complex and ever-shifting attack surface. As cybersecurity is intended to defend attack surfaces, the best and proper tools have to be applied to achieve that end. Those tools include Artificial Intelligence.


At this point, we’re back to the old “lock & key” dance – a locksmith crafts a best-of-breed lock and the criminal classes meet that technology in kind with a more effective lockpick and accompanying skill set. The locksmith then sets to work on an even stronger lock ... and so on. Defense and offense drive mutual evolution.


As AI will be used by both white hat and black hat players, we should pause and consider the intricate complexity and interconnected nature of the aforementioned technologies and domains that will serve as their battleground.


That said, deploying benevolent AI to thwart the threat of malignant AI within critical infrastructures is an engraved invitation to the world of unintended consequences. Disruptions from such conflicts could possibly affect:


  • National security
  • Economic stability
  • Mission-critical systems
    • Utilities
    • Telecommunications


It may be prudent to approach AI cybersecurity solutions and scenarios by working backward with a weather eye on context – consider probable collateral and peripheral impacts, then craft the appropriate solution and strategy.

Evans Mehew
Director of Content Strategy | Optiv
Evans Mehew is the Director of Content Strategy for Optiv. Evans has over 25 years’ experience in information technology, information security, competitive intelligence and global business in industries including finance, healthcare, travel, telecommunications and software development. Evans is an inventor with six granted patents to date (with an additional three pending). Additionally, he served as an adjunct professor in graduate and undergraduate programs for over 16 years, teaching 40 unique classes over that time across a variety of disciplines including security, leadership, technology management and science.