The rapid, mainstream adoption of generative AI is increasing security risks, resulting in “one of the most complex threat landscapes ever.”
So claims Microsoft’s corporate vice president of security Vasu Jakkal, during her keynote speech at the RSA Conference in San Francisco this week.
“Identity-related attacks have increased by 10x just year over year. Cybercrime is both a nation-state and ransomware is a gig economy. If cybercrime was an economy, [or] a country it would be the third largest GDP in the world,” Jakkal said.
Jakkal painted a grim picture of AI being a potent tool for attackers to “proliferate malware rapidly and quickly and create new variants, to password cracking more intelligently with more context.” What’s more, she warned that bad actors could abuse AI to “prey on what makes us human – our curiosity using phishing and new techniques there.”
The security boss highlighted voice imitation attacks, noting “just a three-second voice sample can train a GenAI model to sound like anyone.” She also flagged emerging threats like AI model poisoning, prompt injection attacks, and risks around AI training data.
Despite the dangers, Jakkal struck an optimistic tone about AI’s potential benefits if secured properly, from healthcare breakthroughs to personalized education. “Imagine if we could use AI to reach the millions and billions around the world in rural corners in education,” she posited.
To better protect AI systems, Microsoft recommends a three-pillar strategy, according to Jakkal:
- Discover all AI usages and map risks
- Protect by mitigating risks through measures like zero trust and data controls
- Govern AI through risk-based policies, compliance tracking, and user education
“Governance is about human agency. It’s making sure we put ethics, [and] we put humans at the front and at the heart of technology to understand how we should build this safely, deploy this safely, and use this safely,” Jakkal stated. “We need to be really thoughtful about this.”
The security leader issued a call to arms for defenders to rise to the AI security challenge: “You are the heart of trust in the heart of an organization’s trust in AI. You’re the ones who provide a safe and secure space for exploration. You are the Yes for AI,” she said.
“I invite you to join me fearlessly, bravely, keeping security at the heart, and with care together. I invite you to freely dream big, to make our world safer, and to work together because I think it’s going to be a beautiful world.”