Will AI make us more secure

ChatGPT, the dialogue-based AI chatbot capable of understanding natural human language, has become another icon in the disruptor ecosystem. Gaining over 1 million registered users in just 5 days, it has become the fastest-growing tech platform ever. ChatGPT generates impressively detailed human-like written text and thoughtful prose, following a text input prompt. In addition, ChatGPT can write and hack code which is a potential major headache from an infosec point of view and has set the Web3 community on fire. They are reeling from the implications and the sheer ingenuity of this AI Chatbot that can analyze code and detect vulnerabilities in seconds.

The Naoris Protocol POV

Following the hype around ChatGPT, the race is now on between OpenAI’s Chat GPT and Google’s LaMDA to be the market-leading NLP search tool for users and corporations moving forward. OpenAI is a newbie with $1B in funding and a $20B valuation, as opposed to Google’s towering $281B revenue. However, Google must rapidly innovate and adapt or risk being left behind, an example being TikTok and Meta, with the short format of TikTok leading the zeitgeist to become the most downloaded app, beating Facebook in 2022. Google is taking this seriously, having announced a ‘code red’ to develop a new AI-based search engine product to counter OpenAI’s land grab. Ironically, ChatGPT uses the same conversational AI platform developed by Google's engineers in 2017.

How this will affect cybersecurity in the future is unknown, but there are some assumptions. In the long term, this will be a net positive for the future of cyber security if the necessary checks and balances are in place. In the short term, AI will expose vulnerabilities that will need to be addressed, as we could see a potential spike in breaches.

AI that writes and hacks code could spell trouble for enterprises, systems, and networks. Current cybersecurity is already failing with exponential rises in hacks across every sector, with 2022 reportedly already 50% up on 2021. 

With AI maturing, the use cases can be positive for the enterprise security and development workflow, which will increase the defense capabilities above the current (existing) security standards. Naoris Protocol utilizes Swarm AI as part of its breach detection system which monitors all networked devices and smart contracts in real-time.

• AI can help organizations improve their cybersecurity defenses by enabling them to better detect, understand and respond to potential threats. AI can also help organizations respond to and recover from cyberattacks more quickly and effectively by automating tasks such as incident response and investigation. It can free up human resources to focus on more high-level, strategic tasks.
   
• By analyzing large volumes of data and using advanced machine learning algorithms, AI could (in the future) identify patterns and trends that may indicate a cyberattack is imminent, allowing organizations to take preventative measures before an attack occurs, and minimizing the risk of data breaches and other cyber incidents. 
   
• The adoption of AI could help organizations stay one step ahead of potential attacks and protect their sensitive data and systems. Integrating AI into an organization's production pipeline to create smarter and more robust code, with developers instructing AI to, write, generate, and audit (existing programming) the code.
   
• AI currently cannot replace developers as it cannot understand all of the nuances of systems (and business logic) and how they work together. Developers will still need to read and critique the AI's output, and learning patterns, looking for weak spots. AI will positively impact the CISO and IT team’s ability to monitor in real-time. Security budgets will be reduced, cybersecurity teams will also reduce in numbers. Only those who can work with and interpret AI will be in demand.
   

Will AI make us more secure?

However, bad actors can increase the attack vector, working smarter and a lot quicker by instructing AI to look for exploits and vulnerabilities within existing code infrastructure. The cold hard truth could mean that thousands of platforms and smart contracts could suddenly become exposed leading to a short-term rise in cyber breaches.

• As ChatGPT and LaMDA are reliant on large amounts of data to function effectively if the data used to train these technologies is biased or incomplete, it could lead to inaccurate or flawed results, e.g. Microsoft’s TAY AI turned evil within hours. Naoris Protocol uses Swarm AI only to monitor the metadata of the known operational baselines of devices and systems, ensuring they have not been tampered with in any way. Therefore, the Naoris Protocol AI only detects behavioral changes to devices and networks, referencing known industry baselines (OS & firmware updates, etc) rather than learning and forming decisions based upon diverse individual opinions.
   
• Another issue is that AI is not foolproof and can still be vulnerable to cyberattacks or other forms of manipulation. This means that organizations need to have robust security measures in place to protect these technologies and ensure their integrity.
   
• It is also important to consider the potential ethical implications of using ChatGPT and LaMDA for cybersecurity. For example, there may be concerns about privacy and the use of personal data to train these technologies, or about the potential for them to be used for malicious purposes. However, Naoris Protocol only monitors metadata and behavioral changes in devices and smart contracts, and not any kind of personally Identifiable Information (PII).
   

Conclusion

AI will require enterprises to up their game. They will have to implement and use AI services within their security QA workflow processes prior to launching any new code/programs. AI is not a human being. It will miss basic preconceptions, knowledge, and subtleties that only humans see. It is a tool that will improve vulnerabilities that are coded in error by humans. It will seriously improve the quality of code across all web2 and web3 organizations. The current breach detection time as measured by IBM (IBM's 2020 Data security report) is up to 280 on average. Using AI systems like Naoris Protocol’s cybersecurity solution as part of an enterprise defense in depth posture, breach detection times can be reduced to less than 1 second, which changes the game.