Executives consider cyber attacks the top threat to their companies, and artificial intelligence only exacerbates the risk by helping hackers infiltrate computer systems more quickly and more effectively. But AI can also help protect businesses.
“It’s important for companies to look for these next-generation technologies to identify and prevent attacks using things like AI,” George Kurtz, CEO of cybersecurity company CrowdStrike, told Fortune.
The number of cyber attacks in the U.S. hit an all-time-high in 2023 with more than 3,200 breaches, according to the Identity Theft Resource Center, a nonprofit that educates the public about cyber crime. These breaches threaten businesses because they can shut down sales, destroy reputations, create legal headaches, and put individual customers in danger.
CrowdStrike monitors companies’ systems for hackings and blocks cyber attacks based on what it calls “Indicators of Attack,” or IOAs. These IOAs are sequences of events in a computer system that signal a breach might be taking place. For example, a signal may include a user downloading an online file and opening it, and then the file uploading code, erasing other computer files, and deleting their backups. Each of these actions alone might indicate normal computer use but together suggest something nefarious.
“There are only so many ways to rob a bank,” Kurtz said, comparing the methodology of hacking to another kind of crime. “You have to get in and get out. It doesn’t matter what shirt you’re wearing, or whether you have a gun or a knife.”
Similarly, there are only so many ways to commit a cyber attack, and CrowdStrike dreams up new scenarios through IOAs and tries to stop them. Previously, CrowdStrike researchers and analysts would create these IOAs by hand, said chief technology officer Elia Zaitsev. They collected patterns of behaviors on customers’ computer systems, read about new kinds of hacks, and came up with sequences of actions for their technology to look for. “It’s very time-consuming,” Zaitsev told Fortune.
But in 2022, the company launched AI-powered IOAs. CrowdStrike’s AI systems can crawl through the trillions of data points from its customers—including Target, Salesforce, Intel, and Wyoming’s state government—and suggest new patterns that may signal breaches.
“It gets smarter as it goes through the data,” Kurtz said. “It finds more, and then it gets better, and then it finds more.”
The AI-powered IOAs are also more effective than human-created sequences, Zaitsev added. “We have found that the AI-powered IOAs are better at catching the bad stuff but also less noisy in detecting benign things,” he told Fortune. “It’s giving us our cake and letting us eat it too.”
Other cybersecurity companies are using AI in similar ways. Darktrace, a British cybersecurity company, uses AI to learn the intricacies of individual companies and identify when a user or device deviates from how they normally work, signaling a potential breach. Microsoft’s security business, called Microsoft Defender for Endpoint, also uses AI to predict if devices are at risk of an attack and automatically increases security if it determines they are.
While cybersecurity protections can help companies identify and stop attacks, they aren’t foolproof. Cyber experts are often left playing catch-up to bad actors who are constantly figuring out new techniques. Just as cyber companies are using AI to stop attacks, hackers are adopting it, and breaches are getting more sophisticated as a result. For example, AI can write a persuasive phishing email without the typos or format inconsistencies that may be a red flag to a target. It can also aid in cloning the voice of a family member, which can be used to ask for money over the phone.
“AI is a wonderful tool for defenders,” said George Berg, associate professor and former chair of the information security department at the State University of New York at Albany. “But it is at least comparably effective for offenders.”
“All an attacker needs is to find one weakness to access a system,” he told Fortune. “A defender has to find and block all of them. The advantage is with the attacker.”
Hacking grunt work
Cyber attacks happen for many reasons. Nation-state groups may be looking to gather intelligence on specific companies. Last month, for example, a suspected Russian state-sponsored group hacked into Microsoft and accessed corporate email accounts, looking for information related to the group itself, Microsoft said.
Money is another motivator. Bad actors may break in, encrypt files, and demand ransom. In 2021, meat processor JBS paid an $11 million ransom to hackers after a breach, the U.S. division chief said at the time, that caused a day-long shutdown of all its U.S. beef plants and interruptions at poultry and pork operations. Hacking groups may also deface websites as a form of activism. Such was the case in 2020 when foreign hackers posted messages on dozens of U.S. government websites to express their anger after a U.S. airstrike killed an Iranian general.
“For a nation state attack, AI will help the hackers a little bit, but they already have people with insane skills,” Arthur Conklin, information security professor at the University of Houston, told Fortune. “For the people doing botnets and ransomware—the common criminals of the internet—it will help them incredibly.”
Hacking is a “long path with boring grunt work,” he said, including writing code and searching through data—tasks that AI can do with enough precision to be effective. Because AI supercharges and speeds up hacks, it wouldn’t be surprising to see an increased number of attacks in the future, Berg added.
Generative AI, too
Zaitsev, from CrowdStrike, acknowledges the difficulties. “It’s an arms race where you’re always a step behind the adversaries,” he said.
CrowdStrike has another AI product that is supposed to make it easier for both security professionals and employees with little technology experience to protect themselves and their companies. In addition to CrowdStrike’s AI-powered IOAs, the company last year introduced a generative AI chatbot called Charlotte AI that can answer questions from anyone using CrowdStrike security products about their individual systems, like whether they are vulnerable to a specific kind of attack. It can also explain cybersecurity problems, like what a specific kind of malware is and how to avoid it. As a resource for an entire company, Charlotte can help onboard novice users and further train experienced ones, Zaitsev said.
It can also gather information and perform tasks for an IT department. For example, a user may enter a query, “Show me all failed log-in attempts from New York,” and the system will offer a list, giving security personnel the information they need to take further steps.
“Charlotte will be another leg of growth for us,” Kurtz said, adding that AI is at the core of what’s growing the company.