Themes and takeaways from this year’s cybersecurity conference
Artificial intelligence (AI) is everywhere—at least if you define “everywhere” as cybersecurity conferences in 2023. It was definitely the hot topic among the 450 security vendors exhibiting at Black Hat USA 2023. With more than 20,000 attendees at the Mandalay Bay Convention Center in Las Vegas in early August, this year’s event included trainings, sessions, keynotes, and booths all featuring AI.
While large language models (LLMs)—best exemplified by ChatGPT—were the primary AI focus, security vendors have for years employed other technologies under the AI umbrella, including machine learning (ML) and symbolic AI, to help their systems more accurately identify threats.
These technologies operate under narrower scopes than LLMs, often with human supervision, because security practitioners are known for being wary. While many like the idea of a fully closed-loop security system that detects, responds, and recovers without human intervention, no one is comfortable implementing a system like that yet.
In the opening keynote, Maria Markstedter, founder of Azeria Labs, said generative AI is powering new, bolder use cases, which is why it’s experiencing greater popularity than other forms of AI that have been in use for years. With the overall AI market expected to reach $2 trillion by 2030,1 security vendors are working quickly to take part.
It looks like AI is going mainstream, yet many vendors are still working on how best to integrate LLM technology. Several of the products on display at Black Hat have expanded on the concept of low-code/no-code and focus on empowering users with less technical expertise to do technical work. Ideas discussed during booth conversations and breakout sessions included:
- Analyst guidance: With an LLM as an interface, analysts can ask the security platform questions in plain language to receive information. For example, asking if there are any vulnerabilities in the point-of-sale system would return a list of common vulnerabilities and exposures (CVEs) and their current status.
- Education: LLMs can be used as a teaching aid to help people learn new cybersecurity skills, as they understand coding languages and English. This could expand current employee skills or help close the well-publicized 3.4 million-person hiring gap.2
- Fixing code: An LLM can suggest alternate code to prevent introducing vulnerabilities into an application. It’s worth noting that this particular demoed feature uses more than one AI technology to check the LLM’s work to avoid the issue of hallucination.
- Reverse engineering of malware: This key task for defending against malware can be assisted by LLMs to deconstruct code or decrypt it quickly.
- Threat hunting: Similar to the analyst guidance use case, an LLM would power threat hunting using simple language.
With so many AI-powered tools aimed at security analysts and adjacent roles, it’s a reasonable assumption that bad actors are using AI as well. There doesn’t seem to be widespread agreement on attacker usage of AI, with some vendors considering it more of a fear tactic than a genuine threat.
In Accenture’s sponsor session, “What Current Dark Web Threats Matter?”, cyber threat intelligence analyst Mannie Willkan stated that their research hadn’t seen much use of commercial LLMs like ChatGPT to power attacks. However, private, in-house AIs, such as those adopted by businesses to assist employees, are a major target due to the data they contain. Many attackers targeting these companies are looking for social engineering data rather than corporate secrets, meaning when employees use AI for something as innocuous as a personal assistant, they could increase the company’s cyber risk. Other AI-related attacks are looking to exfiltrate user credentials and chat history from ChatGPT to commit more convincing fraud, such as business email compromise.
If you weren’t able to attend this year’s conference, many sessions are available to watch on-demand for free until September 18th. Visit the Black Hat USA 2023 website to register.