Cyber companies start fulfilling the promise of AI security
Add Axios as your preferred source to
see more of our stories on Google.
Illustration: Eniola Odetunde/Axios
The dream of training AI tools to fight cyberattacks without human intervention could soon be a reality.
The big picture: Several AI security companies unveiled products at the RSA Conference this week designed to help mitigate cyber threats before they land on a corporate system.
- CalypsoAI, a startup focused on preventing confidential data from being sucked into AI models, introduced a new feature that allows customers to create a vulnerability scanner without any coding experience.
- Protect AI released Sightline, a new AI and machine learning supply chain vulnerability database, during the conference Monday. The tool provides an early-warning system that will defend against threats before they even appear on the government-run National Vulnerability Database.
- Trellix rolled out its new generative AI-enabled tool, called Trellix Wise, which will share details about a threat with defenders as soon as it hits its network without any prompting.
- Deep Instinct debuted DIANNA, its artificial neural network assistant, which relies on deep learning to predict hackers' tactics and intercept malware-infected files before they touch a system.
The big picture: So far, most AI security products have focused on keeping corporate data and government secrets away from chatbots and leveraging chatbots to help walk through threat alerts.
- "We're still in this era of 'detect and respond,'" Carl Froggett, chief information officer at Deep Instinct, told Axios.
Between the lines: Executives and government officials have been hopeful that generative AI tools will help alleviate cyber workers who are stretched thin and burned out.
- The cybersecurity industry doesn't have all of the workers it needs, and experts have hoped that generative AI products could help fill in some of the gaps.
Zoom in: CalypsoAI noticed the trend of everyone competing in the so-called scanner wars to create dozens of content and vulnerability scanners targeting specific use cases for AI models.
- So instead of the company continuing to dream up use cases for generative AI models, CalypsoAI created a product that allows customers to create their own customizable chat scanners for their specific needs, CEO Neil Serebryany said.
- If a customer needs to follow the Health Insurance Portability and Accountability Act (HIPAA), they can create a bot for this specific use case to keep patient data from landing in employees' hands.
- The customer scanners can be embedded into Slack, Microsoft Teams and other parts of a corporate system that's using a custom LLM.
Yes, but: The industry isn't ready to completely turn cyber defense over to AI, Ashok Banerjee, CTO and SVP at Trellix, told Axios.
- Even if the recommendations for a model are 99% correct, that 1% can still have a detrimental impact, Banerjee noted.
- "It's a huge responsibility," he said. "99% success would be very good grades in any test, but in this case we want to be very, very sure."
Editor's note: This story has been corrected to reflect Ashock Banerjee's correct title as CTO and SVP at Trellix.
