May 10, 2024 - Technology

Cyber companies start fulfilling the promise of AI security

robot and human arm clasp hands

Illustration: Eniola Odetunde/Axios

The dream of training AI tools to fight cyberattacks without human intervention could soon be a reality.

The big picture: Several AI security companies unveiled products at the RSA Conference this week designed to help mitigate cyber threats before they land on a corporate system.

  • CalypsoAI, a startup focused on preventing confidential data from being sucked into AI models, introduced a new feature that allows customers to create a vulnerability scanner without any coding experience.
  • Protect AI released Sightline, a new AI and machine learning supply chain vulnerability database, during the conference Monday. The tool provides an early-warning system that will defend against threats before they even appear on the government-run National Vulnerability Database.
  • Trellix rolled out its new generative AI-enabled tool, called Trellix Wise, which will share details about a threat with defenders as soon as it hits its network without any prompting.
  • Deep Instinct debuted DIANNA, its artificial neural network assistant, which relies on deep learning to predict hackers' tactics and intercept malware-infected files before they touch a system.

The big picture: So far, most AI security products have focused on keeping corporate data and government secrets away from chatbots and leveraging chatbots to help walk through threat alerts.

  • "We're still in this era of 'detect and respond,'" Carl Froggett, chief information officer at Deep Instinct, told Axios.

Between the lines: Executives and government officials have been hopeful that generative AI tools will help alleviate cyber workers who are stretched thin and burned out.

  • The cybersecurity industry doesn't have all of the workers it needs, and experts have hoped that generative AI products could help fill in some of the gaps.

Zoom in: CalypsoAI noticed the trend of everyone competing in the so-called scanner wars to create dozens of content and vulnerability scanners targeting specific use cases for AI models.

  • So instead of the company continuing to dream up use cases for generative AI models, CalypsoAI created a product that allows customers to create their own customizable chat scanners for their specific needs, CEO Neil Serebryany said.
  • If a customer needs to follow the Health Insurance Portability and Accountability Act (HIPAA), they can create a bot for this specific use case to keep patient data from landing in employees' hands.
  • The customer scanners can be embedded into Slack, Microsoft Teams and other parts of a corporate system that's using a custom LLM.

Yes, but: The industry isn't ready to completely turn cyber defense over to AI, Ashok Banerjee, CTO and SVP at Trellix, told Axios.

  • Even if the recommendations for a model are 99% correct, that 1% can still have a detrimental impact, Banerjee noted.
  • "It's a huge responsibility," he said. "99% success would be very good grades in any test, but in this case we want to be very, very sure."

Editor's note: This story has been corrected to reflect Ashock Banerjee's correct title as CTO and SVP at Trellix.

Go deeper