Axios Event: Clear AI governance frameworks are key to manage cyber risks, experts say

BOSTON – AI is transforming the cybersecurity landscape, and organizations must integrate it into their operational strategies, security protocols and workforce development priorities, industry leaders said at an Axios roundtable.

Why it matters: AI is raising challenges and opportunities for cybersecurity as it offers new ways to strengthen cyber defense but also allows bad actors to wage more advanced attacks.

Axios' Sam Sabin and Steph Solis moderated the June 9 discussion, sponsored by Western Governors University.

What they're saying: "There's not a choice to step away from AI" for both countries and companies, Recorded Future CEO Christopher Ahlberg said.

• "[T]his will be part of our lives, and we're going to have to get into it and be the leaders in it," Ahlberg said.
• "The U.S. might feel like it's very fragmented in all kinds of different ways, but it's an enormous powerful thing that we have in our hands, and we can take advantage of that and be ahead of other countries."

Between the lines: Many leadership teams are struggling to decide who is responsible for managing secure AI rollouts.

• Discussions around frameworks for AI governance right now are "woefully inadequate" at many companies, said Sabeen Malik, vice president of global government partnerships at Rapid7.
• "I think CIOs, CTOs, CISOs and CSOs are going to go through a very deep set of conversations around governance of these systems, and what are the frameworks that we're using," she said.
• "I think we're going to see some cracks, not just because of let's say auditing or transparency, but also who is responsible at the end of the day. I think we'll probably see a few hits before we kind of get this right."
• "What we're seeing is a lot of CEOs are pushing the problem down to the CIO and the CISO, like a technology problem, but it's not … this is a business strategy," UnRavl Technologies CEO Joe Flores said. "Set up your IT framework first, set up your cybersecurity and then do AI is our big mantra, but nobody is doing that."

Threat level: "The thing that I'm constantly worried about is the AI is going to be writing all of the software," said Chris Wysopal, Veracode co-founder and chief security evangelist.

• AI can hallucinate, raising concerns about the vulnerabilities of AI-written code, he said.

• "We're increasing the velocity of developers, we are making them more productive, we are writing more code, so we are just basically creating more vulnerabilities."

What's next: Educators and government leaders are focused on training the workforce to meet shifting job demands in the age of AI.

• For instance, MassCyberCenter director John Petrozzelli said they are working with the state to expand workforce development, such as through a state-subsidized center for cybersecurity and technology training.
• "AI is another application we have in our toolkit now for a business, and so that's how we take the approach. We're allowing all of our students, faculty, staff to leverage just about every AI tool out there," Babson College chief information security officer Michael Gioia said.

Content from the sponsored opening remarks:

Western Governors University senior vice president and executive dean of the school of technology Paul Bingham said the school's cybersecurity programs have grown from 3,000 to 19,000 enrolled students over the last eight years.

• As cybersecurity jobs and the workplace evolve alongside the rise of AI, "our day job is trying to prepare graduates to be successful, to meet the needs," Bingham said.