So if you could tell by the the topic of today's live, we're gonna look at the nexus between cyber and artificial intelligence. So I know there's some practitioners in the room a few CISOs. So if you are hate to be the bearer of bad news, this is not gonna be a super in the weeds, technical conversation, always happy to do that. But I would say just at a high level, why are we talking about this? Two things, I think the security aspects of AI are either overlooked, or they're not discussed enough. Obviously, as we know, we'll get into cybersecurity as leverage artificial intelligence for well over a decade. So that side is not new. There's been some interesting developments over the past year, and we could explore some of them. Then, in terms of real quick, why we care about it. The Oxford Institute formed a working group about a year ago that brings together civil society, industry, academia, and members established on the hill. And we look at this on an ongoing basis, usually once a month. Okay, so let's discuss some of the the threats or the challenge, I should say. Let's see on the left side, the misaligned focuses, not saying these are not things to be mindful of, but I think they get way too much attention when it comes to cybersecurity first these threats that everybody you know, if I ask somebody what's a national security or cyber threat with AI, usually people go to killer robots. You know, and other existential threats. I don't want to diminish, there are harms. And there are risks when it comes to AI and cybersecurity. I don't I don't want to undersell that. But then also genitive AI? Just, you know, we've heard heard time after time. Today. Gen of AI is now the talk of the town. But AI is a technology has been around for significantly longer, especially in the security space. Conversely, what are some of these neglected focuses that the ones that we should be talking about more cybersecurity applications? How can we leverage that technology to combat bad actors, and also stay ahead of that, whether they be nation states or criminal groups, following best cybersecurity practices, the way I see it, and some would disagree, AI is a form of technology, we should not forget about everything we've done for years in the cybersecurity space. I think some people are under the impression we should just start from scratch when it comes to security, we have a lot we can build off of just as a concrete example, the NIST AI framework exceptional document did not come out of nowhere for those that have drafted the room. I know. It was largely based on their cybersecurity and privacy framework system direct parallels there. And then the reality of bad actors. I'm not saying we do nothing. As a government, I think there's definitely steps we should take to secure ourselves. But the reality is, no matter what we do, bad actors are going to leverage the technology itself. We're trying to come after us regardless. So we should look how we can combat them. And then obviously, the National Security axis, we know China's in the hate to just single them out. But they want to be the global leader in artificial intelligence by 2030. if not sooner, I come from a military background. And we also see this obviously just open source playing out in Battlefield today. So our failure to act or failure to embrace technology, I think will have broader implications. Okay, so just at a high level, how are we seeing this play out in the security space, because of time, just going to pick on a few. Arguably one of my favorite is workforce and incident response. If you haven't been following it, the numbers they are anywhere from 600,000 to a million cyber professionals short United States. I know it's a big gap, you may say, but you know, we can debate it out the actual numbers later, I think AI is is where we can see the skill set and practitioners entering the workforce be a huge enabler, rather than needing to go and have NASA's green field multiple years of experience, not saying it to be the be all end all. But I do think it will allow less skilled practitioners to work in the cybersecurity field, as well as instant response. super neat. This is one of the advancements that's come online over the past two years of looking at how generative AI can help with cyber incident response. And you'll see from a later slide, my personal opinion, I don't think AI should be the foolproof solution to anything when it comes to security. But I think it's a huge enabler and key part of it. code development, you may if you went to the panel this morning, you heard them tease this out. Developing secure code continues to be a challenge and can be time consuming. It's really neat to see how AI has been used to develop secure code equally is important to look for vulnerabilities and code that already exists. Just to touch on a couple more obviously, threat detection, I think that's the one most people in the room would be familiar with. If you use any type of commercial product, chances are to a degree it's using artificial intelligence. AI is enabling threat to be detected much quicker and much more accurately, which is really neat. You know, it's interesting, but last year, so I don't give you the wrong quote me check. Check my notes the last year took over 277 days to identify a breach. It's interesting depending on what study you analyze, AI has significantly reduced that. Yes, there has been some issues with it. It's not always foolproof, but it's like any technology. It's never gonna be perfect. Okay, so you know, moving ahead What should we be mindful of looking forward? This is the stuff my team and I are looking for. And it's really neat to see how vendors are leveraging is I think the big takeaway is vendors are looking at if they have traditional security products, how can they leverage the built in AI with those products? Or how do we develop brand new security products that leverage AI, without going to super far in the weeds, if Digital Forensics as a field, it's really near and dear to me. It takes a lot of time. And it's really hard to go after and find the source of somebody that's responsible for a cybersecurity incident, seeing how AI has leveraged this and where we're going, it's cutting those times to go through logs much quicker, which is really neat. I mean, didn't I dynamic incident response is really neat. If you haven't seen demos of this, I recommend you YouTube it, it's really neat to see how this plays out in person, basically, the risk of oversimplifying it, it's allowing a technology to proactively take measures based on what it perceives to be a security incident. So rather than waiting for a human to take an action, it's able to segment different parts of your network, it's able to take other proactive measure, historically, this has been more about system maintenance. Now, this is advanced and beyond maintenance to proactive security measures.
Considerations because obviously, everything should go back to the policy, at least in my opinion, I've alluded this to a few times, AI should not be the full solution. I'm a huge believer, and I think it has an enormous potential has already showed its potential in the cybersecurity space. But I do think there's always a role for the human. And that's something I think shouldn't be taken out of the picture. And then accounting for security and policy. I think this there's two flavors here, either, we're taking broad brush action when it comes to AI that may limit the ability for some of these innovations to come online or slow them down, which I think is concerning, or like the AI executive order. There's direct call outs for cybersecurity. So it's really important we make sure we get those those right. And I think with that it's important to get tailored approaches. You heard some of the keynotes today, including the NTA speaker this morning, if you listen, it's interesting to see what sectors now are analyzing how, how it may have, you know, commonality across all the sectors but also require unique approaches. So I think that's really key. It's not a one size fits all approach. There's significant nuance, especially when it comes to security.
And maybe to end on a media slightly less optimistic new, I
think there are significant risks of not leveraging the technology. You know, we know adversaries are and will continue to come after us in the cybersecurity realm and may leverage AI. We've already seen that play out in critical infrastructure and fortunately, so I think we should say ahead of them. And this is one way to do that. So I know I've thrown a lot at you being mindful of time but happy to stick around and answer questions. I love this topic. Happy to get in the weeds if anybody wants a slightly more technical approach and maybe a broader a broader overview. So thank you
