Security practitioners attending RSA Conference 2023 in San Francisco April 24-27 can expect plenty of focus on the promise and perils of ChatGPT and generative AI, as well as ways to create more effective SOCs that can respond to a rapidly evolving threat landscape dominated in part by geopolitical strife from Russia and Ukraine to China and North Korea.
This will include plenty of discussion on the latest ransomware trends, software bills of materials, supply-chain attacks, and better ways to create more secure code for applications and assets in the cloud.
AI’s dominance – for better or worse
During a recent SecurityWeekly panel discussion moderated by CRA VP of Content Strategy Bill Brenner, AI was front and center. Brenner was joined by: Adrian Sanabria, host of Enterprise Security Weekly and director of product marketing at Valence Security; Josh Marpet, a host on Paul’s Security Weekly and executive director of RM-ISAO; and Jason Wood, a host of Security Weekly News and a senior researcher at Crowdstrike.
“I think AI will dominate the conversation,” Sanabria said. “We're still scratching just the tip of the iceberg of the top of the iceberg that we can see regarding what kind of concerns we should have about it [AI]. [As well as] what kind of benefits are going to come from it.”
Marpet cited several benefits generative AI will provide and also noted the lack of enterprise readiness for the technology. He mentioned the benefit of having AI tools that won’t forget anything and will even write position papers tailored for specific appointments ahead of time.
But organizations are unprepared for their partners and other third parties to put potentially sensitive information into an AI system, he noted: “There’s not a single contract out there that companies have with partners and their [AI] data sharing.” Hopefully, that changes quickly, but many companies will likely be burned as their intellectual property enters the ChatGPT knowledge base and ends up being openly shared, Marpet added.
Other potential AI perils include its ability to identify organizational weaknesses (but this can also be a benefit), develop malware and exploits, and craft compelling phishing emails and messages. All of which perhaps makes AI the ultimate dual-use technology.
Sanabria said none of this should scare security professionals away from generative AI. “I feel strongly that all security folks should be technologists,” he said. “We should all be early adopters. We shouldn't be late to the game when figuring out how to secure things. We should be looking at technology right when it comes out. And right now, it is a very pivotal moment, because it's inevitable that companies will want to shove all their data into some kind of AI large language model. How do we assess the privacy concerns with that?”
AI-focused RSA talks
The long list of AI talks on the agenda include the following:
- Monday, April 24, 8:30 am – 10:30 am: Hype and Reality: How to Evaluate AI/ML in Cybersecurity
- Monday, April 24, 9:40 am – 10:30 am: Hardening AI/ML Systems — The Next Frontier of Cybersecurity
- Tuesday, April 25, 9:40 am – 10:30 am: Artificial Intelligence: Balancing Rapid Innovation with Ethics
- Tuesday, April 25, 1:15 pm – 2:05 pm: How AI is Transforming Security and User Experience
- Wednesday, April 26, 2:25 pm – 3:15 pm: Rise of the Machines: Achieving Data Security and Analytics with AI
- Thursday, April 27, 9:40 am – 10:30 am: Security Implications of Artificial Intelligence Synthesizers
- Thursday, April 27, 2:10 pm – 3:00 pm: Stay Ahead of Adversarial AI in OT/ICS Environments — Mitigating CWE-1039
“Stronger Together”
The theme this year is “Stronger together.” Describing the theme, RSA Conference organizers have said it recognizes that no one goes it alone in cybersecurity – and that teamwork is critical to building resistance to cyber threats.
A popular returning event at RSA will be The Innovation Sandbox. To win, the contestants must be the most convincing at detailing why their product or service will provide the most impact in the year ahead. Previous winners include Imperva, Phantom, Axonius, BigID, Apiiro, and, most recently, Talon Cyber Security. This year’s finalists include AnChain.AI, Astrix Security, Dazz, Endor Labs, Hidden Layer, Pangea, Relyance AI, SafeBase, Valence Security, and Zama. The contest starts at the Moscone Center on April 24 at noon; winners will be announced by 3:00 PM.
