Fight AI with AI: The Data Warfare

Technology is value-neutral. While often conceived as a driver of purposeful human action, it poses unparalleled dangers when in the wrong hands. Beyond AI narratives emphasizing robot armies taking over or machine learning revolutionizing entire industries, there’s a story often untold: the story of hackers silently pretending to be you.

Technological development has commoditized real time data analytics at scale, changing the name of the game across industries. Security is no exception. Armed with user data and affordable computational power, both security departments and hackers have evolved to a more agile state.

Users are the weakest link

As organizations became more effective in detecting traditional threats and malware, shifting fraudsters’ focus to perform “man-in-the-app” attacks and credential theft. Following the money trail, cybercriminals are increasing the sophistication of social engineering attacks, making account takeover fraud an 8B problem.

A multiplicative system is only as strong as its weakest link. No matter how secure computer systems are to external attacks if users are voluntarily giving away their login credentials by walking into increasingly sophisticated traps all over the Internet.

In the realm of agile enemies and slow regulations, only adaptive security solutions can secure users at scale. Authentication methods that take into account what we do, rather than merely what we know, will soon be widespread. Then the question becomes: can fraudsters use AI to mimic user behavior such that it goes unnoticed by security departments’ AI systems?

The catalogue of ships

Let’s dig a bit deeper to understand the opposing sides of the battle. On the one hand, AI-armed cyber-attackers have:

a larger attack surface (from the growing number of devices)
legitimate login credentials often straight from the user
physical insiders at organizations

And on the cyber-defense side there is:

lots of historical user data
user-level behavior biometrics
ability to learn from previous attacks at other organizations

Data is the deciding factor

While the strategic agenda of the attackers have shifted, changing the scale of the operation and the coordination of the attacks, organizations still have the biggest benefit: user data. Understanding and detecting patterns in user behavior to such degree that no illegitimate entity can pose as the user could turn the tide of the ongoing battle against cybercrime.

While organizations like OpenAI will hopefully ensure that no single organization alone will benefit from developing superintelligence, the emphasis will shift from having good algorithms to having proprietary data. I make a more elaborate case on that here.

Learn more about our adaptive authentication solution!

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.