2020 Predictions: AI in Cybersecurity

This is our first annual roundup of expert predictions for the coming year. Here’s what leading industry figures have to say about the use of AI in cybersecurity in 2020.

• AI and automation will have a profound impact on fraud prevention in the financial services space:  Customer experience and fraud detection will go hand in hand in the finance industry, especially as Millennials are 2.5 times more likely than Baby Boomers and 1.5 times more likely than Gen Xers to switch banks. Machine Learning and AI will serve a dual function in financial services and banking. Not only will AI help speed up and improve the verification and accuracy of new customer onboarding, it will also provide a reliable means of continued identity authentication for each subsequent customer login in order to thwart sophisticated attacks. AI can quickly scan, analyze and confirm an individual’s online identify in a matter of seconds by simply capturing a selfie of the customer, comparing it to the initial onboarding photo of a government-issued ID document (e.g., driver’s license or passport) and then running it through an algorithm to detect any suspicious activity or digital tampering (Photoshop fakes). Because this process is historically faster than relying on human detection, fiserves implementing an AI-based digital identity verification solution in 2020 will experience a dramatic improvement in fraud prevention while also maintaining high customer conversation rates through a more frictionless, repeatable customer experience – Labhesh Patel, CTO and Chief Scientist at Jumio

• We’ll see more systems based on artificial intelligence that will help companies protect themselves. We will even see solutions that were previously considered too good to be true — such as ThetaRay’s Artificial Intuition^TM, which mimics human decision making and is already used by Tier-1 financial institutions as part of the AML, CTF and fraud detection efforts. The market will realize that the only way to protect itself is to use the most advanced solutions possible.” – ThetaRay CEO Mark Gazit

• There will be a huge investment return gap between those using basic analytics or simplistic machine learning on data from those that are using true artificial intelligence. Machine learning simply won’t cut it anymore. Artificial intelligence will be the only path to maximum data value.Artificial intelligence is more effective with massive data sets and can solve additional use cases with personally identifiable data. Artificial intelligence efforts and innovations in countries with more restrictive privacy policies and regulations will be at a competitive disadvantage to the massive returns within countries that have less restrictive data use policies.   – ARM Insight

• Adversarial Machine Learning techniques can successfully “poison” ML-based models. Researchers and academic leaders in the computer science field have a renewed focus on artificial intelligence and machine learning algorithms. Amazon Alexa, Google Search, Netflix Recommendations, and Tesla Autopilot are hugely popular commercial applications using machine learning to help customers. However, academics and researchers such as Stanford University’s computer security research team led by Dan Boneh are continuing to prove that “poisoning” machine learning systems is consistently possible once access to the model or reference model is achieved. Adversarial Machine Learning appears to be in its infancy, but I predict we will start to see more examples in the public in 2020 and beyond. – Doug Dooley, COO of Data Theorem

• AI for Industrial – Industrial companies will continue to shift toward artificial intelligence-based solutions for analysis of cybersecurity data. This is part of a broader trend of companies shifting towards tools that can efficiently and effectively automate tasks, such as workforce challenges, costs, and security needs. A.I. and machine learning tools will leverage data – the new oil in cybersecurity – to augment human decision making. But industrial companies in particular are looking for ways to better protect their critical infrastructure devices, the vulnerability of which have become more apparent in the past years given the growing number and increasing severity of attacks on power utilities and manufacturing plants. CISOs are hungry for tools that can help them with this problem and A.I. has the potential to flag anomalous activity that could point to an attack and analyze sensor data for more effective response to security threats and even predictive maintenance needs. Both of these are important because downtime in critical infrastructure environments can be catastrophic. A.I. is far from a silver bullet, requires extensive expertise and is still largely in early technical innings, but demand for it will grow in 2020 and beyond. – Rob McNutt, CTO at Forescout

• The data foundations for cybersecurity AI / ML will be laid. Artificial intelligence and machine learning hold tremendous potential for application in cybersecurity — profiling and detecting threats, identifying compromised accounts, detecting anomalous user behavior, predicting and protecting against malwares and zero-day vulnerabilities, and identifying and disrupting spear phishing attacks, to name a few. However, much of this potential is currently unrealized. One of the biggest challenges to enterprise cybersecurity AI implementations is the lack of sufficient reliable labeled data. By implementing modern data structures like Knowledge Graphs focused on collecting, collating, and organizing large volumes of business, IT, and security data in 2020, organizations will position themselves for future success in cybersecurity AI initiatives.  – Syed Abdur, Director of Products at Brinqa

• Because people train artificial intelligence (AI), AI adopts the same human biases we thought it would ignore. However, this hasn’t stopped the legal system from employing it. Just last year, a judge ordered Amazon to turn over Echo recordings in a double murder case.[1] With AI already primed to make biased decisions based on the information it receives, an insider could exploit this to feed it false information to more directly implicate someone of a crime. In making AI more human, the likelihood that it makes mistakes will increase. –James Carder, CSO and Vice President of LogRhythm Labs

• Use of AI will become more specialized. 2019 saw a lot of enterprises experimenting with artificial intelligence. Many of these experiments led to the realization that it requires a lot of time and expertise to implement AI successfully. In 2020, we will see some of those experiments start to pay off, as enterprises refocus their AI efforts on areas where it saves time and money — such as examining x-rays, automating customer service with chatbots, and simplifying driving via semi-autonomous vehicles. But other AI projects will be abandoned, as it becomes clear that AI is not the most effective approach — such as email security, where AI-powered security systems often miss phishing attacks and BEC scams; and identifying fake news, where AI-powered tools have also missed the mark thus far. –Peter Goldstein, CTO and Co-founder Valimail 

[1] https://techcrunch.com/2018/11/14/amazon-echo-recordings-judge-murder-case/

Photo by Matan Segev from Pexels