Priya PatelTLDR:
– AI-enhanced cyberattacks have the potential to increase the speed and scale of cyberattacks, posing a significant threat to cybersecurity.
– However, AI can also improve defense mechanisms and enhance detection capabilities.
Artificial intelligence (AI) has the power to increase the quality and speed of cyberattacks, particularly in the case of phishing attacks. AI-powered phishing attacks can personalize messages by analyzing social networks, breaches, and public records to generate convincing messages that appear to come from trusted sources. This poses a significant threat to cybersecurity as it allows for the mass distribution of customized emails within minutes, targeting individuals and organizations in the US and abroad.
While AI-enhanced cyberattacks are a serious concern, AI also offers opportunities to strengthen cyber defenses. A strong legal framework is necessary to respond effectively to these threats. Surprisingly, the US is ahead of Europe in terms of regulations and policies governing cyber operations related to national security. However, both regions need to prioritize the development and implementation of robust legal frameworks to address the evolving nature of cyberattacks.
The use of AI in cyber automation presents ethical concerns around accountability and mitigating unintended consequences. Human oversight is crucial to ensure that AI-based cyber operations align with legal frameworks and reflect democratic values. The US has made significant progress in this regard, directing its Department of Defense to integrate AI into operational use subject to appropriate ethical policies.
Europe has taken the lead over the US by enacting a binding law, the AI Act, which aims to prohibit or limit certain practices such as biometric scanning and facial recognition. However, exceptions are included for law enforcement and national security purposes. In contrast, China has eliminated most restrictions on AI use, aligning it with the Communist Party’s goals of social control and power projection.
In conclusion, the regulation of AI use will play a crucial role in determining the success or failure of cybersecurity efforts and the defense of democracy. It is essential to maintain accountability and human oversight in AI-based cyber operations, ensuring that training data reflects intended outcomes and values, and periodically conducting quality control reviews.
About the Author: Emily Otto, a non-resident fellow at CEPA, is an Army Cyber Warfare Officer with expertise in threat intelligence and cyber operations.
