#3: AI versus AI
AI will dominate the cybersecurity arms race in 2025 and beyond. But there's still a place for humans.
Hi reader,
At a meetup in Berlin a guy pitching his super-niche B2B AI start-up told me:
“There’s nothing I don’t use AI for.”
“Writing blog posts. Sales strategies. Coding. Figuring stuff out.” He’s not alone. LLMs help you fake it til you make like never a before.
Cybersecurity is one area you don’t want to fake it. Chat bot hallucination rates are in the low single digits but even a 0.1% hallucination rate isn’t going to cut it when critical infrastructure is at play.
At that same meetup, a guy working in cybersecurity recruitment told me AI isn’t taking over the field any time soon.
But… it sort of is.
This week’s big new was that Google’s OSS Fuzz team used an AI tool to discover 26 vulnerabilities in open source software including one in the critical cryptography toolkit, OpenSSL library. This vulnerability — tagged CVE-2024-9143 — “has likely been present for two decades and wouldn’t have been discoverable with existing fuzz targets written by humans,” according to team members Oliver Chang, Dongge Liu, and Jonathan Metzman. FYI, “fuzzing” is the practice of using automated techniques to uncover software bugs.
AI is also making headway in areas of Offsec (offensive security) such as pentesting and vulnerability assessment. AI is probably the only way for security teams to keep up in the arms race with the most sophisticated threat actors. Google Cloud’s Cybersecurity Forecast 2025 predicts a surge in cyber-attacks deploying LLMs to create deep fake content, armies of fake social media personas to spread that content, along with social engineering attacks and espionage on an unprecedented scale. We’ll need robots to fight the robots.
AI agents might also be the best way to cope with the massive shortage of cybersecurity workers. According to the 2024 ISC2 Cybersecurity Workforce Study, the world is facing a cyber workforce gap of 4.8 million people (up by 19% over a year ago).
“AI can help reduce the need for humans in offensive cybersecurity by automating repetitive and time-consuming tasks,” says David Lindner, CISO of Contrast Security. It can perform scans at a massive scale, analyse vast data sets and simulate devastating AI attacks, at a more frequent rate than humans.
Even so, nobody is convinced we won’t need humans in cybersecurity. The ISC2 study reports: “Only one-third of respondents are concerned about their role not being future-proof in a Gen AI world — the other two-thirds are confident that their expertise will complement the technology.”
That German recruiter agrees. He told me 2025 is going to see an explosion in cybersecurity jobs in Germany and Europe.
News and events below!
Maurice
Top 10 this week
🖥️ European firms massively outsourcing cybersecurity
🔐 Time to prepare cryptography for the post-quantum future
🐟 French MPs Telegram accounts hacked
😈 Why QR code attacks at the spawn of the devil
🔥Zero days in Palo-Alto Network fancy firewalls
🏭145,000 industrial control system exposed
🚮 Ditch your old D-Link router
🚸 No social media for UK kids?
Upcoming events
Nov 20-21 - UK Sec (London)
Nov 28-29 - Def Camp (Bucharest)
Nov 29 - Cybersecurity Practitioner Meetup (online)
Dec 9-12 - Black Hat Europe 2024 (London)
April 1-11, 2025 - Helmholtz Open Hackathon (France)
May 13-22 - IDRIS Open Hackathon (Germany)
May 26-28 - re:publica (Berlin)
June 2-4, 2025 - Paris Cyber Summit
Sept 10-11, 2025 - Nordic Cyber Summit (Copenhagen)
Meanwhile, 16 years ago in the Netherlands …