Artificial Intelligence (AI) has been touted as the future of cybersecurity, and rightly so. With the growing volume and sophistication of cyber threats, cyber analysts are finding it challenging to keep up. As a result, AI has become an integral part of cybersecurity operations, providing faster and more accurate threat analysis. However, the rise of “Shadow AI” in cybersecurity has the potential to cause problems for organizations.
What is Shadow AI?
Shadow AI refers to the use of AI tools by employees in a company, particularly in the cybersecurity realm such as threat hunting, without the knowledge or consent of their organization. It arises when employees feel that their organizations’ cybersecurity tools are inadequate or that they are not allowed to use AI in their work, and so they turn to personal AI tools to help them perform their job more efficiently.
Shadow AI in Cybersecurity
Cybersecurity analysts, in particular, are making use of AI tools to help them perform their job more efficiently. Here are three ways that Shadow AI is being used in cybersecurity:
Deobfuscating Code with Shadow AI
One of the most significant challenges faced by cybersecurity analysts is the obfuscation of code, especially PowerShell code. PowerShell is a scripting language used by Microsoft Windows, and cyber attackers often use obfuscation techniques to hide their malicious code. Cybersecurity analysts can use AI tools to deobfuscate the code and understand its core function, which can help them to identify and mitigate threats more effectively.
Analyzing Malicious Code
Another way Shadow AI is being used in cybersecurity is through the analysis of malicious code. Cybersecurity analysts can use AI tools to analyze the code and gain a better understanding of how it operates. This can help them to identify patterns and behaviors that could be used to create more robust cybersecurity defenses.
Learning More About Vulnerabilities and Attack Formats
Cybersecurity analysts can use AI to simulate attacks and learn more about particular vulnerabilities or attack formats. By simulating attacks, analysts can understand the steps taken by cyber attackers and determine the best ways to defend against them.
The Dangers of Shadow AI
While Shadow AI can provide cybersecurity analysts with a valuable tool to aid their work, it also has the potential to cause problems for organizations. Here are some of the dangers of Shadow AI:
Possible Incorrect Answers
When cybersecurity analysts rely on AI tools without proper training, they may not fully understand how the AI algorithms work. As a result, they may rely too heavily on AI to make decisions, leading to possible incorrect answers.
Using AI as a Crutch
Cybersecurity analysts may start to rely too heavily on AI tools, using them as a crutch instead of relying on their own skills and expertise. This could lead to a decline in the quality of their work and a loss of valuable skills.
Complicating Factors
The use of Shadow AI can introduce additional complicating factors to an organization’s cybersecurity strategy. For example, the use of personal AI tools could result in a lack of standardization across the organization, making it difficult to coordinate efforts and understand the security posture of the organization as a whole.
Unauthorized Information Disclosure
One major issue is the possibility of disclosing confidential information to AI programs, potentially compromising sensitive data. This could occur either in a single request to an AI, or it could be an aggregate of many requests from one or more individuals providing information in multiple questions and answers over a long span of time.
Conclusion
While Shadow AI in cybersecurity can provide valuable tools for cybersecurity analysts to aid their work, it also has the potential to cause problems for organizations. It is essential for organizations to be aware of the use of Shadow AI in their organization and to provide adequate training for employees who wish to use AI tools. In this way, organizations can harness the power of AI while avoiding the potential pitfalls of Shadow AI.
