That's core to the thesis of how Menlo Ventures chose to evaluate eight areas where gen AI is having an outsized impact.
They have collaborated on a series of blog posts that illustrate why closing the security for AI gaps is crucial for generative AI to reach scale across organizations.
Throughout the interview, Sekhar and Haskaraman explained that for AI to reach its full potential across enterprises, it requires an entirely new tech stack, one with security designed to start with software supply chains and model development.
Sekhar and Haskaraman say that many of today's vendor security processes are laborious and error-prone, making them ideal candidates to automate and improve with gen AI. Menlo Ventures cites Dialect, an AI assistant that auto-fills security questionnaires and other questionnaires based on data for fast and accurate responses, as an example of a leading vendor in this space.
Often criticized for lack of results, with breaches still happening in companies who invest heavily in this area, Menlo Ventures believes that gen AI will enable more tailored, engaging, and dynamic employee training content that better simulates real-world scenarios and risks.
Immersive Labs uses generative AI to simulate attacks and incidents for their security team, for example.
A security co-pilot leads Riot employees through interactive security awareness training in Slack or online.
Menlo Ventures believes these types of technologies will increase security training effectiveness.
With gen AI being used for attacks, penetration testing must adapt and flex to respond.
Menlo Ventures believes gen AI can enhance many pen testing steps, including searching public and private databases for criminal characteristics, scanning customers' IT environments, exploring potential exploits, suggesting remediation steps and summarizing findings inauto-generated reports.
Gen AI also shows potential for being able to scale across vulnerable endpoints, networks, APIs and data repositories adding further security across broad networks.
Cyberattackers use gen AI to create convincing, high-fidelity digital identities that can bypass ID verification software, document verification software and manual reviews.
Too many automated security scans and SAST tools fail and burn Security Operations Centers' analysts' time.
Examples include Semgrep's customizable rules that help security engineers and developers find vulnerabilities and suggest organization-specific fixes.
An example of a vendor helping to solve these challenges is Socket, which proactively detects and blocks over 70 supply chain risk signals in open-source code, detects suspicious package updates and builds a security feedback loop to the dev process to secure supply chains.
Gen AI has the potential to streamline much of the work going on in Security Operations Centers, starting with improving the fidelity and accuracy of alerts.
Sekhar and Haskaraman believe that for gen AI to see enterprise-level growth, the security challenges every organization faces in committing to an AI strategy need to be solved first.
Their eight areas where gen AI will have an impact show how far behind many organizations are in being ready to move into an enterprise-wide AI strategy.
Gen AI can remove the drudgery and time-consuming work SOC analysts waste their time on when they could be delving into more complex projects.
The eight areas of impact are a start, and more is needed for organizations to better protect themselves against the onslaught of gen AI-based attacks.
This Cyber News was published on venturebeat.com. Publication date: Tue, 06 Feb 2024 14:43:05 +0000