Winning the AI security arms race

People, businesses and governments alike are all rightly investing in new technologies, such as artificial intelligence (AI) and analytics, to stay one step ahead of cybercriminals to predict attacks and behaviours before they happen. This is touted as the future of cybersecurity and the key to protecting people’s online lives and businesses.

Cybercrime is a multi-billion-dollar industry and criminals are harnessing the power of AI and machine-learning too. While very rudimentary AI-like capabilities have been used for decades and given virus programmes the ability to self-replicate, today it’s all about increased automation. This is leading to an exponential rise in the volume of attacks and the speed at which they can occur. And this is just the beginning.

Machines can recognise patterns and analyse vast amounts of data at a speed and with comprehension that humans can’t. As a result, we are moving from the age of man versus machine to an age of machine versus machine. So what will this mean for the threat landscape and more importantly how do we protect against it?

Using AI and machine-learning technologies, “bad actors” are beginning to launch wider and more personalised attacks on vulnerable users. There are two main ways machine-learning and AI are being used.

One is through phishing campaigns. Using AI, these can be much more targeted, adapting and personalising the copy to what people are most likely to respond to. The second is to use machine-learning to try to “fool” detection or antivirus systems. Threats can be adapted very quickly depending on how an antivirus is responding to it.

And as our personal and business lives increasingly rely on internet of things (IoT) devices, we will see more examples of AI used by hackers. Botnets can leverage AI, for example, to create stealthier ways to communicate with the command-and-control servers without being spotted by antivirus as they appear like innocent internet traffic.

On the other hand, AI and machine-learning also have a big role to play in security. The threat landscape is huge and constantly expanding, and automation and machine-learning allow us to stay one step ahead of new threats by spotting connections and identifying new samples all the time.

Speed is one of the key advantages of machine-learning in security. The speed at which the data is generated and processed is important, because security threats spread and morph extremely fast. Most threats have very short longevity, some only exist for a few minutes. Before being detected they try to morph into something else, which is one way malware tries to escape from automatic detection systems. Machines can act much faster than human analysts.

We are using it to protect hundreds of millions of people online through our complex security solutions. This user base also means that our algorithms are also constantly being “fed” new threat information. Just as a hacker can use AI to teach its malware to fool security systems, our systems are learning just as quickly to identify and stop new threats.

It’s a cat-and-mouse game we see every day in our threat intelligence work. As new technology evolves, such as the IoT, our lives become more convenient, but cybercriminals see new opportunities to attack the user and their devices. Whether it’s collecting user data they can monetise in some way, or to abuse hacked devices to create a botnet, taking down websites and important server infrastructures, getting ahead of the bad guys is the priority for security providers.

Using AI to detect threats enables Avast to deliver robust security solutions that keep our homes and workplaces safe

Using AI to detect threats enables Avast to deliver robust security solutions that keep our homes and workplaces safe. This is exactly what AI and machine-learning should be used for to automate tasks where the data is too much for a human to process effectively, like threat detection, and utilise people more usefully in the process by freeing them up to analyse unusual trends or new information that require a level of analysis automation cannot provide.


For more information please visit