As a general-purpose, dual-use technology, AI can be both a blessing and a curse for cybersecurity. This is confirmed by the fact that AI is being used both as a sword (i.e. in support of malicious attacks) and as a shield (to counter cybersecurity risks). With an additional complication: while the use of AI for defensive purposes faces a number of constraints, especially as governments move to regulate high-risk applications and promote the responsible use of AI, on the attack side the most pernicious uses are multiplying, the cost of developing applications is plummeting, and the ‘attack surface’ is becoming denser every day, making any form of defense an uphill battle. Further complicating matters, the datasets, from which AI models are built, are also vulnerable to manipulation.
As infrastructure and devices become more digitalized and the era of the Internet of Things (IoT) dawns, paired together with advances in AI, the potential attack surface for cyber-attacks will densify. These risks must be taken into consideration by policy makers and technologists in order to minimize risks to populations worldwide.