By Michael Kan
Nov. 28, 2016
It may take several years or even decades, but hackers won't necessarily always be human. Artificial intelligence -- a technology that also promises to revolutionize cybersecurity -- could one day become the go-to hacking tool.
Organizers of the Cyber Grand Challenge, a contest sponsored by the U.S. defense agency DARPA, gave a glimpse of the power of AI during their August event. Seven supercomputers battled each other to show that machines can indeed find and patch software vulnerabilities.
Theoretically, the technology can be used to perfect any coding, ridding it of exploitable flaws. But what if that power was used for malicious purposes? The future of cyberdefense might also pave the way for a new era of hacking.
The possible dangers
For instance, cybercriminals might use those capabilities to scan software for previously unknown vulnerabilities and then exploit them for ill. However, unlike a human, an AI can do this with machine efficiency. Hacks that were time-consuming to develop might become cheap commodities in this nightmare scenario.
It’s a risk that the cybersecurity experts are well aware of, in a time when the tech industry is already developing self-driving cars, more advanced robots, and other forms of automation. "Technology is always frightening," said David Melski, vice president of research for GrammaTech.
Melski's company was among those that built a supercomputer to participate in August’s Cyber Grand Challenge. His firm is now considering using that technology to help vendors prevent flaws in their internet of things devices or make internet browsers more secure.
"However, vulnerability discovery is a double-edge sword," he said. "We are also increasingly automating everything."
So it’s not hard for security experts to imagine a potential dark side -- one where AIs can build or control powerful cyberweapons. Melski pointed to the case of Stuxnet, a malicious computer worm designed to disrupt Iran's nuclear program.
"When you think about something like Stuxnet getting automated, that’s alarming," he said.
Tapping into the potential
"I don’t want to give any ideas to anyone," said Tomer Weingarten, CEO of security firm SentinelOne. But AI-driven technologies that crawl the internet, looking for vulnerabilities, might be among the future realities, he said.
That streamlining of cybercrime has already taken place. For instance, buyers on the black market can hire "rent-a-hacker" services, built with slick web interfaces and easy-to-understand commands, to pull off cybercrime like infecting computers with ransomware.
Security experts wonder if AI will be used for malicious hacking.
Weingarten said it's possible these rent-a-hacker services may eventually incorporate AI technologies that can design entire attack strategies, launch them, and calculate the associated fee. "The human attackers can then enjoy the fruits of that labor," he said.