Zscaler CEO and founder Jay Chaudhry has issued a warning over the danger of AI when in the hands of cybercriminals.
“AI is wonderful. We all read about the benefits of AI, providing information at your fingertips, automation that helps you get work done faster and better and more accurate. But AI and can be dangerous,” he said.
“It used to take a long time to figure it out your attack surface. Today, you’re can ask a simple question of ChatGPT. ‘Show me all the vulnerabilities of [a target’s] VPN systems….The list shows up in under 30 seconds.”
Similarly, he said AI makes it much easier for hackers to steal people’s credentials via phishing. “You’re seeing these highly targeted phishing emails being sent. And now gen AI can have very context-sensitive, a very thoughtful email coming from your CFO.”
Fighting fire with fire
Chaudhry was speaking at Zenith Live, Zscaler’s customer event in The Hague, Netherlands (pictured.) There, he said hackers use AI to define customers’ attacks surfaces, such as a firewall, VPN or application. They then perpetuate an attack and once on the network, move laterally to discover high value targets to finally steal data and disrupt operations.
If you liked this content…
“Our focus is to make sure we can stop these bad guys at each of these four steps,” said Chaudhry.
Zscaler said it does this through a combination of “fighting AI with AI” and implementing a zero trust architecture to fend off bad actors. He maintained that traditional firewall-centric architectures are no longer effective against cyberthreats.
The company’s Zero Trust Exchange platform operates on the premise that no user, workload, or device is inherently trustworthy. It said the platform verifies identity, determines destination, assesses risk through AI, and enforces policy before brokering a secure connection between a user, workload, or device and an application.
“Zero trust is a fairly simple and straightforward policy engine with a bunch of attributes that keep you safe. Using this kind of architecture, we can help you in all four areas,” said Chaudhry.
The CEO teased several upcoming additions to the platform in 2024 around data and identity protection, including an AI-powered honeypot to catch hackers.
This post was originally published on 3rd party site mentioned in the title of this site
