Venafi: AI innovation will keep challenging cybersecurity

2024 will see new challenges for the cybersecurity industry - with AI playing a large role.

Venafi has released its predictions for the cybersecurity and cloud native landscape for the upcoming year, highlighting that AI will continue to introduce new threats and amplify existing risks. New threats like AI poisoning have also started to emerge, with dangers of technologies like Kubernetes becoming even larger targets for attackers, given that AI and machine learning run on cloud-native infrastructures

It is no secret that AI has continued to introduce new threats by intensifying existing risks for businesses. However, whilst these trends are expected to continue, Venafi also predicts cloud-driven developments like platform teams adopting a larger role in cybersecurity.

An increase in AI “poisoning” attacks and digital hacks 

In 2024, Venafi expects to see the “1000x developer” combined with the “1000x hacker” as creating the perfect storm for breaches.

According to the company’s research, there is a gathering momentum behind the “1000 developer” movement - which is a concept that will see developers becoming a thousand times more productive with the power of AI, magnifying future security challenges.

Venafi sees that businesses are already struggling, with 75% of IT and security leaders believing that speed and complexity of Kubernetes and containers is creating new security blind spots. In addition, 59% of respondents admit to already having experienced security-related issues within Kubernetes or container environments.

Complicating matters is the ascent of the “1000x hacker” - which Venafi describes as AI-enabled attackers who are equally productive and powerful. Kevin Bocek, VP of Ecosystem and Community at Venafi, says: “Organisations can't feasibly hire 1000 cyber pros to compete with these threats. The solution lies in embracing the power of automation operating at machine speed.”

He continues: “The only way to keep up is with the power of automation operating at machine speed. If developers are using AI to be 1000x more productive, we need the ‘1000x CISO’ and ‘1000x security architect.’”

The company also predicts that 2024 will be the year of the AI poisoning attack, with businesses needing to ensure that their data is secured. Venafi’s Chief Product Officer, Shivajee Samdarshi, says: “In 2024, AI poisoning attacks will become the new software supply chain attacks. Such attacks will be characterised by threat actors targeting the ingress and egress data pipelines to manipulate data as well as poison AI models and the outputs they produce.”

Samdarshi continues: “With AI being used across a wide variety of business-critical workloads – potentially with very little oversight – maintaining the integrity of such systems needs to be of paramount concern. 

“At the same time, with major elections taking place globally coinciding with the mass adoption of Generative AI, we are likely to see AI supercharging election interference in 2024. From the creation of convincing deepfakes to an increase of targeted misinformation, the concept of trust, identity and democracy itself will be under the microscope. 

“This will put even greater onus on individuals to scrutinise and make informed decisions as well as on media platforms to root out false content.”

The importance of cyber resilience in the face of new technologies

Venafi has also predicted that regulations in 2024 will encroach even further into the development space, with changes to data breach liability.

“There must be more clarity in the EU Cyber Resilience Act’s language around liability, or people writing open source code in the EU could stop contributing,” says Matt Barker, Global Head of Cloud Native Services at Venafi. “As we move into 2024, we will see an increased focus on ‘Know Your Code’ – underpinned by regulations such as the Executive Order on SBOMs – meaning organisations will need to establish and verify the provenance of the code they are using.”

He continues: “Now that AI is being used to generate code, establishing where that code has come from is harder than ever before. Those who fail to do so will soon find themselves at risk, not only from attacks but also regulatory fines.” 

In addition, as organisations grapple with scaling security and governance across trust boundaries, machine identity and access management will shift to the workload level in 2024.

Sitaram Iyer, Senior Director of Cloud Native Solutions at Venafi says: “As maturity has increased, organisations have begun using the cloud in a more distributed way across multiple trust boundaries, all containing identities that need to be managed.

“The challenge in 2024 will be ensuring security controls work across environments and can be governed in a consistent way. This necessitates a strategic shift to a more agnostic, distributed way of managing machine identities and controlling access achievable only through authenticating identity and access at a workload level.” 

He continues: “As a result, the adoption of federated identities, such as SPIFFE machine identities, will rise. This will enable organisations to utilise existing Public Key Infrastructure for strong encryption across workloads, irrespective of where they run.”

******

For more insights into the world of AI - check out the latest edition of AI Magazine and be sure to follow us on LinkedIn & Twitter.

Other magazines that may be of interest -Technology Magazine | Cyber Magazine.

Please also check out our upcoming event - Sustainability LIVE Net Zero on 6 and 7 March 2024.

******

BizClik is a global provider of B2B digital media platforms that cover Executive Communities for CEOs, CFOs, CMOs, Sustainability leaders, Procurement & Supply Chain leaders, Technology & AI leaders, Cyber leaders, FinTech & InsurTech leaders as well as covering industries such as Manufacturing, Mining, Energy, EV, Construction, Healthcare and Food.

BizClik – based in London, Dubai, and New York – offers services such as content creation, advertising & sponsorship solutions, webinars & events.