Forrester Report: 3 Top New Threats in 2023Forrester's Brian Wrozek on Poison AI Data, Cloud Complexity, Nation-State Threats
The launch of generative AI tools, the rise of geopolitical threats and increased cloud complexity are among the top new threats facing security teams in 2023, according to Forrester's Top Cybersecurity Threats In 2023 report.
In the report, Forrester Principal Analyst Brian Wrozek predicts that attackers will reverse-engineer AI algorithms to poison data and cause algorithmic drift to fool users.
"I see them poisoning the data, putting in their own source information that they've crafted," Wrozek said. "You can almost think of it as a way your cryptanalysts used to try to break encryption algorithms by feeding it known data and trying to figure out what the output would be. That's concerning because as an end user, we tend to just take the algorithm at face value."
Organizations are more likely to source AI from a vendor than to build their own. Therefore, it is important to understand how vendors will protect their AI models, the report says. Wrozek said he advises businesses to ask vendors how they are validating their sources.
"Where are they getting the information to train these algorithms and how are they protecting those algorithms?" he asked. "What are they doing to make sure that the data is valid? Transparency is always good. How are they manipulating the bottle weights in the scaling of these algorithms to make sure that there's no bias in the outputs?"
In this video interview with Information Security Media Group, Wrozek discussed:
- Predictions about how cybercriminals could potentially use generative AI to reverse-engineer machine-learning email tools;
- How cloud complexity is changing the way security teams defend;
- Advice to security leaders on how to gain a better understanding of nation-state threats.
Wrozek serves security and risk professionals. His coverage includes operational technology security and threat intelligence. He has extensive experience in helping Forrester clients secure their OT environments in industries such as critical infrastructure and manufacturing, and he guides clients on how to turn threat information into actionable threat intelligence for better decision-making.