Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development
Tenable CEO on Using AI to Spot Exploitable Vulnerabilities
Amit Yoran on How Hackers, Defenders Can Use Generative AI to Increase Speed, ScaleHackers use generative AI to churn out code that exploits vulnerabilities, while defenders use it to get more context around flaws discovered in their ecosystem, said Tenable CEO Amit Yoran.
See Also: Establishing a Governance Framework for AI-Powered Applications
The company can use generative AI to identify and prioritize all the instances of MOVEit in a customer's environment or to locate privileged users that have externally facing systems with a critical vulnerability, Yoran said. But criminals can execute spear-phishing campaigns at rapid speed and scale with generative AI by fusing exploit codes with data about millions of users curated from social media and data leaks (see: Tenable CEO on What's New in Cyber Exposure Management).
"The cybercriminal element is highly creative and highly motivated because there's real dollars on the line," Yoran said. "This is their livelihood. And so we see them embracing technologies without a lot of concern about regulatory implications or privacy implications. So, they can embrace these technologies, use them and apply them real fast."
In this video interview with Information Security Media Group, Yoran also discussed:
- How the Active Directory threat landscape changed in the past year or two;
- How the new TSA cybersecurity regulations affect Tenable's OT customers;
- How generative AI can benefit security research conducted by Tenable.
Yoran previously served as RSA's president after joining the firm through its acquisition of NetWitness, the network forensics company he founded and led as CEO. Prior to NetWitness, he served as founding director of the United States Computer Emergency Readiness Team program in the U.S. Department of Homeland Security. Yoran was also founder and CEO of Riptech, one of the first managed security service providers, which Symantec acquired in 2002.