This week, both Amazon and Microsoft had significant events related to cybersecurity. Microsoft President Brad Smith testified before the U.S. House Homeland Security Committee about Microsoft’s security challenges, while Amazon held its AWS re:Inforce cloud security conference in Philadelphia. At the AWS event, Steve Schmidt, Amazon’s chief security officer, discussed the impact of generative AI on cybersecurity. Generative AI has the potential to make attackers more effective, but it also enables defenders to be more efficient by handling repetitive tasks and allowing security engineers to focus on more critical aspects of their work.
Generative AI is changing the security landscape by enabling attackers to craft more effective phishing emails and solicitations. However, it also helps security engineers by reducing the burden of repetitive tasks and allowing them to focus on complex analysis. Schmidt highlighted the benefits of using generative AI in security, which ultimately leads to happier security engineers who can focus on more interesting and challenging aspects of their work. One use case for generative AI in security is plain language summarization of complex technical events, which can help convey information to business owners in a more understandable manner.
When adopting generative AI securely, companies should consider three main questions. They should assess where their data is being processed and how it is secured throughout the workflow. Additionally, they should evaluate what happens with user queries and any associated data, as well as the accuracy of the outputs from the models. Schmidt’s experience at the FBI has influenced his approach to cybersecurity, particularly his focus on understanding the people behind adverse actions. His past work in Russian and Chinese counterintelligence has highlighted the common motivators for espionage and hacking, such as money, ideology, coercion, and ego.
Outside of his role at Amazon, Schmidt volunteers as an EMT and firefighter. He finds value in this volunteer work because it provides him with tangible feedback on his actions and allows him to see the direct impact of his efforts on individual people. This human feedback is something that is often missing in the digital world of cybersecurity, where actions may affect millions of machines but lack the personal touch of helping an individual in need. Schmidt finds satisfaction in being able to bring value to others and make a difference in their lives during challenging situations.
Overall, the use of generative AI in cybersecurity presents both opportunities and challenges for companies. While it can enhance the efficiency and effectiveness of security processes, it also introduces new considerations for data security and model accuracy. By asking critical questions and adopting a secure approach to incorporating generative AI, companies can leverage its benefits while minimizing potential risks. Schmidt’s insights from his work at Amazon and his volunteer experiences provide a unique perspective on the importance of human feedback and impact in the realm of cybersecurity.
