Artificial intelligence, for all its mind-boggling potential, is a double-edged sword.
XSure, AI might save lives through early cancer or heart disease detection. In cybersecurity, though, even AI companies worry that the bad guys will use artificial intelligence to launch more potent attacks.
Little wonder, then, that computer security has become an AI hot spot. Venture capital firms are throwing money into "machine learning" startups. Incumbent cybersecurity companies are deploying artificial intelligence in their products and services. Giant tech companies like Google are adding AI defenses to protect their cloud computing data centers. For investors looking for early signs that artificial intelligence will disrupt industries, cybersecurity is clearly a top sector to watch.
State-sponsored attackers, criminal cyber-gangs and ideological hackers all could employ AI. And cybersecurity experts believe criminals will use AI to develop mutating malware that changes its structure to avoid detection.
Hackers Could Mine Social Media Sites
Hackers also could use artificial intelligence tools to scrub social media for personal data. Then they could customize emails in spear-phishing attacks to con people into disclosing security credentials. Or, they could use AI to identify weaknesses in computer security products. The list goes on.
"The arms race is real," said Jon Oltsik, a senior analyst at Enterprise Strategy Group. "There's a level of sophistication that's needed for artificial intelligence — data science skills, algorithm-building skills — that's going to limit the use of AI on the adversary side to nation states and very profitable cybercrime groups."
"The bad guys are well organized. They share intelligence," Oltsik said. "There's a division of labor. So AI could become a specialization where it's something (hackers) pay for over time."
Hackers will increasingly turn to AI to help them evade detection, says McAfee Labs's 2019 "Threats Predictions Report" released on Nov. 29. Cyber-criminals will also use AI to automate target selection, the report says.
AI Companies To Watch
The good news is that the computer security industry knows the stakes are high.
With artificial intelligence, startup AI companies aim to spot and block malicious activity on computer networks better than existing technologies can. To detect cyberthreats, their AI software sifts through massive stores of computer network data.
Wall Street analysts are eyeballing Cylance, CrowdStrike, Darktrace, Vectra Networks and a handful of other private firms. With AI tools, the new AI companies are taking customers away from cybersecurity industry incumbents, analysts say.
Cylance in June completed a $120 million funding round, bringing its total to nearly $300 million. CrowdStrike has raised $481 million, including a $200 million funding round in June.
Artificial Intelligence: Incumbent Tech Companies
As corporate America shifts more business workloads to cloud computing service providers, Amazon.com (AMZN), Microsoft (MSFT) and Google-parent Alphabet (GOOGL) are gobbling up AI startups to improve computer security. Google in January also launched its own cybersecurity business. Called Chronicle, the computer security services unit will draw upon Google's strengths in AI and cloud computing.
Cybersecurity industry leaders including Palo Alto Networks (PANW), Fortinet (FTNT) and Cisco Systems (CSCO) hope to stay on top even as artificial intelligence opens the door to new competitors. They're racing to develop AI tools from scratch or acquiring startups.
In March 2017, Palo Alto Networks bought Light Cyber, a behavioral analytics firm, for $105 million.
"I think for a short time it might be OK for security companies not to have AI capabilities," said Lee Klarich, Palo Alto Networks' chief product officer, in an interview. "Midterm and long-term, that's not true. Artificial intelligence absolutely becomes table stakes. We are very much in this space, with resources."
AI As Computer Security Tool
Palo Alto Networks is just one top AI company to watch. AI involves computer algorithms, software programs that mimic the human ability to learn, interpret patterns and make predictions.
Artificial intelligence should improve computer security tools by speeding up incident responses once malicious software is detected on computer networks. It could help thwart email-delivered ransomware or swarming botnets that knock out access to websites.
"There's an opportunity for AI to level the playing field," Oltsik said. "One of the visionary uses for AI and machine learning is to automate the response side." Machine learning is the type of AI used most often in cybersecurity.
More Powerful Attacks Expected
But more powerful cyberattacks are expected as hackers deploy artificial intelligence or machine learning software to hike the frequency and sophistication of attacks.
That's worrisome because hackers already cause plenty of damage without AI. Consider headlines over WannaCry and Not Pety as well as cyberattacks against Equifax, Uber, Aetna and Deloitte just over the past year. The U.S. blamed a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, for unleashing the so-called WannaCry cyber attack. It crippled hospitals, banks and other companies across the globe.
IBM (IBM) researchers say hackers may use AI to develop new forms of malware. On Aug. 9, IBM released a study at the Black Hat cybersecurity conference detailing how hackers could use a new class of AI-enabled malware called DeepLocker. IBM says AI malware can be designed to be evasive, making it easier to reach its target.
State sponsors of cyberattacks are likely to share their AI toolkit via the "dark web" to disguise their involvement in data breaches, says Parham Eftekhari, executive director of the Institute for Critical Infrastructure Technology.
The Department of Defense in November created the Joint Artificial Intelligence and the Army Futures Command (JAIC) to speed up the use of AI in military operations. The agency plans to provide $1.7 billion in funding to establish the AI center over the next five years.
Artificial Intelligence Noise
Another factor also works against those seeking to root out hackers: a sort of artificial intelligence din. Picking out the truly effective tools — and truly worrisome threats — may be like separating wheat from chaff.
U.S. companies should be wary of marketing claims over artificial intelligence technologies embedded into products, research firm Gartner says.
"There is hype. A lot of companies talk about AI and make claims that aren't substantiated," Gartner analyst Dale Gardner said. "But there is also a lot of legitimate activity in cybersecurity and companies doing valuable and interesting things."
Surveys show that corporate America doesn't view artificial intelligence as a silver bullet that will prevent hackers from stealing customer data or intellectual property. But many U.S. companies face a shortage of computer security personnel to thwart and detect threats.
And they must deal with surging volumes of security alerts. While human specialists become overloaded at some point, AI software scans huge amounts of data to classify and prioritize attacks. The AI tools narrow down what needs to be reviewed by human security specialists.
"It's as if you're walking down the street in Manhattan and all the car alarms go off," said Stuart McClure, chief executive of Cylance. "That's what happens in our industry. They ignore the noise, because there's more noise than signal. We have to employ AI in the right places to intelligently find the signal inside the noise. We don't care how many haystacks there are. We'll find all the needles."
AI Companies: Two Cybersecurity Examples
Irvine, Calif.-based Cylance says it had over $100 million in 2017 revenue run-rate, with 20% of the Fortune 500 as customers.
Cylance targets the so-called "endpoint" market — detecting malware on laptops, mobile phones and other devices that access corporate networks. IDC forecasts the endpoint cybersecurity market will grow to $12.5 billion in 2021, up from $9.6 billion in 2016.
Blackberry (BB) on Nov. 16 agreed to buy Cylance for $1.4 billion in cash.
CrowdStrike also focuses on the endpoint market. The startup AI companies aim to thwart ransomware — malware that infects a computer network and encrypts files. Hackers then extort money to unencrypt the files. The number of ransomware attacks has exploded, Verizon Communications (VZ) says in a recent report on data breaches.
George Kurtz, CrowdStrike CEO, says artificial intelligence will help companies deal with "adversaries that are constantly changing techniques." He says AI will play a role in threat management, helping companies automate detection and incident response.
"AI is going to become more prevalent in security. It's maturing," Kurtz said. "AI is a feature, not a company. It's going to play a role in solving a specific problem. But not every problem can be solved with AI. There are different levels of expense in terms of compute cycle and just time. It's going to be a tool in the toolkit."
How Artificial Intelligence Works
William Blair analyst Jonathan Ho says startups must build up a customer base that enables them to train their mathematical algorithms on vast amounts of data.
Machine learning works by analyzing and finding patterns in large amounts of data. Machine learning tools look for anomalies in computer networks, such as suspicious traffic or unauthorized behavior.
Older antivirus software looks for "signatures" of known malicious software. More advanced machine learning tools learn to identify malware traits rather than specific signatures. That enables them to detect new types of malware.
Kurtz says CrowdStrike's cloud platform collects and analyzes more than 100 billion endpoint events per day. CrowdStrike rents computing resources worldwide from Amazon Web Services, the biggest cloud services provider, to process the malware scans. All AI software needs powerful computers to parse large quantities of data.
Analysts expect synergy between the new AI companies and companies specializing in "Big Data" analytics. Splunk (SPLK), for instance, acquired startup Phantom in February for $350 million. Splunk bought Caspida, a provider of behavioral analytics for computer security, in 2015 for $190 million.
Cybersecurity, AI And Cloud Computing
At Palo Alto Networks, a big push is on to use cloud computing to improve cybersecurity. Palo Alto is developing a cloud-based platform that aggregates customer data. Companies will have the option of letting third-party companies that partner with Palo Alto Networks access the data for analysis.
It's expected that AI startups will be included in the cloud platform. Palo Alto in May disclosed one AI partner, Mist Systems.
William Blair's Ho said Palo Alto Networks could step up its push into AI under its new chief executive. In July, Palo Alto named Nikesh Arora, a former chief business officer at Google, as its CEO.
"Nikesh is going to be integral to the next stage in Palo Alto's evolution, given his background," Ho said.
Palo Alto's Klarich says computer security firms need to share information over growing threats. He notes that Palo Alto founded the Cyber Threat Alliance, along with Intel (INTC), Symantec (SYMC), Cisco and Check Point Software Technologies (CHKP). To recognize the use of AI by hackers, Klarich says security firms may need to build and share "adversary playbooks" as threats evolve.
Google Moves
Palo Alto competes in the "firewall" network security market vs. Cisco and Fortinet. Firewalls block unauthorized traffic from entering a private network and monitor web-based apps.
Fortinet in early June said it has integrated new machine learning tools into its web application firewall. The race to develop new tools is occurring amid other big changes in the cybersecurity industry.
Besides launching its Chronicle cybersecurity business, Google uses AI in self-driving cars as well as its core internet search and advertising business.
Google may be able to go beyond machine learning into more advanced predictive cybersecurity. Chronicle will likely tap Google's cloud platform for speed and computing power. Google, like others, is developing specialized AI chips for data centers.
"They're likely to do things at the high end of the security market at first. It's definitely worth keeping an eye on them," said ESG's Oltsik. "Google knows how to collect, process and analyze lots of data at scale."
Editor's note: This story was originally published on July 20, 2018, and was updated to include the McAfee Labs report, the Blackberry purchase of Cylance and the new Defense Department command.
YOU MAY ALSO LIKE:
Read All The News On Artificial Intelligence Trends And Leading Stocks
Sell And Take Profits Or Hold? Here Are Several Guidelines To Follow
Chart-Reading Basics: How A Buy Point Marks A Time Of Real Opportunity
Stocks To Buy And Watch: Top IPOs, Big And Small Caps, Growth Stocks
