GUEST ESSAY — Security practices companies must embrace to stop AI-infused cyber attacks

By Erland Wittkotter

Consider what might transpire if malicious hackers began to intensively leverage Artificial Intelligence (AI) to discover and exploit software vulnerabilities systematically?

Related: Bio digital twin can eradicate heart failure

Cyber-attacks would become much more dangerous and much harder to detect. Currently, human hackers often discover security holes by chance; AI could make their hacking tools faster and the success of their tactics and techniques much more systematic.

Our cybersecurity tools at present are not prepared to handle AI-infused hacking, should targeted network attacks advance in this way. AI can help attackers make their attack code even stealthier than it is today.

Attackers, for obvious reasons, typically seek system access control. One fundamental way they attain access control is by stealthily stealing crypto-keys. Hackers could increasingly leverage AI to make their attack code even more  undetectable on computers – and this will advance their capacity to attain deep, permanent access control of critical systems.

If AI-infused hacking gains traction, breaches will happen ever more quickly and automatically; the attack code will be designed to adapt to any version of an OS, CPU or computing device. And this would be a huge game-changer – tilting the advantage to the adversaries in command of such an AI hacking tool.


This scenario is nearer than we might think or expect. Consider the approach to AI taken by the software firm DeepMind; their system turns technical problems into rules for games — and can deliver extraordinary results even if their developers are non-expert in the underlying problems.

We assume we are okay or safe if responsible humans are in the loop, i.e., switch things off or press a button. But every button/switch is linked to software; and advances like those made by DeepMind can be adopted to malicious purposes, such as to continually make unauthorized modifications at the access control level.

Cybersecurity must become better prepared to defend against super-hackers, master-thieves of crypto-keys and digital ghosts who are driving in this direction. Here are three fundamental practices that I believe need to become engrained:

Never commingle security code and regular code. We must make every change or manipulation of anything security-related detectable. Security operations should be separate from the main operating system and CPU. This independence makes attacks on security easier to detect.

Hashcodes need to be registered. Hashcodes are unique values linked to software that can be associated with the manufacturer. Registering — and thus whitelisting hashcodes – will reduce and eventually eliminates unauthorized code from circulating.

Protect crypto-keys. Crypto keys processed in main CPUs, as well as the public keys in PKI, should always be referred to via their registered hashcodes; and they should never be stored in clear text. In short, crypto-keys must be extremely well-guarded and processed on separate, independent security systems.

I’d argue that these practices make good, common sense; they are practices that make code changes updateable and deployable, so device owners remain in control. Unauthorized access control needs to become next to impossible.

To get there, cybersecurity must become much more proactive and incorporate more fundamental preventative elements. Once we create overkill in our security measures, in a way that goes unnoticed by regular users, we’ll achieve effective countermeasures to global cyber-threats

About the essayist: Erland Wittkotter is an inventor and technology architect. He is the founder of No-Go-* —  a grassroots developer community focused on the promise to make our digital life much safer.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone