Microchip with ‘AI’ in the centre, connected to circuits and a blue hand that taps on it.

Artificial intelligence (AI)

As an advanced form of digital automation, artificial intelligence (AI) makes it possible to carry out complex tasks with little or no human intervention, speed up processes and tackle problems that were previously unaddressed due to their complexity.

Find out in which areas of cybersecurity AI is used, but also what dangers the technology harbours.

Many different uses for AI in cyber security

In many areas of cyber security, AI can increase efficiency and improve security. AI has therefore been integrated into many security solutions for some time, particularly in the following areas:
warningexternal video thumbnail

Threat detection and prevention

New and unknown forms of attack are difficult to recognise. AI helps to identify unusual system behaviour or unusual network traffic. This detection of so-called anomalies has long been a predestined field of application for AI. The identification of unknown malware works in the same way. Oddities in the file system or in the behaviour of individual programs provide the clues.

Read more
notifications_activeexternal video thumbnail

Incident Response

Alarms and security incidents are part of the tiresome daily routine for security administrators. False alarms have to be painstakingly separated from dangerous events. AI often helps with this too. It can search through and analyse large amounts of log data to identify traces. For forensic analysis, AI can identify the origins and paths of an attack. AI can also be used to react automatically to certain threats, for example to isolate suspicious files or systems.

Read more
shareexternal video thumbnail

Vulnerability analysis

Identifying and managing vulnerabilities in extensive system landscapes is time-consuming. Priorities must be set and patch sequences created based on the potential risk posed by a vulnerability. The latter is complicated by dependencies between the systems. Here, AI can make suggestions as to which patches should be applied most urgently, based on the analysis of threat data and system vulnerabilities.

Mehr erfahren
mailexternal video thumbnail

Phishing detection

The majority of successful attacks start with a phishing email. These are becoming increasingly sophisticated as the attackers also use AI to customise the emails. However, AI can also be used in defence and, for example, check emails for suspicious content and patterns that indicate phishing attempts. By analysing user actions, unusual activities can be detected that indicate a successful phishing attack.

Read more
insert_chartexternal video thumbnail

Security Information and Event Management (SIEM)

The SIEM centralises vast amounts of data. The trick is to analyse this data, create correlations and recognise threats at an early stage. This requires recourse to historical data, which further increases the amount of data. AI can massively increase efficiency here, for example by correlating data from different sources and recognising threats in real time based on this information. By analysing historical data, AI can recognise patterns that could even indicate future threats.

Read more
Three men in suits look at one screen with a lock symbol next to them.

AI - sense and nonsense

AI is used in almost all areas of security. The impression quickly arises that nothing works without AI. But experts are very sceptical about this.

They warn that not everything labelled AI actually contains AI.

Our article "AI capabilities in threat defence: more to appear than to be?" provides a critical view with useful and less useful examples of use.

 
To the article

More articles on this topic

Top trends and topics on AI

AI offers numerous advantages for IT security, such as the ability to quickly analyse large amounts of data, recognise patterns and respond to threats in real time. AI can automate repetitive tasks and thus increase the efficiency and speed of cybersecurity measures. This relieves the burden on security teams and allows them to focus on more complex threats. Predictive analytics enables AI to predict future cyberattacks and recommend preventive measures. This is done by analysing historical data and recognising patterns that indicate possible future threats. AI has therefore long since become an indispensable tool in modern cybersecurity. 

In a study, market researchers from MarketsandMarkets forecast that the market for AI in cybersecurity will grow from USD 22.4 billion in 2023 to USD 60.6 billion in 2028. This would correspond to annual growth of 21.9 per cent.

Artificial Intelligence in Cybersecurity Market Share, Forecast | Growth Analysis & Opportunities [2030]
 
The European Commission's AI Act regulates the use of AI throughout the EU. It is the first comprehensive regulation on AI by a major regulatory authority worldwide. The Act categorises AI applications into three risk classes. The highest risk class includes applications and systems that pose an unacceptable risk, such as state-operated social scoring. These are prohibited. High-risk applications and systems form the second category; they are subject to special legal requirements. The third category consists of applications and systems that are not expressly prohibited or categorised as high-risk. These remain largely unregulated. The AI Act is due to come into force this summer and must then be implemented by the EU countries, which are expected to pass their own laws.

The AI Act also has far-reaching implications for the use of AI in cybersecurity. Companies should prepare for compliance and ensure that their systems meet the legal requirements.

Artificial intelligence (AI) has been used successfully in a variety of product groups within cybersecurity for some time now. In the ubiquitous field of endpoint detection and response (EDR and XDR), AI-based solutions continuously monitor end user devices for suspicious changes, analyse suspicious activity and automatically respond to threats.

In the network security sector, which is also very common, also known as network detection and response (NDR), AI monitors network traffic in order to recognise anomalies and suspicious activities and react to them if necessary. Flexible products can adapt to changing network topologies and detect new systems with specific network behaviour, for example. Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are located above the NDR. They collect data at neuralgic points in the network in order to generate deductions that indicate an attack. Time-delayed events in particular need to be correlated, and AI helps with this. AI is used in many other product areas, for example in security information and event management (SIEM) systems. As the merging of various logs from different sources alone usually results in very large amounts of data, AI is often an indispensable component when analysing them.

Disinformation plays a major role in shaping and influencing opinion, and not just in political disputes. Disinformation is just as important before elections and referendums as it is in armed conflicts. Autocratic systems in particular use this tool to influence their own population or even foreign countries. Thanks to AI, disinformation campaigns can be customised and adapted to cultural or country-specific circumstances very easily. AI can automatically create large quantities of convincing and realistic disinformation content. This includes not only texts, but also photos and videos. These can be automatically distributed as social media posts on social networks using specially generated bots.

Deepfakes are becoming increasingly important in this context. These are videos and audio recordings that deceptively imitate a real person. Deepfakes are often used to spread false information about people or events. A British security specialist recently demonstrated in an experiment how easily and effectively something like this can be realised.
To the article

Malware and machine learning: a match made in hell

external video thumbnail

Recording of the it-sa Expo&Congress forum contribution

The AI revolution is in full swing - exciting and frightening at the same time. Defenders are using AI, but when will attackers take advantage of it? And what is our battle plan?

Find out the answers to these questions and more in Mikko Hyppoenen's keynote.

Please note: The video is in German.

Further recordings on the topic of AI

Basic technical terms of artificial intelligence (AI)

A field of computer science that deals with the development of algorithms and systems that are able to perform tasks that normally require human intelligence. They work without a linear sequence of commands and with dynamic knowledge.
A model inspired by the human brain consisting of a large number of interconnected digital neurons that can activate each other to process information.
A branch of AI that develops algorithms and models that can learn from data and improve over time without having explicitly programmed the results.
A variant of machine learning that is based on many layers of neural networks to recognise complex patterns in large amounts of data.
A machine learning method in which a model is trained using a training data set that contains both input data and the corresponding output values.
A machine learning method in which a model is trained with a data set that only contains input data without associated output values. The aim is to find patterns or structures in the data.
The learning process of an AI model in which the prediction accuracy is increased from a data set by adjusting the model parameters.
This area of AI deals with the interaction between computers and human language, with the aim of enabling the processing and analysis of large volumes of natural language data.
This AI model is based on deep learning techniques to process and generate natural language. These models are trained to analyse large amounts of text data and recognise patterns in it, which enables them to generate human-like texts.

Find the right providers for artificial intelligence

More topics

AwarenessCloud SecurityHacking & DefenceOT Security