artificial intelligence or why it's (not) worth to invest in security

we’re moving in interesting direction as humanity. it’s another proof that we live in interesting times.

AI is learning to chat with you just like people that already died, based on reading Telegram archives, and CIA is using such features to predict days in advance social unrest. so it’s fair to assume, other organizations around the world are using machine learning for other tasks as well - some of them for sure in a way nobody wants to describe publicly :)

in coming years we’ll see next phase of world ‘flattening’ - more work will be automated, and value you bring will move from simple deliverables, to complex analysis. komputery zrobią to po prostu lepiej i dokładniej.

Google after recent DeepMind win in Go challenged StarCrafta engine. it’s interesting, because recently they announced Breakout success (and that was ‘easy’). in the process of repetitious learning computers are flawless, and that’s how DeepMind was trained to play Go - based on existing data from 30 million plays. then it was just put in front of it’s own copy to polish it capabilities even further:

This morning, Nature published a paper describing DeepMind’s system, which makes clever use of, among other techniques, an increasingly important AI technology called deep learning. Using a vast collection of Go moves from expert players—about 30 million moves in total—DeepMind researchers trained their system to play Go on its own. But this was merely a first step. In theory, such training only produces a system as good as the best humans. To beat the best, the researchers then matched their system against itself. This allowed them to generate a new collection of moves they could then use to train a new AI player that could top a grandmaster.

let’s find some good use for that. maybe we should use AI to secure IoT networks? MITRE is trying to find all IOT devices to fight uncontrolled network growth - or with attacks like recent DDoS to Brian Krebs site or 990Gbps attack using 152 thousand of internet cameras on OVH. all this while people still move into their comfort zone, like for example publishing best practice guides for topics like Cloud Security for IoT. wouldn’t it make more sense to ask DeepMind to analyze and then implement protections against known attacks, instead of writing whitepapers about doing this manually? or use DeepMind just to do automated system audits?

RAND published recently article based on survey that shows while typical breach in US costs 200k$, nobody can show exact PR impact (negative that is) for affected company.

what’s even more suprising, couple of recent high level breaches, that impacted 40 to 70 million of accounts, leaked credit card numbers and other sensitive data - resulted in actual rise (20%+) of stock value. where’s logic in that?

last record breaking breach - to Yahoo in 2014 - was announced only now in 2016, after Yahoo was acquired by Verizon. it was record breaking because 500 million accounts were compromised (and it seems that actually it could have been even twice that number). i doubt it will change anything - Verizon bought that part of Yahoo that was responsible for storing customer data for further ad targeting. would they drop invested money and resign from doing exactly that? i doubt so. would people drop Verizon services? i doubt so as well. how such massive trainwreck can be repaired? would SOC help? managed SOC? seventeed wonderful black boxes promising (according to their vendors) ultimate levels of security? i doubt so, for the third time.

so, you’re afraid of Skynet? it’s already there - it just doesn’t have ability to choose targets by it’s own :)