The Berlin cybersecurity conference was dominated by AI, as future events of this type will be. Richard Marko is the CEO of ESET, a renowned cybersecurity company founded in Slovakia in the 1990s. It is the oldest in the world.
Read more Artificial intelligence threatens cybersecurity at an unprecedented speed
What is your view on the threat of AI?
We are facing a new situation where, with AI capabilities, it is easier to use it to attack than to defend. Suddenly, we have tools capable of helping attackers design their malware faster and more efficiently, or even create autonomous systems that, basically, when set a certain goal, are able to try different strategies and adapt.
You have described this moment as a new era.
New tools, new mechanisms to face possible obstacles along the way, and that is something we consider especially alarming and that requires a new approach to cybersecurity. That is why I call it a new era of AI-based cybersecurity.
What can we do?
We will have to use AI in cyber defense, as we have been doing for the last two or three decades, but we have to do it in a modern way.
How is that done?
We need AI models specifically trained with cybersecurity data and optimized for use in this field. We believe the answer must be a sophistication at the defense level, also through the use of AI, but instead of relying on models provided by big tech companies, we are investing in our own foundational models.
What is happening with AI agents?
Our latest research shows that the so-called AI skills using systems like OpenClaw are simply some descriptions of what the AI agent should do in natural language, like “do this, do that.” In many cases, this can be very useful. It can make your life easier by automatically replying to some of your emails, organizing your calendar, and that kind of thing. So it is a very powerful tool.
For attacking and defending…
Precisely because of that, it can also be used for malicious purposes. Now we need technologies capable of recognizing and intercepting these kinds of skills. Basically, it is just a new form of unexpected and very unique malware, because it is just text, just a description that anyone can read. And it can be written in any language, so it can be written in Chinese, and it might be difficult for a researcher to understand what it says, of course.
Read more The Badajoz Court decides today whether the trial against David Sánchez will proceed
What can be done about models like Mythos, from Anthropic, that find unknown flaws in operating systems and browsers?
We do not have access to it, so we have not tested it. Therefore, we can only have some opinions. We assume it is like a newer version of the models we have seen in the past. It is useful to have models capable of identifying vulnerabilities. Unfortunately, the models do not provide a solution to that. They show the problem but do not give the solution.
It seems like some kind of marketing campaign.
I agree, and that highlights another thing, like that access was granted to a select group of companies and organizations. I think all of them, at least initially, were American. So, in the geopolitical situation we have right now, that raises questions again like what this means, and then for providers like ESET, which are international but come from Europe, it gives us even more reasons to focus on our sovereignty, on running our own models, that do not depend on what big tech companies do.
Are there any reasons to be optimistic?
I would not say there are reasons to be optimistic, but at the same time, I do not want to give the impression that this is lost, as if we were doomed. At ESET we have gone through many ups and downs, many paradigm shifts throughout history, so simply my experience is that we always find a way to deal with a new situation, like this latest advance with these automated AI systems that could potentially be malicious.
Also read
What are the real capabilities of defense?
For now, I see that we can keep it under control, that our systems are capable of responding. We are able to recognize malicious or suspicious skills and we were able to adapt our existing systems quickly, within weeks.
Should we see it as an opportunity then?
The new opportunities brought by the new autonomous AI, instead of worrying, we should be excited about it. Like if we say: “Wow, that is amazing!”. Hopefully, maybe someday AI will do things we do not want to do, instead of asking ourselves: “Are we controlling it in some way that does not harm us, right?”.
Read more A girl injured by a stray bullet in a shooting in Badalona
