A. Pabrai
ecfirst, Inc., California, United States
Keywords: AI, Cyber security, ISO risk management, NIST AI risk management, AI security controls
Mirai, Japanese for “the future,” is already underway with cyber-attacks inclusive of generative Artificial Intelligence (AI) and Large Language Model (LLM). Are businesses prepared with an AI- fueled cyber defense? With the application of AI, threat actors can now generate targeted phishing campaigns or novel malicious code in seconds. Generative AI has changed the threat landscape and now makes it possible for attackers to deploy unique attacks at machine speed. Generative AI and other AI toolkits augment malicious actors at every stage of the cyber-attack kill chain. Enterprise cyber defense starts with an assessment of risk to assets and data in this new era of AI-powered cyber-attacks. NIST has published an AI Risk Management Framework (RMF) that enables businesses to frame the risks related to AI and identify a path to trustworthy AI systems. In this brief, we: • Examine the AI cyber-attack kill chain, including weaponization, lateral movement, and exfiltration • Step through the NIST AI Risk Management Framework (RMF) and ISO AI to integrate trustworthiness in AI systems and capabilities • Identify key steps to protect assets and data with an AI-based cyber defense aligned with the NIST AI RMF and ISO AI