Artificial Intelligence (AI) touches our lives every day. It is driving everything from what searches we see on Google to managing our air traffic systems. What has amazed me the most is how AI has been quietly integrated into the back end of many of the systems we use each day, transforming our world, making it far more efficient, safer, and organized.

I’m a big fan of AI and would like to update a quote from Isaac Asimov who said “I do not fear computers. I fear the lack of them.” Well, my quote is, “I do not fear Artificial Intelligence. I fear life without it!”

As we move into this next millennia, AI will play a growing role in your daily life. AI will be built into everything you do, touch, see and operate. We are in the early stages of the AI revolution and it will only accelerate in future years as it continues to be integrated into cars, homes, and offices,

With all the transformation AI will bring, I have concerns about securing AI. If we believe the premise that AI will become ubiquitous, we are not taking the protection of AI serious enough. As we sit here today every single AI system, we use is vulnerable to attack. I believe every AI database on the planet can be breached, altered, and can be compromised. So, what are the real vulnerabilities that scare me right now?

AI Malware: Bad actors today are using AI to disrupt AI. Highly targeted AI malware attacks are the Achilles heel to all AI systems and a right now threat. The most sophisticated malware today leverages AI and can automate attacks as well as learn the behavior of AI systems it is attacking. This allows the AI attack malware to adapt, change behavior on the fly and go by undetected. The AI attacker can also generate ‘decoys’ and creating false behavioral patterns, subverting any possible defense. So, what are the risks?

• AI Malware can confuse the AI being attacked triggering false actions, resulting in an AI adapting to falsehoods in the data, creating an adverse impact on the AI decision ability.
• AI Malware can generate decoys creating false patterns and making AI defense mechanisms worthless in an AI driven attack. This can create a domino effect, wreaking havoc on the AI system by disrupting networking and slow operations. These actions can overload the IT team with alerts, and, in extreme cases, it can force organizations to shut off their AI system all together.
• Malware can bombard the AI system with ‘fake’ data and completely alter the outcome of AI decision making processing.

Database Attacks: AI is only as good as the data it accesses. That is why most AI systems require vast amounts of data to make them valuable. AI analyzes vast amounts of information and give you the best answer based on the ‘specific’ question you ask. For instance, if you ask AI – “what is the most popular color in the world” – it can only give you an answer based on the data it can access. It will analyze all the data in its many databases and formulate an answer based on the data. Let us suppose that a bad actor can access the AI databases tabulating this answer and this actor injects a massive amount of ‘fake data’ into the database. It would clearly alter the decision of the AI since the AI has no way to determine what data is fake, real, or compromised. Since we now know every AI database is unsecure, can be breached and fake data can be injected we can no longer ‘trust’ our AI systems that drive some of our most critical solutions. We need a better way of addressing this security issue and Secured2 has an exciting new approach that can solve this massive problem. 

AI hijacking: AI hijacking is a new threat we need to consider and is a new way bad actors can wreak havoc on our data systems. Recently researchers showed that by altering images in a database by just a few pixels, AI would change a picture of a cat to a dog based on its programming. Through AI hijacking, the hackers not only change data, but also replace log files, change metadata or timestamps. In an extreme example, let us say a government official is doing a search for a wanted criminal. The criminal pays a hacker to change the identity to an innocent person. The hacker hijacks the AI database and alters the image of the criminal to Brad Pitt. So, the AI sifts through, millions of possible combinations until it lands on Brad Pitt’s image and identifies him as the assailant. Then, it can correlate other data on Brad Pitt and ultimately create a warrant for an innocent man. These are very real scenarios we need to start addressing and planning for right now!

These are just three examples of the threats open on today’s AI systems. If the future brings us autonomous cars, self-service restaurants, and home robots it is easy to see the huge issues we have coming when real lives could be at stake based on decisions AI will be making. I am bullish on the future of AI, but there are storm clouds on the horizon. How do we keep them from growing into storms?

1. If you are operating an AI system, be very honest with yourself. You must assume that your data can be breached. Do you know your weak points? By knowing your vulnerable points, you can add in the ‘human element.’ AI systems need to have a ‘human element’ as part of the process of AI decision and must have humans making ultimate ‘big decisions.’ So, the best AI in my opinion is an AI that can augment a human’s decision making but not make final decisions. Do not let AI make 100% decisions.
2. Human curation of the data. The hackers upset AI systems is by injecting fake data and changing the AI output. Strict controls on how data is evaluated, time stamping, data security and viewing log files add security and takes away the ability to rummage through the AI database unchecked. Human curation can research any flagged changes in the AI database.
3. A clean data set. An uncompromised database that can be compared against the live AI database is a necessity. By doing this, you can see what data has changed because you have a ‘source of truth’ that can flag any altered data. By employing technologies, like those offered by Secured2, you can ensure that your ‘clean data set’ is protected and is safe from the ability of hackers to alter information.

In addition to the steps above, typical infrastructure hygiene needs to be applied to create your ‘digital immune system.’ This includes steps that:

• Prevent and Detect
• Error and Alert Management
• No dependencies on ‘singular databases.’
• Lightweight on-system resources – kernel level
• Ensuring memory is clear at Runtime
• Proper ‘trusted’ human engagement combined with industry leading tools

In summary,  the key to creating AI Security is a blend of database protection using solutions like Secured2,  having controls around who is accessing data, and ensuring there is a way to measure the efficacy of your AI databases. The good news is Secured2 can help you implement many of these steps without a large capital outlay.  We are ready to talk to your company about how Secured2 can help you upgrade your AI defenses and make your AI databases less likely to become a victim of a hack or malware.