“The best laid schemes of mice and men often go awry”Robert Burns
Generative AI is going to be a major disruption to many industries. From teaching children how to write, to training would-be software developers how to code, there is a lot of discussion about how Generative AI is going to remove many of the building blocks traditionally used to learn the fundamentals of a skill.
The proponents claim that, as always happens, an equilibrium will evolve with new winners to balance out the losers. One area with both winners and losers is software development. Still in its infancy, various AI solutions have already been trained with billions of lines of code. As a result, there is the promise of new programs which can be autonomously written, at need, to address whatever challenges may arise and put into use in near real time.
While the potential benefit for capabilities such as this are not in doubt, let’s put this ability into the context of hacking. Criminal organizations and hostile governments are not going to ignore this new technology. Instead, they are going to use it to up their attacks and once they do, it’s going to get very bad for the rest of us, very quickly.
First a little context. Hacking is already a major business. Institutional hackers employ large teams of bright and diligent people who are dedicated to getting through whatever obstacles are put in their way. In this eternal game of cat-and-mouse between the hackers and those who strive to protect our systems and our data, the primary tools of these hackers are human ingenuity and good old trial-and-error.
It may seem counter-intuitive, but what is not readily acknowledged is that one of our greatest protections in this battle is the limit of human ingenuity. No matter how smart the attacker, or how many of them there may be, there are only so many different attack vectors they will be able to envision and then execute.
Now envision a not-to-distant future when that limitation no longer applies, and quantum-powered Degenerate AI is the apex cyber-predator.
“Degenerate AI”: Generative AI created for malicious purposes
If you feel your data will be safe because those responsible for its security have encrypted it, you may want to reconsider that confidence. Encryption is only ever as safe as A) the encryption key, B) the processes that use the encrypted data and C) the encryption tech itself. On that last point, make no mistake, whichever encryption technology you are using, one day will be broken. It is inevitable.
Oh, but now there is post-quantum encryption. That will save us, right? Unfortunately not.
Because what is also inevitable is that if Degenerate AI cannot currently decrypt your data, Degenerate AI will target everything around the encryption algorithm itself. What happens when quantum-powered Degenerate AI attacks every account, access point, partner, vendor, code repository and connected device in your organization? Are all the access points and user passwords in your organization post-quantum safe? You don’t have to think about this one, the answer is no, they are not.
The potential future is scary, but it is not hopeless.
Back in 2017 when we started the Poly-Anonymization technology behind PII Vault®, we had no idea this was coming. But it was clear, even then, that the legacy data protection processes people were using at the time (and which are still prevalent today), just could not adequately protect sensitive data. While Degenerate AI is going to exponentially increase the rate and severity of breaches, our mantra still holds true:
“Hackers cannot steal what is not there”
Anonomatic recently went through an exercise for a very large organization that has “LOTS” of computer systems with identified data (data w/ PII.) They mandate very strong standards for how to secure and protect this data. But guess what, as every one of these systems implements these standards in whichever tech stack they use, this means they have millions of lines of redundant code. To make matters worse, none of this code is part of the core mission of the system. After all, protecting PII is not why these systems were built. It is instead a very expensive overhead. PII typically accounts for less than 1% of data by volume but can add over 20% to the lifetime costs of a system, and every time there is a new threat each and every one of these code bases needs to go through the entire process of being updated, tested and released. All because the data is identified.
How much simpler and cost effective for them, and for you, to instead use PII-as-a-Service®. A centrally manageable solution, PII-as-a-Service was created from the ground up to protect your identified data in ways that neither encryption, nor any other legacy solution, can. At the same time, it can protect you from Degenerate AI, enable you to comply with all local and international data privacy obligations and delivers 100% accuracy and value from your data. Also, it runs within your environment, so your data never leaves your control.
Reach out to firstname.lastname@example.org for more details on how PII Vault can help protect you from today’s and tomorrow’s threats.
Note: This blog was written by a real human