This Webinar will redefine your approach to AI.
Discover how the AI revolution is transforming the cyber security landscape in this insightful webinar by WithSecure. Join Janne Kauhanen and our expert guests, Mikko Hyppönen and Tomi Tuominenn, as they discuss the impact of AI on both attackers and defenders in the industry. With rapid advancements in machine learning and cloud computing, the potential for AI to revolutionize security systems is undeniable.
Learn how companies can embrace AI technology to stay ahead, the challenges with ethical and legal considerations, and how AI can be used for good in this ever-changing world.
- Why we are experiencing an AI explosion right now
- What vulnerabilities companies need to be aware of
- The pros and cons of using AI in everyday company life
- How we can protect ourselves against AI-based attacks – both now and in the future
- Q&A session
Don't miss out on this eye-opening conversation—watch it now and stay updated on the future of cyber security with WithSecure by subscribing to our mailing list.
foreign I thought the internet was the only Revolution I would ever have to protect against in my lifetime [Music] I was wrong companies who ignore the threats and opportunities of artificial intelligence will share the same fate as companies who ignored the internet hello and welcome to this with secure webinar my name is Jana kohanan and I've dressed up for our illustrious guests Tommy tuminen the the vice president of security at Walt and Mika hupanan the chief research officer at wit secure we're going to be talking about the AI and and what it means for the security of companies and uh I guess my first question to you gentlemen would be why is this all happening right now yeah it seems surprising that after Decades of waiting for machine learning or artificial intelligence to become a real thing it suddenly happened I mean over the last 12 months we've seen more than ever before and I think it's it's a combination of three different technological revolutions happening roughly at the same time starts from the internet Revolution over the last 30 years all the information we have turned into data Internet caused this to happen before internet revolution information was on paper today of course you can buy a book in paper form but the same information is available digitally which means we can use it for machine learning Second Revolution the cloud the fact that we now have the storage capability to keep these massively large amounts of information available again making them available for machine learning systems or building generative AI and then the third and the most important Revolution which is explosive growth in Computing capability it's just insane how fast the fastest CPUs and gpus are it's it's pure magic what they're doing in these cheap Fabs and cheap factories today we can actually run these generative AI systems which keep on churning through massive amounts of data and are able to learn from them partially this is enabled by new Innovations in machine learning maybe most importantly they transform a paper by Google research published six years ago which really started like supercharging the these three revolutions and now we are in a situation where you can give a machine for example all the books written in Finnish language and you don't have to teach it finish it just reads it all and learns the language just sort of like humans do okay anything to to add to that like Michael mentioned I mean we're basically built on top of existing research that has been happening in the shadows for more than like more than 15 years and I I specifically like to mention the computing power because now just like few days ago iOS 17 came out on Apple devices meaning the latest IOS operating or already iPhone operating system and now you can run those models locally on your phone and that was previously not just possible and we have seen AI in multiple areas already like nowadays when you're snapping a phone and snapping a photo on your or in your phone there is a lot of AI is happening on the background and and those kind of things like originally they were just Niche things but later on people learned that actually a breakthrough in one of the AI research areas you can directly utilize that on other areas of AI like launch language models and image processing they eventually turned out to be more or less the same thing and this really this technological and computation Revolution is really in the hands of few leading companies which have very little competition because they are so far ahead from everyone else I'm speaking about companies like asml building the technology used by companies like tsmc which is then ending up on chips used on gpus made by Nvidia which end up in Computing centers like Microsoft Azure where open Ai and anthropic and other companies are able to use this massive computing power and my favorite detail about just how hard it is to be built this Cutting Edge gpus which do all this calculation enabling these magical things is that iPhone 15 runs on three nanometer technology three nanometer means that the images of the chips that are burned on Silicon they are so detailed at the difference the distance between two lines in the drawings is three nanometers a human hair is hundred thousand nanometers the wavelength of light is 193 nanometers light doesn't go through those drawings yet we use light to burn them on silicon and this again is so hard to do that it's the hardest thing to do in the world creating these chips are so it's so hard there's only one company in the world we can do it I mean exactly the the size of the transistors is measured in the number of atoms that they contain like ridiculous yeah so so these revolutions happening right now is the reason why AI explosion is happening right now so okay so it is a real thing it's it's not just a flash in the pan it's not a fad it's not going to pass in a couple of years it's here to stay and it is a game changer yeah I I absolutely think so the latest book I've wrote which came out two years ago I I wrote about how the internet Revolution is the biggest thing happening during our lifetime and when I wrote that that's what it looked like yeah like historically large technological Revolution which changed everything around the world well I think the AI Revolution is bigger than the internet Revolution and that is saying something yeah so how fast are things moving like um you know the the AI Revolution happened like overnight first there was nothing and then everything was Ai and and uh you know the natural question is is this gonna affect the attacks we're seeing so do you think the attackers are going to be equally quick in adapting these Technologies is that going to change the the threat landscape I I think one of the most important things to realize is that although the attacks themselves might be empowered or might be enhanced with AI uh the same rules apply on the defensive side as well they there are plenty of things first of all like if we look at let's say product Security in general like the modern development pipeline like how do you deploy software and so on you can AI you can use AI to enhance that like less programming errors you can do a lot of checks like statistic checks or static analysis or dynamic analysis that is in part or or is it using AI then that in turn means that there is going to be less vulnerabilities to begin with and you can utilize those techniques very very effectively because I mean there are deterministic problems which means that AI should be pretty good at solving those right but not only that but what like I've seen so many Doom days scenarios scenarios describing like how you're going to use AI to build extremely convincing phishing messages or how you're gonna lure people into doing XYZ things but what most people don't seem to realize is that many of these things we already now have technological solutions for those problems a good example of that would be past Case Technology which basically you can use your phone as a strong identity to tell the computer or the other party who you are and there is no AI in the world that can take that strong identity away meaning that basically as soon as we are we have deployed pass Keys into wider ecosystem like you know Google is already now supporting a Microsoft is already supporting it apple is supporting it and so on that strong identity will basically kill credential phishing completely because I can literally I can give you my username and password and you as an attacker there's no way how you can abuse that but but how quickly is that gonna end up like in the the sort of end of the line Solutions like I literally had to sign for a package yesterday like with my finger on a tablet like a signature you know it's gonna take a while um and these attackers using new technologies or using them for different purposes um we can't just speak about AI enabled attacks we have to go a little bit deeper because we will have malware attacks using AI Technologies we will have while we're written by large language models in fact we've already seen that it's not a real world problem yet but it it will be um we will see full automation of malware campaigns where all the reactions done by the attackers are done at machine speed that's a different problem we will see a large scale automated fishing and spam campaigns we will see business email compromise attacks which spend extended amount of time convincing individuals in organizations that they should be doing something they shouldn't be doing on the consumer side all the scams will be automated like romance scams and auction scams Airbnb scams and then of course we have the Deep fake problem as a general problem like having politicians saying something they're not really saying so different kind of problems and all of these are enabled by these new technologies but we sort of have existing solutions for all of them and it always is AI against AI like how do we detect malware which is rewriting its code well we detect it with AI enabled detection algorithms that detect anomalies or detect bad behavior or weird things done by code um how do we detect the effects well with AIS that are trained to detect deep fix how do we stop BEC attacks that are using internal email access to throw in emails which aren't real again the same Solutions now we really do have to think about things that would make this easier for example I do think that tools which are capable of creating convincing content whether it's text or sound like voice speech or or images or video we should have some kind of fingerprinting mechanisms built in to make it easier for humans and machines to tell fake content from real content and there's been some ideas floated around this I've had discussions with open AI about this myself but we aren't seeing that yet and we really should be thinking about that that's going to work as long as these systems are closed Source open source systems of course are are a different story and it might not be fake content it that there is a difference there fake content typically refers to fake news but it can be generated content which is a bit different because I mean I can use it to generate avatars of myself or something and it doesn't mean it's fake it's just Auto generated that might look very very real yeah and that's actually on the definition side of things I think it's it's important to keep in mind where the term generative AI comes from all these massively um world-changing technologies that we've seen over the last year like jet gbt or stable diffusion or Dole e or mid-journey or music generators all they are generative Ai and it really just means that you have a system which has seen a lot of content a lot of text a lot of images a lot of sound a lot of voice and then it can generate generative AI it generates content like that and you can also turn it the other way around it can not only generate it can recognize if it can generate images like human faces it can also detect or recognize human faces that's where the whole term generative comes from well the good thing about attacks and threats that are targeting humans is that those still have to happen at the speed of humans but but you were talking earlier about sort of AI attacks and AI defenses and I'm thinking of the stock market where already the trades are happening between uh computer systems and sometimes there happens weird things and you just have to go back to the logs and see what the heck just happened is that what the sort of technical defense and attack landscape is going to look like I mean if we look at the history of attacks or like tracked threat actors in general the speed has already always only increased like there is this old saying by NSA that the attacks never get worse they only get better and yeah most probably we're gonna see some like already now we are seeing heavily automated things but I I think there is going to be a limit to that as well I I think we're already at a point that the speed might not increase but the scale will yeah that that's a good point and and it applies to all of these attacks um especially it's important to realize that um language barriers no longer stop the attackers um a month ago at black hat in Las Vegas there was a great research published by Hogwart researchers on using current large language models to detect uh malicious emails typically phishing emails and and it was especially uh remarkable how they were able to do this in all languages so it doesn't matter if it's a phishing email in German or French or Finnish or English barriers are are going down now the same technology can be used to generate these phishing emails as well but again like I mentioned earlier the solutions are the same as the problems if you can generate the problems with AI you can also detect the problems with AI and this research was a prime example of that when I was having um one meeting with open AI researchers they actually mentioned that they've had really worried contacts coming in from Switzerland where big part of the world's banking happens it turns out in Switzerland you have these tiny cantons more small small language areas where they not only speak a specific dialect but even write it even the written text is very specific for a specific area and they've always thought that they are sort of protected against scams and phishing emails because the language area is so small Well turns out gbt can speak all of those small dialects very convincingly and that's scaring these Bankers in Switzerland I'm sure okay so uh moving on a little bit um you made that great quote about um companies who sort of shunned the AI Revolution are going to do as well as companies who ignored the internet when it was starting is that what we think is going to happen that the companies who are not sort of ready for the AI stuff now are biting their time or seeing how this plays out they're going to be left behind oh yeah I mean this is something we do have to take seriously um many of the people watching will remember 30 years ago when internet came around and not everybody took it very seriously or thought it did some kind of a fad or or I never really left behind the companies which embraced the change when we went from local systems to Global Systems where suddenly you could reach customers and clients and partners everywhere on the planet they reap the benefit for years being like Fast movers and and believing that this revolution is going to happen the Revolution was real and the revolution huge I mean the internet Revolution 30 years ago brought us huge upsides and huge downsides but the upsides were much much bigger than the downsides and that's exactly what's going to happen here with the AER Revolution it is a real thing I believe it's a bigger Revolution that internet was and it's going to bring us huge upsides and huge downsides but again I do believe the upsides are bigger than the downside why do you think it's going to be bigger the upsides no the the revolution yeah because this change is everything I mean we really needed the internet Revolution as a stepping stone to be able to get to this level and and the more powerful these systems are the more versatile they are we can use them for systems and services that we can't even imagine yet there's a great clip on the internet where Mark andreasen the the creator of the main designer behind Netscape the first mainstream web browser is being interviewed on morning television in USA they've just released the first beta of Netscape 99 of the audience has no idea what the internet is and the host is asking the Escape Creator like what is the internet what is this web browser what can you use it for and he can't give a concrete answer his answer is that well you can use it for anything like what well for anything so what can you have on the internet you can have anything on the internet like what well you know things stuff like there's no not a single concrete thing he would be able to like tell the audience that you know you could have like newspapers online or weather report or videos he's not able to like think that far he's just saying that you know it's going to be enabling things and of course everybody who saw that interview probably walked away thinking that what the hell like what is this thing there's nothing concrete here and that's sort of where we are today we know this is big it's going to enable a lot of things you can do anything but we probably don't really understand all the things we are able to build when we have so so powerful new technologies helping us building those new things what makes this especially hard to imagine is that like previously mentioned these types of AIS like if you do a breakthrough on one of the areas like image processing or voice processing or or text processing basically all those learnings will make all the other other like areas stronger and faster and better which means that we have really hard time imagining what is the combination or the like end result like if this gets better this gets better this gets better and suddenly we are in a situation that we can do absolutely amazing things like one of my favorite things that I read about recently was that AI has helped us for the first time in the history has helped us to identify Parkinson's disease in an early stages just by analyzing your eye and that that is absolutely huge yeah like and and I think that this is this just like one example like how it's going to revolutionize our health care how it's gonna Revolution us or a diagnosis like just a simple thing like a blood test I mean what if you just have huge amount of markers and then based on those markers you can do something completely new like and those are just few examples yeah so so we could do theranos for real exactly yeah that would be I mean things like these are becoming they're getting closer and closer to reality like we we have more Computing capability with completely different way of analyzing the data thanks to these generative AI algorithms and it's going to affect every business area and if we go back to the scaling thing like imagine that you can use your phone you just record a video of yourself and then your phone will tell you that dude you have a Parkinson disease that scales way better than the the amount of doctors that we have at the moment sure okay so you know let's say we've convinced everyone that you know this is happening and they need to get start moving right now so what are the things that companies should be doing around the AI space right now just sort of a lot of companies are sort of dangling their feet in the water a little bit like experimenting with chat GPT or things like that so what are the tangible things that companies should be doing today so that they don't get left behind well they that really depends on what the company is doing of course all possible business areas are are affected by this change but it's hard to really give advice which applies to every single company and every single business area so it really starts from the fact that taking this seriously and dedicating time to understand and learn how these Technologies work and then brainstorming with your own people like what what's this what is this going to mean for us how is this going to change our business if you work in medicine or if you're working building cars or if you are running a hotel it's gonna affect every single part of your business for years we've been speaking about how every company is a software company and that is absolutely true if you're running a hotel you're running it on software if you're building cars cars are data centers on four wheels medicine okay same thing so this is going to be a similar Revolution where that the software Revolution was but it's going to be enabling much much more processing of data and under standing that data and helping you to use the data so what companies should be doing is visioning the future where we have much more Computing capability which will be able to answer our questions how should we be building our system so we can use these new helpers to run our businesses better but given what you're saying that you know this is going to change everything doesn't that mean that companies sort of have to examine all the assumptions that they've ever made about their business like these are the laws that we operate under and and these are the sort of unmutable things that we can't change these are the problems that we just have to learn and live with now is the time to re-examine all of those and see if this changes anything that it might not be obvious like one of my favorite things uh has been that like buying the CEO of Boeing was asked like what is your competitive advantage and the guy answers that the aerodynamics of our wings which might not be obvious answer like you know that that's not maybe like you know maybe you would think like you know you know we make some pretty good airplanes or something but that that was his answer and it actually says that on their website now Google did a cooperation maybe it was American Airlines or United I don't remember which airline it was but they started optimizing the the routes of their fleets and just by running that through an AI simulation they were able to get 20 gain on the efficiency as well as lowering the cost of everything without sacrificing the service level 20 is huge so maybe the the the path where I'm going with this is that maybe you should take a critical look like they take those two sips behind look at what your company is doing take the most complex business problem and see if now a I would be capable of solving that for you but for example the the route planning on air airplanes like or carriers in general that's a hard problem like it's super complex and the reason why it's complex is it's that so you have so many parameters that you're it's like humanly impossible to calculate all of those which in turn AI is pretty good at so that might be one thing maybe to turn the other way around like what I'm a little bit afraid of is that people are going to look at things like chat jpd and they're thinking like okay chatbot so we're gonna get better chat Bots and people go like oh Google has been using this for their search technology for a long time and those are the first things that come to mind but I think that the real power is elsewhere like we don't we have still hard time imagining what it will really mean and I have a feeling that this is the biggest redistribution of market share that we have ever seen in the history wow one company I've uh I've worked with is building AI enabled automatic sales so figuring out where sales opportunities are and then actually building opener emails or contacts contacting the clients and setting up meetings for sales purposes and there's tons of things that can be done there which aren't obvious like the fact that when you have access to large databases it can like eat all the data and understand opportunities where humans would never be able to understand the opportunities and humans would never be able to like digest all the data so for example selling real estate just looking at all the public records and looking at all the recruitment ads for companies and their press releases and their their revenues and public Financial figures you can see that you know this company is growing so fast they won't be able to fit into that office much longer and there's an office nearby which would be the right choice automation will figure that out like that and you can immediately turn that into a language any language humans speak and craft an opener email my favorite example of this company is that the way they've built this this sales automation the way it finds new new clients for the sales automation is that it tracks for recruitment ads for sales people and it answers those recruitment ads by themselves hi I'm applying for this position I'm an AI by the way but you know here's what I can do and it works so so you know it's a little bit ticking out of the box right but this is real this is happening right now this is not theoretical this has been they've been doing this for quite a while already so if now is the time to sort of think outside the box and and take a critical look at everything you thought to be true and stuff like that what is what are some of the things that we don't want companies to be doing right now what are some of the mistakes that they should avoid in a time like this well like kind of kind of answered already that one like don't look at the things that are easy to solve like you know customer support or maybe you can look at those as well but those are maybe the obviously exactly like don't limit yourself to that I I think that having a critical look at your operations or would your would you think that you're good at and then saying like Okay is are there some some key areas that are extremely expensive to do at the moment can we speed those up somehow or can can we scale that better or solving complex problems that would be my my answer would be that don't expect quick and easy wins you won't be able to you know decrease your head count by 50 next month just by automating everything this is a long Revolution again sort of like internet Revolution clearly the upside for massive but it wasn't an overnight success it took took a while for us to understand how to work and do business in this new new environment so yes you will be able to automate big part of your operations and long term that's going to make people more productive I mean the same people will be able to do better work and more more results with the automation helping them to be better in their work but it's not going to be happening overnight and the example of tech support is actually pretty good I mean these narrow specific uh expert systems are able to provide better tech support for end users than humans can they know all the details they remember every case they can interact with humans just like humans can but of course we humans would like to know when we are speaking with a human and when we are speaking or chatting with a machine and that's one of the things we have to consider here and it's also one of the things the EU AI Act is is Raising that when we humans interact with machines we should be told that even though it looks like you're speaking to a human it's not a human yeah the the touring test is rapidly losing relevance that is gone yeah yeah all right so um we're Security Professionals so let's talk about you know protecting ourselves in this this ever-changing world so you know the AI is happening it's a tool for for Defenders it's a a threat as well on the defensive side what are some of the things that we should be doing right now I'll start with my favorite anecdotes about the history of artificial intelligence within with secure company was founded by Resto sales my 1988 um before Aristo founded his company had actually written his first articles about artificial intelligence if you go and read magazines from like 1987 you'll find risto as a 21 year old student writing articles about artificial intelligence um he's been one of the the brain brains inside the company pushing us towards more automation more machine learning and more artificial intelligence that's why we started our first malware detection machine learning engines in 2005 18 years ago we've been working in this space longer than any other security company and all that time we've sort of been waiting the thing that's happening right now to happen and that that means that barriers are coming down the the accessibility of these tools for good and bad are are coming down and now we're sort of waiting that all these things we've been building for defense how well do they really wage against attacks which are using these same tools because we really haven't seen them until now we now have the very first examples and we do believe good AI will beat bad AI but we will really only see it when we for example start seeing full scale completely automated malware campaigns which will happen in the near future but hasn't happened yet and why we know they haven't happened yet is simply that they are still too slow we can see that attackers are working at human speed reacting to our automated defenses you know in hours or in days which means it's not a machine it's a human that's going to go down to seconds and then we know that it's automated on both sides and then we'll see who will win I believe it's the good guys but we don't really know I actually think I I'm quite positive about this because like already previously mentioned I I think that the AI will revolutionize the quality of software like already now the productivity is increasing like crazy like if you have tried GitHub co-pilot or any of those Services they are absolutely amazing like already by now and we are barely scratching the surface at the moment like they will only get better which means that the quality of software will increase significantly we're gonna get more languages that are actually secure like I'm like if you look at languages programming languages like rust at the moment they are already now amazing but they will only get better and we can ask an AI to create a safe language that basically we can kind of guarantee that the software that we produce with that is going to be free of traditional security vulnerabilities and obviously it's not it's going to be an instant but gradually like if we look back all the biggest wins have been because of tooling I you were able to make the tooling better that scaled well and that's the reason why we have more secure software nowadays than like for example 20 years ago and also another thing that so meaning that this will also make it very very hard to find vulnerabilities also like offensive techniques like fuzzing for example which means that you're you're basically using computers to find different paths to different uh unwanted functionalities so to say fuzzing like AI lends itself extremely wealthy fuzzing which means that even the vulnerabilities that will exist the good AI will find the most probably earlier because companies like Google are already now offering it to for the most critical parts of internet that are the services that power the most critical part of Internet and and lastly like we should not think that it's always AI against AEI this is a little bit more asymmetric problem or issue like many of the attacks will be traditional ones and the AI will be able to defend against those attacks and vice versa like many of the attacks that will be AI powered The Cure or the defensive uh posture against that or the mitigation will be something a little bit more traditional like past keys that I mentioned earlier and companies will mostly rely on on cyber security companies doing this work for them but they should also realize that if you are if you're defending your own network if you're a large Enterprise and you're for example looking at you know denial of service attacks coming your way or you know spam or phishing campaigns and you're actively blocking attacks yourself be ready those are gonna change very quickly they if you block something in the near future the reaction time from the attackers is going to be in in seconds or minutes and they have automatically detected that they are being blocked and it's going to be rerouted and attacked from somewhere else so completely automated reactions from the attackers to your defenses that's going to happen like all of these will be enabled by these automation systems so you mentioned cyber security companies I wanted to talk about that a little bit um the AI Revolution seemed to catch everybody off guard a little bit what about this industry did it catch us off guard or our company's security companies are they were they AI ready security companies were forced to use massively large machine Learning Systems years ago because there was no other way to keep up with the amount of attacks so we couldn't continue in the old world even if we wanted to we would need an army of a million analysts to be able to keep up with the amount of malware samples and you know malicious Network flows and look at different exploits if we wanted to analyze everything by human brain power so it had to be automated and that sort of forced the industry into this world where everything is being run by different uh large-scale Frameworks starting from fairly simple machine learning systems but now grown into these AI Frameworks that are being used by security companies again we've been doing this for a very long time so we've been seeing how the industry slowly but gradually moved from the old world into the new world but cyber security industry was one of the first Industries to embrace AI maybe not because we wanted to we had to okay so how ready are we like are the products that we have today the services that we have today are they good enough for this world I mean presumably there has to be a lot of research and design and just rethinking of services and products right now we are putting a lot of effort and investment into r d to be able to keep up and to forecast what's going to happen next things are moving very fast the the um it's very hard to give promises that you know we will be able to defend against every possible attack when the the tools that attackers now have access to are are downloadable or can easily be be taken into use for example the open sourced uh large language Frameworks most importantly llama out of meta is worrying me because now anybody can just remove restrictions and use it to create we have it to write malicious code or draft malicious emails and none of the restrictions originally built into these Frameworks apply anymore because it can just be downloaded um when we are using closed-sourced environments like for example GPT um that's a client server architecture open a I can always block actors who use their services for Badness and then it becomes sort of like a game of cat and mouse and you know this account is is blocked because it was using our services to write malware and they create a new account but you can sort of keep up with that but it's completely different story if you can actually download the whole framework and run it on your own systems and do exactly what you want with it now arguably the the most powerful Frontier models like Claude from anthropic or Bart from Google or GPT from open AI they're all closed chores you can only access them from their Cloud you can't download them but llama is not very far away and it's a little bit worrying about what's going to come out of that and if you're going to see more fully open source Frontier models I've always been a fan of Open Source but here you know it is a bit worrying when you give these really powerful tools in the hands of actors who can do whatever they want with it yeah and I guess to to sort of an industry and a crowd of people who are not quite sure what's going to happen next and where we're going so the discoveries might happen anywhere and on the good side or on the bad side sure sure and the more powerful these systems become the more we have to worry about where the Innovation is happening it might not be happening in responsible Democratic Western Nations but somewhere else okay so um can you give me some sort of like tangible practical examples of how you think this sort of the industry has to change to sort of better meet the needs of our clients I would assume for example that we're going to need more dialogue with our clients like what are the sort of issues and problems that companies are facing and how can we as a security industry meet those needs I I think it starts from even earlier um this this new industry of this um artificial intelligence startups like open AI which is 80 years old or anthropic which is two years old um they're sort of Outsiders to the cyber security industry there's very little uh like existing connections and and uh shared research and trust and that we need to work very heavily to build that um we need to have these companies join us in the industry forums have discussions share intelligence work together to make sure that the engines that can be used for good and bad are built as securely and safely as possible the stones of existing knowledge that the cyber security industry has built over the decades and and we really should be putting more effort into sharing that with these new companies building these technologies that everybody's using around the world once that's solved and that of course can be solved and will be solved then we can go into discussion more about how the industry can work together to make sure these tools can be you know how can we for example build systems um where the the fingerprinting problem is solved so we would be able to detect that this phishing email was generated by a large language model and we know because there's some kind of a marker which has been built into the content or this video isn't real this is coming from a machine it pretends to be real but it isn't these are hard problems to solve but they're not going to solve themselves right so we're going to have some time for our questions and answers in a minute um we have been getting some questions already but please keep sending them in um but before we go there sort of um I'd like to to sort of summarize your your feelings on on AI sort of if there's one thing that you want everybody in the audience to sort of pick up from this and start doing immediately or stop doing uh what would that be what's the most important thing right now I don't know don't be afraid like embrace it like this is a good thing I I've seen quite a few predictions that oh my God we're all doomed uh and I don't believe in that like I I believe that eventually good things will happen cool yeah yeah I'm more of an optimist than pessimist but of course we do have to take seriously the the downsides here as well and and the downsides potentially are bigger um than ever before but then again the upsides are bigger than ever before and I really would like to encourage people to to like hands on work with these systems try these systems use them I use them myself all the time like concrete practical examples of things which I think would be powerful for anybody is that let's say you get a new industry white paper or some PDF file with a lot of content and you don't have time to read it or you even get a book and you want to get summary of the book well you can copy paste the content into Claude or into gbt GPT has a limit you can't copy a whole book but there's actually an add-on called book GPT which allows you to paste a whole book right into GPD then you can ask questions like is there any anywhere in this book any discussion about this topic what did they say about what's written in the book about uh you know the the politics of Soviet Union in 1945 and it will tell you and it will like this is on these pages and you can like double check that it's actually real and and uh the idea of having someone next to you sparring with you and opening up new ideas for you is really powerful I use these Technologies all the time myself and people are are varied and disappointed when they get mistakes and wrong answers from large language models well duh this is brand new technology imagine how good it will be in two years three years five years they they will no longer make mistakes and and we will see really powerful um uh teachers come out of this technology you take a narrow area um you know some specific industry machine you build an expert system which knows everything about the usage of that machine and that system will be able to teach anyone to use that machine or you can imagine a child trying to learn how to do integral math a tireless a teacher which never gets mad a large language model which knows everything about the topic which will never make mistakes or never hallucinate about that topic because it's the only topic it knows about they will be able to teach us to be much better as humans and and like Empower us to do things we wouldn't be able to do otherwise so yeah I'm excited about this absolutely now for some of the the questions that we have uh you know I'm I'm very excited about this sort of uh your predictions about how the AI is going to change the world around us and any teams are our audiences as well and and they want even more so we have a question specifically about that can you expand on that a little bit like just one more example about something in the sort of the traditional economy something in our real world around us that's going to be changed by the AI I'll I'll start um which is because it's also a good example on the problems that comes out of this um image generation like we've all seen images created by by AI of course there's nothing new in that we've seen Deepak videos um but then you end up with the problem of copyright let me just show for camera like I was creating some images of myself um yesterday so these photos are not done by mid-journey 5 5.1 and they have no copyright they are licensed under Creative Commons four if you run the commercial version of mid-journey um I own these files and they have no copyright in the traditional sense however to create these images I uploaded a set of my images to mid-journey and then it generated this um and those images did have a copyright they were taken by photographs now I used photos I actually had to write for I had bought the rights but you can see the problem I'm getting into yeah I have these images which are perfectly useful which are not taken by a photographer where I have the rights now they're free um or I have the I own the files but I don't actually have a copyright they are like sort of like public domain oh that's great and that's awful at the same time because these copyright issues are very real and you could say exactly the same thing about the the copyright of of any other kind of content like text so we are getting great benefits and completely new headaches yeah so you know you were talking about software earlier and how AI is going to change that um how do you think software Freedom will affect AI security what's the definition of software great that's a good question I guess it is the the idea that you know we're gonna have all this um it's going to be easier for people to create uh software and and have access to different kinds of software absolutely um that so I actually had a really really good discussion with good friend of mine who's a um like a product person like he he's he's really good at productizing things but he never learned how to code and now with the help of these generative models he had an idea like half an hour later he had his first prototype available yeah so it's going to make it more available to people who previously thought that it would be too difficult to or just didn't want to put the time investment in like I actually I strongly believe that anybody can learn how to learn to code but it's about putting in the hours so in that regard but I'm not sure that's the answer to that question like I don't know how you would Define software Freedom maybe if you mean it like that yeah it will definitely make it more democratic sure or or leaking back to my example of these images um what's the copyright of the the code created by machines which learned to code by reading other code which might be under copyright so yeah interesting okay so what sort of professional skills are we in the security industry going to need with the with the you know all this AI research that's taking place all that all this development um are we going to need more sort of AI professionals what what are the skills that we're looking for right now as an industry I don't know if it's a skill but I would firstly Begin by understanding how these large language models work there's a great article on Financial Times unfortunately behind the paywall but but um that he explains it extremely well like how the large language models are built like how they how many tokens they support and and how do you construct a sentence for example and the basic idea is is pretty much the same for everything that is is generative and once you understand that you realize that this thing called prompt engineering actually becomes a thing because in order to come up with good prompts you kind of need to understand how the engine under the who it works and that is the skill set of its own like it will take some take some practice and understanding in order to be good at it like I've been following a lot about this this mid-journey forums where people come up with things and I was like man this is like I would have never thought of that and actually think that uh writers and the people who are good with language they're going to be excellent from the engineers yeah yeah and and this does apply to all areas of generative AI like definitely to creating human readable text in different languages to code to images to video last night I was playing with music generators applies there as well like again you write text and you ask it to create music that you like unlike you know slow tempo heavy metal three guitars uh slow Bass with a lot of Reverb and it makes a song for you no no there's no singing but otherwise it is there and then you can add can we add some harmonica in the background and it adds it and you know and and can we add you know Les Paul guitar with this kind of uh you know amp connected to it and that's prompt engineering just like you know in any other area it is and the beauty of it is that you can ask a large language model to write a good prompt for you that you can then use for for making images it's also a business I found a website where you could buy prompts for different different AI so there are these AI Whisperers who are selling their services online yeah all right so now that we're trying to sort of um keep not even catch up but just like keep ourselves afloat on the set the technological changes that need to happen is there a risk that we're going to sort of miss out on the the ethical and legal considerations for example when we're developing these tools to tackle this new new world that we're facing yep yep that's probably one of the fights we are still facing um stable diffusion has been sued by image libraries comedians in USA have sued open AI for using jokes they've written there's a lot of fighting to be left um in the in the courtrooms about the legality of all of this and and the copyright and content generated what what what kind of protection should it uh have after it's been generated by these prompt engineers and we don't have answers to all of that yet but these are very powerful new technologies and they will change the world one way or another and the worst response to these new technologies is refusing to use them and we've seen this like for example Italy for quite a while was without access to gbt because of the fight with open air about copyright of the content used to teach these systems and like withdrawing the right of your citizens to use these powerful Technologies that's definitely the wrong answer there has been a lot of discussion and I guess it was open-air who openly said that we know that these models are not perfect but but we are also using the user input to train them to be better so I guess we're kind of trying and trying out different things and see where it goes and then fix it in the mix and that's also one of the reasons um this Frontier companies are are saying that they're bringing out these models to start the discussion with The Regulators with the uh people passing the laws because clearly something needs to be done this in this space and that's pretty rare for an industry to go to the government to say that hey this is powerful you should regulate us yeah no on that topic like it can be very scary all this information that that's available for us about us and and it's being used to train these AI models do we need to sort of look at like who's training models to do what and we need to regulate that can we regulate it like are there legal ethical concerns in that area yeah yeah there are and again the fact that some of these models are open which means anybody can do what the hell they want with them and of course you might make things illegal but then again criminals break the laws anyway so making something illegal is not going to make a problem go away um we will be able to build rules and regulations affecting the way these Frontier the largest companies models and their models work in this space but there will definitely be lasting Problems by people who couldn't care less about laws and regulations that being said the frontier companies meaning the companies were now kind of best companies in the world doing this they have identified all these areas and there are like maybe you should briefly talk about system cards yeah yeah I mean this is this is very well understood problem for companies like cohere or anthropic or open AI they've they they have tons of people working in this space and and people who are trying to break the security of the model in order to build it better the system card is the specification for the largest large language models which like show how you can use these Technologies and how you should not use these Technologies what's the concrete specification for the API how the token models have been built and how they've been tested and they have hundreds of people working in internal red teams like trying to break the security of these models or try them try to make them misbehave or to give answers to questions they shouldn't be giving answers to and and that is it's comforting to see that these companies are at least the most important companies in the space are taking this responsibility that they should be taking um how well do you think we as an industry understand the sort of data that we have in the collection that's taking place like uh in the European Union there are the GDP regulations on on sort of how to store data what to do with it uh do we think that using the tendency to use any data you have to train AI models do we think that's going to have legal repercussions in that space yeah there's going to be a lot of discussions about this but I if you look at the bigger picture um we have the knowledge we have the know-how we have the technology to build systems to make Humanity better we have the capability to build assistance and teachers that could make humans behave and reach things they couldn't reach any other way and to do that we have to be able to train the assistance with the human knowledge some of that knowledge is copyrighted or protected somehow but I'm sure we will be able to find a way to use this combined human knowledge to teach these systems which would enable us to solve problems we couldn't solve any other way right okay now uh as a you know again we don't have time to go through all of the questions that we've been getting thank you for for the questions thank you for for tuning in to listen to us but I do want to ask this one final question uh that came from the audience and seemed very very important to me how do the the people watching this this webinar right now how do they know that there are human beings on stage discussing this and everything is not deep faked well there's no way to know with the current technology this could have all been faked the our voices our video well I think the technology today would be good enough to have an end result like this especially if it would have been pre-rendered but since the question came in and we answered in in Fairly Real Time with current technology probably the quality wouldn't be this good this fast it's easy to tell that like if the answers were even half good must be AIS there you go there you go okay thank you very much for tuning in and and watching this webinar today and join us next time as well thanks foreign
VP of Security, Wolt
Tomi Tuominen is recognized as one of the leading information security professionals in the world. In his more than three decades in the industry, Tomi has trained information security professionals, leadership teams, board members, political leaders as well as journalists. He is currently the VP of Security at Wolt, a Helsinki based technology company.
Tomi has thrice been named one of the Top 100 IT Influencers in Finland and he has published globally recognized security research. The latest research was about vulnerabilities in the physical access control systems used by the hospitality industry. Tomi is the founder and main organizer of t2 infosec conference, a globally known information security conference.
Chief Research Officer, WithSecure
Mikko Hypponen is one of the most recognized cyber security experts world-wide and a best-selling author. He has written for the New York Times, Wired and Scientific American and lectured at the universities of Oxford, Stanford and Cambridge. Mikko works as the Chief Research Officer for WithSecure and sits in the advisory boards of EUROPOL and Verge Motorcycles.
Cyber Host & Account Director, WithSecure
For the last decade as a cyber translator Janne has been helping WithSecure consulting clients find solutions for their information security issues, but he also occasionally transforms into the host of the Cyber Security Sauna podcast.
Watch latest webinars
Join our mailing list
Subcribe to our news and updates from WithSecure ans acquire valuable insights directly from our industry-leading professionals.