Artificial intelligence (AI) is one of the hottest topics in the IT sector and is now ranked third among German companies in the Priority list – trumped only by cloud computing and cybersecurity. Companies expect AI to increase efficiency and are therefore assessing its use in various fields of application. AI systems and applications aimed at improving security measures and defense capabilities are finding their way into the cybersecurity sector. Unfortunately, criminals also leverage the potential of artificial intelligence: the race between attackers and defenders enters the next round.

Imminent danger: AI-assisted attacks

One of the advantages enjoyed by attackers is that AI-supported malware automatically and continuously adapts its behavior. Malware learns to remain inconspicuous in a certain environment and can thus bypass a company’s protection measures intended for early detection of attacks. It fits better and better into the victim’s existing infrastructure and imitates human behaviour. AI-assisted malware is also becoming increasingly modular and decides on a case-by-case basis which modules are best suited for which attack purpose. This considerably reduces the probability that malware will be detected by the defenders and their security solutions. A good example is the continued enhancement of the Trickbot malware. Originally launched as a banking Trojan, Trickbot is increasingly evolving into a multi-purpose weapon ranging from ransomware and data theft to targeted attacks. Attackers use AI to automate and scale their attacks – and they are getting ever better at executing them.

AI-assisted defense

On average, it takes 199 days for a company to even realize that it has been the victim of an attack. Defending the attack and system recovery take another two to three months. In order to better recognize attacks and react faster, artificial intelligence is increasingly used in defending attacks as well. AI provides reliable and rapid contextual intelligence on new threats and attacks. Attacks on a corporate network, for example, can be detected and analyzed more quickly with AI, and those affected have the chance to react in good time. AI-based assistance systems enable security experts to make quick and far-reaching decisions.

In the future, AI will be able to support or take over more and more tasks of security experts. However, it is still difficult to assess for which security-relevant events identified by artificial intelligence additional human analysis is required. Due to the huge amounts of data and the multitude of events, not every incident can be checked by experts. So there remains the question of how to check and ensure the quality and correctness of AI-controlled actions.

AI systems and applications in cyberdefense offer many advantages for companies and their security experts. They enable fast responses based on informed decisions using large amounts of data. This means that existing resources can be used more efficiently and specifically and the overall level of security increases.

AI versus AI?

However, all those responsible must be aware that AI is used on both sides – sometimes the attackers are ahead and sometimes the defenders are. AI-based security measures to defend against AI-based threats are becoming increasingly powerful. Nevertheless, artificial intelligence is not a silver bullet and must be controlled and monitored by human security experts. This is all the more true when it comes to assessing attack reports and responding to attacks. Recent developments are therefore moving in the direction of intelligently combining human and machine, both on the attacker’s side and in defending attacks.


Wolfgang Kiener

Wolfgang Kiener

Head of Center of Excellence

Wolfgang Kiener (M.Sc.) heads up the Center of Excellence for Advanced Threats in the Cybersecurity department of TÜV Rheinland. He is responsible for the strategic service development in threat management and operational technology security (industrial security). With more than 15 years of professional experience in major international corporations such as Siemens, T-Systems, Verizon and CSC, Wolfgang boasts extensive experience in the development of innovative security services taking into account technological and commercial aspects. He holds a number of IT and security certifications such as CISSP, CISM, CCSK, ITIL, ISO 27001 Lead Implementer und GIAC.

More Posts

electric mobility

Electric mobility: charging infrastructure getting more extensive

The new decade is all about climate protection – and one of the major challenges we face is climate-friendly (electric) mobility. The new EU emissions target, which comes into force in 2021.


Cool title – no applicants? Sorting the good ads from the bad

Skills shortages, the talent war and demographic change – all excellent choices for a round of buzzword bingo as played by HR specialists. The job market’s not getting any easier for employers.

Digital trends in 2020: ideas for making businesses more secure

How secure are the smart systems in our homes? How can we ensure that tomorrow’s digital solutions in the logistics, automotive and healthcare industries are secure from cyber attacks?



Submit a Comment

Your email address will not be published. Required fields are marked *