By Robert Hannigan | Of all the sectors of the economy set to benefit most from the application of artificial intelligence and machine learning, cyber security must be near the top of the list. The challenges in cyber are crying out for AI solutions: the sheer volume of data from diverse sources in different formats, and the speed of change in the cyber threat world makes human analysis at scale impractical.

The answer across the cyber security industry has to be greater automation and, ideally, the machine intelligence to spot vulnerabilities, predict developing attacks, and reduce the false positives that gridlock business.

In the future, if the right AI is applied to the right data, the friction of security should be reduced and its effectiveness improved.

The greatest long-term benefits are likely to be in threat intelligence. Anomaly detection enabled by AI is helping many companies supplement firewall defence, spot threats and deploy mitigations instantly.

Some established AI-based cyber companies are applying machine analytics to internal company network data, whether to detect fraud and insider threats, or counter cyber attacks. But far greater benefits will come when AI is applied to bigger datasets outside company networks: blending internet cyber metadata with open-source material, dark web threat intelligence, internal network data and other more focused data sets.

The goal must be to move away from signature-based reactive security, which is too much like fighting the last war, and move to active and predictive security. In the future, AI may be better at answering the question ‘where is cyber crime going next’ than cyber criminals themselves.

AI also promises to replace many resource-intensive security processes. Vulnerability-scanning, surveying of the attack surface, and red-teaming are all functions that machines already can perform better than humans.

The analysis and reverse-engineering of malware is something that machines will be able to do quickly and at scale, digesting and learning in real-time from a vast catalogue of malicious code and predicting its next mutation.

Most importantly, in a cyber security world where human error is almost always at the root of poor security, machines can learn to monitor the implementation of good practice and drive cultural change.

Machines will also give security experts and chief executives priorities for managing risk. Most automated processes today produce so many false positives that they create alternative problems. Machine learning can refine this approach and assess risk much more accurately, leaving human experts to concentrate on the challenges they care about most.

At the tactical level, AI is transforming some key enablers of good security: identity verification, biometrics and the behavioural approach to cyber security. It will have a role in addressing the critical global skills shortage in cyber: identifying employees with ‘aptitude’ who may not have formal cyber skills, and developing individuals’ skills through tailored learning, based on current threats.

Finally, as the Internet of Things (IoT) connects billions of new processors, AI could be used in a regulatory role: checking on the default security of these devices at scale, assessing the risk, and blocking their connection to networks where necessary. This will be essential if the fantastic opportunity of IoT – much of it driven from China, the great computer hardware capital of the world – is not to amplify the weaknesses of an already insecure internet, making it less resilient for all.

The downside is that AI will also be well suited to spotting weaknesses in defence and identifying new vectors for attack. In the cyber arms race, the winners will be those with access to the most data and the highest-grade analytics, human and machine. The current focus on cyber security and the huge investment going into new security technology, gives us some hope that the legitimate world can get ahead of cyber crime.

Robert Hannigan will be speaking at the GREAT Festival of Innovation taking place March 21-24 at Asia Society Hong Kong Center. For more details and to register, visit:


About The Author
Robert Hannigan founded the UK’s National Cyber Security Centre and is now an Adviser to BlueVoyant LLC and McKinsey & Co.