Using AI against itself to fight and prevent AI-enhanced cybercrime in 2024 - GDS Group

Using AI against itself to fight and prevent AI-enhanced cybercrime in 2024

Article - Security
By Tiffany Hardy|22nd January 2024

AI and Cybercrime unleash a new era of menacing threats, are you ready for them? Generative AI is constantly making headlines, with many people and companies praising its benefits. However, for all the good it brings, there is a negative side to this ever-increasing technology too.

Gen AI is also enabling those with malicious intent, who are aiming to hinder and cause havoc to people and companies, rather than help them.

The changing face of cyber criminals

With technology making things easier and automated, it’s not always the usual suspects committing cybercrimes. These days any kid with a smartphone and access to the internet could potentially bring down your entire company, from anywhere in the world. What’s scary? They do not necessarily need to have extensive tech knowledge. With the help of AI, they can hack into systems, steal data, or hold you ransom.

Looking deeper into these new age overnight, cyber villains, or “script kiddies,” was a panel of cybersecurity leaders at GDS Group’s recent North American Security Summit. The panel consisted of Muthu Meyyappan, VP, Security Engineering & Product Security Officer at Pearson, Glendon Schmitz, CISO at Virginia Department of Behavioral Health, Extra-hop’s Chief Risk, Security and Information Security Officer, Mark Bowling and Rick Scott, SVP of Cyber Strategy at BNY Mellon.

It’s still early days for this new technology being embraced by a wider group for cybercrimes, but it’s the speed at which they are learning to do so that’s causing problems. “The lower-level cyber criminals are just getting into it, they are now becoming very sophisticated very quickly, because of the use of the AI,” commented Glendon Schmitz.

Cybercrime is only going to increase, claims Rick Scott. “I think what we’re going to see is easier, more criminal’s kind of getting into the game, with the use of AI, better phishing attempts. So better able to create phishing emails that look more legitimate.”

Mark Bowling agrees adding, “the bad guys are going to be able to develop code to exploit published vulnerabilities easier. It’s going to make it easier for the bad guys, the villains. We use the word villains here, the threat actors to develop code, where previously we had what we called security through obscurity. So, I think you’re going to see more attacks.”

Gen AI in the workplace – training and education

While the landscape has changed, it’s not just those looking to bring harm that can cause security issues for companies. Staff using Gen AI may be more productive, but it can be a double-edged sword. People who don’t know what they’re doing can create more vulnerabilities for hackers.
“So, you need to be even more diligent, I think, when you’re using these tools, because what you put in there now becomes public domain and available for anyone.” Scott shares.

The technology might be new, but it’s still the same chorus that’s been sung for years – watch out for things like suspicious emails. However, AI has moved the goal posts, with emails looking more and more real.

“The number one attack vector that I see in my organization is through phishing. And they’re getting very, very good. Our traditional ways of training our staff, you’ll look for these red flags. Those red flags are very quickly disappearing,” says Schmitz.

Therefore, it’s all about training and education and getting staff to analyze emails they’re receiving. Schmitz continues, “think through this. Were you expecting this email? You know, is this something that you would normally see come in?”

Fighting fire with fire

What do you do if your team does let a cyber villain slip through the cracks? Especially when they’re purposely seeking out your company’s vulnerabilities and doing it at speed?

Schmitz says we need to fight fire with fire so to speak.

“I think what we’re going to start seeing is an increase of attacks. I mean, we’re being attacked already literally 24 hours a day, right? But I think we’re going to see more sophisticated attacks coming much quicker. And because of that we’re going to have to evolve and use AI to help counteract the use of AI against us.”
-Glendon Schmitz, CISO at Virginia Department of Behavioral Health

“Step number two is primarily coming up with the guardrails. Whether it is a prompt injection, making sure there is no hallucination, data toxicity, all of that,” adds Muthu Meyyappan.

Liability when it comes to AI

Who is liable when it comes to any crimes that come from AI usage? Mark Bowling says it would be difficult to hold the likes of ChatGPT and other providers to account, as it’s difficult to prove whether criminals are using Gen AI.

However, he says the Gen AI providers may take responsibility to improve the technology to make it harder to use maliciously. “I think you’re going to see the AI providers rush to be the grown-ups in the room. We need to be the grown-ups in the room! We’re going to provide the best AI out there that doesn’t let the criminals do things like generate code and generate phishing emails.”

Technology may be updated to help prevent cyber villains from hacking into your systems, but as that technology advances, so does that of the cyber criminals. So, it’s just a matter of keeping up to date and ahead of game, or ‘train’ as Meyyappan puts it. “So, there is no way to stop this train… We got to move to that next level and see how we can implement a lot of those controls and guardrails.”

The digitalization journey is ongoing and constantly changing as was discussed during GDS Group’s recent North American Security Summit. To keep on top of it, it’s a matter of staying alert, critical thinking from everyone – not just the security team. And don’t forget that AI can be used to help implement preventative measures.

GDS Summits are tailored, three-day, virtual events, that bring together business leaders and solution providers to accelerate sales cycles, foster industry conversations and drive better outcomes. 88% of attendees said the overall experience of the Digital Summit they attended was above average or excellent and 88% of solution providers said they would be interested in sponsoring future events.

For more, click here to hear from attendees on how GDS has helped them to achieve their business outcomes.

By Tiffany Hardy|22nd January 2024
Back to insights

Related content

View all
Security
Article

Is Simplicity the Way Forward for Cybersecurity?

It’s no exaggeration to say the threat from cyber-attacks has never been greater. But instead of trying to secure everything, is there a simpler way?
4 minute read
Josh Porter
Find out more
Security
Article

Security Summit, Lisbon 2025 | Insights Report

Missed our recent Security Summit, or maybe just want a refresher? Here are all the insights from the main stage.
Adam Burns
Find out more
Security
Article

Chief of Everything – What Does it Mean to be a Modern CISO?

Today’s CISO needs to wear a lot of hats. With so much on one plate, it’s no wonder that CISOs are asking "are we chief of anything?"
4 minute read
Josh Porter
Find out more
Security
Article

Consolidating Cybersecurity: Is it Worth it?

Airtight cybersecurity is what dreams are made of. You just need to figure out how to get there. Consolidate? Or consolidon't?
3 Minute Read
Patrick Mclean
Find out more
Security
Article

The CISO’s Dilemma – Doing More With Less in Cybersecurity

The list of CISO priorities is growing. Host and editor Ben Thompson, asks: how do CISOs manage the pressure to be more efficient and effective?
4 minute read
Ben Thompson
Find out more
Security
Article

How Do You Balance Security and Agility While Staying Compliant?

If you're not compliant, you're at risk. If you're too focused on compliance, you slow down your ability to innovate. How do you strike the balance?
5 minute read
Josh Porter
Find out more
Security
Article

Cybersecurity in 2025: Challenges and Solutions

With the year ahead of you, now’s a better time than any to start rethinking your security measures.
3 Minute Read
Patrick Mclean
Find out more
Healthcare
Article

Healthcare: Staying Secure in 2025

For the healthcare industry making a robust cybersecurity strategy not just important but absolutely critical.
4 minute read
Patrick Mclean
Find out more
Security
Article

Building Operational Resilience in 2025

Hear from the experts on how you can prioritize your operational resilience for 2025.
4 minute read
Josh Porter
Find out more

Related events

GDS Roundtable Environment with host, Kristina
Security
Roundtable

Operationalizing Cyber Resilience Under Pressure

25 March 2026 12:00 pm - 1:30 pm GMT
Find out more