cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion

AI can write phishing e-mail but are humans better at it?

Hi All

 

The IBM X-Force Security team recently did some research on finding out whether Chatbot AI's are better at writing phishing e-mails than humans. 

 

https://www.techrepublic.com/article/generative-ai-phishing-emails-impact/

 

Regards

 

Caute_Cautim

 

 

5 Replies
dcontesti
Community Champion

Very interesting article and the Click Bait numbers are frightening whether done by a person or AI (that is to say they are too high).

 

It is unfortunate that so many people spend their time on trying to "rip" people off.  I guess it's an easy way to make money.

 

I do not believe it will be long before the AI click bait numbers increase as the tech improves.

 

MHOO

 

d

 

Until_then
Contributor I

I'm by no means an expert at AI, but recently, I've despised AI because of apparent security risks. Can someone answer this question plz? Are the benefits greater than the risks? Seems like no. I figured we don't need to automate everything; we can still do some things manually at the expense of a lowered risk posture with systems. Anyone agree?
dcontesti
Community Champion

Wow. Loaded question.  In a Security context, I would say that the risks associated with AI far exceed any of the benefits.....Risks could include but not limited to:

 

- Privacy issues

- data breaches

- copyright infringements.

- model poisoning (oh yes a new attack)

- etc.

 

On the Business side, as many of these technologies are free, AI will be hailed as a win-win as it can/may  provide:

 

- increased business efficiency and productivity,

- assistance in content creation,

- faster data analysis

 

So what do we in security need to do?  We can use tools that prevent some of the Security risks associated with AI.  We can also, review and update our security best practices but I feel that the Business side will win in the long run as they are the folks that bring in the money.

 

my nickel

 

d

 

 

 

 

Until_then
Contributor I

Thanks for the reply/insight.

 

You make great points. But speaking of finances, executives see a win in bringing in increased revenue through normal business functions. On the flip side, with higher security risks, what are the costs in the event of a major breach? Businesses can lose everything.

 

 

denbesten
Community Champion


@Until_then wrote:
Are the benefits greater than the risks? 

For some, yes; others no.  Risk acceptance is a very personal thing.  Individuals and companies all have their own level of tolerance. Rather than hiding behind "security risks", we should be enumerating the risks along side our recommended mitigation/response.

 

For example, one might note that search queries enter the collective, which creates a risk of confidential information leakage.  A mitigation might be to purchase an enterprise subscription that promises to not record our queries.

 

What are the risks as you see them?  Perhaps we can find mitigations that are less drastic than "pack up the bags".