Threat actors aren’t attacking generative AI (GenAI) at scale yet, but these AI security threats are coming. That prediction comes from the 2024 X-Force Threat Intelligence Index. Here’s a review of the threat intelligence types underpinning that report.

Cyber criminals are shifting focus

Increased chatter in illicit markets and dark web forums is a sign of interest. X-Force hasn’t seen any AI-engineered campaigns yet. However, cyber criminals are actively exploring the topic. In 2023, X-Force found the terms “AI” and “GPT” mentioned in more than 800,000 posts on dark web forums and illicit markets. That high level of activity provides an accurate gauge of interest. These attacks may not be happening now, but this interest indicates groundwork and planning phases.

The consolidation of the AI market will mark a turning point

Threat actors run criminal enterprises like businesses. Before investing in plans and infrastructure, they want assurances of ROI. Today, there are too many GenAI tools and platforms spread across too many companies. X-Force believes that once the market matures to where a single technology dominates a 50% market share or when three or fewer technologies corner the market, then cyber criminals will launch attacks. To achieve ROI, GenAI needs to be ubiquitous across enterprises worldwide. Without ubiquity, attacks cost too much time and money. When the market narrows, GenAI attacks will start in earnest.

Past is prologue

Previous threats had similar life cycles. X-Force believes market consolidation and maturity play a role. X-Force has assessed tech disruption and threat maturity for over a decade. This year’s index offers three compelling examples that show the 50% market share milestone has on cyber threat cycles. Their first example is Windows Server market dominance, which triggered the development of point-of-sale (POS) malware and human-operated ransomware attacks that relied on Active Directory. Next, business email compromise (BEC) scams moved to the forefront when Microsoft 365 approached a 50% market share. Finally, Infrastructure-as-a-Service (IaaS) consolidation drove crypto mining malware exploits. The in-depth detail of these examples is contained in the full report and is worth a read.

AI adoption will outpace security measures

As the threat index report notes, “the rush to adopt GenAI is currently outpacing the industry’s ability to understand the security risks these new capabilities will introduce.” This outpacing is common with new technology because tech adoption tends to be more freewheeling and experimental in early phases with less oversight and regulation within a company. Plus, the newer the tech, the less aware companies are about potential vulnerabilities and what it would take to secure against them. It’s often in the aftermath of attacks that security holes become obvious.

AI security threats are coming. How can you prepare?

Better security in the AI era is a widely recognized need as AI security threats proliferate. Even though GenAI attacks aren’t happening at scale yet, the time is fast approaching. Put an incident response plan in place. Or, if you already have an IR plan, expand it to include specifics related to AI attacks. Those specifics might include tracking and defending against known vulnerabilities, adding response team members familiar with AI and increasing data protections for your AI models and data sets. You need a plan customized to your business, but the goals should be to reduce your response time, remediate the damage and recover from the attack. Include practice sessions and drills to prepare your response team for when these attacks happen.

X-Force also recommends that you establish secured AI business models that recognize that AI security is broader than AI itself. The IBM Framework for Securing Generative AI is one model. This framework includes securing training data, AI models and the infrastructure that supports both. A key benefit of AI is being able to offload operational business tasks. AI governance provides operational guardrails to ensure your AI model doesn’t stray from its original design purpose and acts as expected.

The IBM X-Force Threat Intelligence Index 2024 provides insights and recommendations for how to address the most immediate threats your business faces and the future threats you can plan for now. Download the report so you can prepare now for the GenAI security threats to come.