As cybersecurity continues to evolve with AI, an increasing number of IT and security professionals have expressed confidence in their ability to defend against AI-driven threats. However, recent survey results from HackerOne reveal a concerning reality: one-third of organizations faced AI-related security incidents in the past year, despite 95% of IT and security professionals expressing confidence in defending against such threats. This discrepancy reveals a gap between organizational confidence and the escalating risks posed by advancements in AI technology.
The findings of HackerOne’s research not only shed light on this disparity but also provide insight into these emerging challenges. Here are some of the key findings from the report, offering a glimpse into the current state of cybersecurity readiness in the face of AI-driven threats.
Organizations are making significant allocations for AI security in budgets this year.
Nearly three-quarters of respondents have reserved 20% or more of the security budget to address AI security risks. Regularly reassessing and potentially increasing the security budget based on evolving risks, is crucial for staying ahead of potential threats.
Regulatory momentum and GenAI tool adoption are fueling AI security investment.
Understanding the various capabilities of AI can make it challenging to pinpoint the driving forces behind investment and how to allocate a budget effectively. Respondents cited AI-focused regulation (65%), the internal adoption of GenAI tools by employees (63%), and security incidents caused by AI (33%) as core drivers for growing AI security investment.
Security teams are using AI red teaming to reduce AI risk.
Security teams are increasingly using AI red-teaming and adversarial testing of AI systems to mitigate AI-related risks. According to the survey, 37% of respondents say their organization has implemented AI red teaming initiatives to fortify AI systems against malicious attacks. This proactive approach highlights the growing recognition of AI security measures in safeguarding against emerging threats. By stimulating real-world threat scenarios, organizations can better understand their security posture and refine their cybersecurity strategies accordingly.
Confidence in our defenses should be rooted in understanding, yet the full scope of AI-related risks for organizations remains elusive. However, recognizing the importance of proactive measures, such as AI red teaming is crucial. This enables organizations to stay ahead of cybercriminals by swiftly identifying and defining the latest security and safety risks.
As AI continues to evolve, it is essential to remember that confidence must be accompanied by continuous reassessment and evaluation of security solutions to ensure organizations effectively adapt to the rapidly changing environment.