In an era marked by rapid technological advancement, data privacy experts like Ken Cox, president of private cloud provider Hostirian, are ringing alarm bells. Our recent conversation with Ken revealed a nuanced perspective on the capabilities of generative language models like ChatGPT and their implications for cybersecurity. This article dives into the crux of the discussion, including the risks these technologies pose, innovative threats emerging from AI, and the practical measures one could adopt for protection.
The Landscape of Risks
Ken Cox doesn’t paint OpenAI and ChatGPT as inherently malicious. In fact, he acknowledges that the creators have instilled a degree of ethical and moral guidelines into the system. However, the problem arises with the open-source versions of these large language models, which can be customized by anyone, for any purpose, ethical or otherwise.
Lowering Barriers to Entry for Bad Actors
The democratization of AI technologies has resulted in a new generation of “script kiddies,” only far more potent. These individuals can employ generative language models to create sophisticated attacks with minimal expertise. As Cox eloquently puts it, ChatGPT has “lowered the barrier to entry for bad players by a lot.”
The Current Threat Landscape
Cox indicated that the tools generated by AI are increasingly becoming capable. One example is the evolution of keylogging, which has now moved from capturing keystrokes at the system level to recreating what you’re typing by analyzing captured Wi-Fi signal patterns and even click sound waves, thanks to AI-assisted frequency mapping.
The Rise of Social Engineering 2.0
Perhaps the most harrowing example is the ability of these models to assist social engineering attacks at an unprecedented scale and sophistication. By ingesting rich data from social media profiles, attackers can easily impersonate people you know or entities you trust. This brings to light deeply rooted concerns about digital personas and even deep fakes, further exacerbating the battle between “good and bad” on the internet. Ken Cox believes that businesses must familiarize themselves with the current AI landscape, advocating for a more sophisticated level of AI literacy among organizations.
Authoritative Source of Authenticity
In the long term, Cox sees the need for an “authoritative source of authenticity,” and suggests that blockchain could offer a solution by establishing verifiable keys tied to individuals or businesses. Traditional measures like robust encryption and granular access controls still hold significant value in this new landscape, adds Cox.
From Pseudonymity to Full Exposure
Cox takes us back to the early days of the internet when user handles were pseudonymous and using real names was a taboo. This paradigm was shattered with the advent of Facebook in 2006, which encouraged people to be themselves online. The cultural shift led to the erosion of pure internet anonymity, transforming the internet into a space of variable anonymity levels.
The Case of Synonymous Blockchain Identities
With the emergence of blockchain technologies like Bitcoin, the modern internet landscape has become more nuanced. Cox describes this new form of identity as “synonymous.” While transactions within a blockchain can remain anonymous, the second a user’s wallet interacts with the real world—be it through a bank or a credit card—the anonymity cloak is lifted.
Future Directions in Identity Verification
Cox outlines his vision for the future of identity verification—blockchain-based personal keys. This approach would allow for pre-authenticated, encrypted communication channels between individuals, customized for each interaction. These personal keys could serve as a decentralized “secret word,” ensuring that communications are genuine.
Multi-Level Encryption Channels
Cox foresees a more intricate system where each entity you interact with has its unique encryption channel. Your bank, your family members, and your service providers will each have different keys to communicate with you, ensuring a multi-layered approach to security.
A Clarion Call for Trust Infrastructure
In his concluding thoughts, Cox underlines the dire need for a new paradigm of trust on the Internet. He believes that companies should focus more on building trust-based technologies to secure our digital future.
The conversation with Ken Cox serves as a vital check on the euphoria surrounding biometrics and other seemingly foolproof identity verification methods. It brings forth a pressing need for multi-layered, decentralized identity verification systems, and perhaps most importantly, a complete rethinking of how trust is established online. As we hurtle toward a future teeming with technological advances, Cox’s insights remind us that innovation must walk hand-in-hand with ethical considerations and security measures to build a safer, more reliable digital world.
Image by Freepik