Ep 182: AI Efficiencies in Cyber – A Double-Edged Sword

Episode Categories:

Resources

Join the discussion: Ask Jordan and Glen questions on GenAI and cyber

Upcoming Episodes: Check out the upcoming Everyday AI Livestream lineup

Connect with Jordan Wilson: LinkedIn Profile


Navigating the Double-Edged Sword of AI Efficiencies in Cybersecurity

In today's episode of the "Everyday AI" podcast, the discussion centered around the impactful intersection of generative AI and cybersecurity. The conversation shed light on the potential benefits and risks posed by the increased use of AI in the cybersecurity landscape. As businesses continue to leverage AI-driven technologies to bolster their defenses, it's crucial for decision-makers to grasp the dual nature of these advancements and prioritize proactive measures to safeguard their organizations.

The Rise of Generative AI in Cybersecurity

In a recent episode of the "Everyday AI" podcast, the discussion centered around the impactful intersection of generative AI and cybersecurity. The conversation shed light on the potential benefits and risks posed by the increased use of AI in the cybersecurity landscape. As businesses continue to leverage AI-driven technologies to bolster their defenses, it's crucial for decision-makers to grasp the dual nature of these advancements and prioritize proactive measures to safeguard their organizations.

The Rise of Generative AI in Cybersecurity

Generative AI has been a game-changer for the cybersecurity industry, facilitating faster and more accurate detection of vulnerabilities. Security vendors are leveraging AI to swiftly assess potential threats and provide defenders with valuable insights. This technological prowess has undoubtedly bolstered the arsenal of defenders, empowering them to stay one step ahead of malicious actors.

However, it's essential to acknowledge that the same AI efficiencies that empower defenders also embolden bad actors. Threats have become increasingly sophisticated, with attackers harnessing generative AI to efficiently gather sensitive information, target specific individuals within organizations, and circumvent existing security measures. The ominous reality is that the very technology designed to protect us can also be turned against us, amplifying the urgency for robust cybersecurity strategies.

The Growing Threat of Phishing Attacks

One particular area of concern highlighted in the podcast is the mounting sophistication of phishing attacks, especially on small businesses. With the aid of generative AI, bad actors are becoming adept at crafting convincing phishing attempts that can dupe even the most vigilant employees. As such, businesses must recognize the evolving threat landscape and fortify their defenses against these increasingly surreptitious attacks.

Addressing the Implications of Generative AI in Personal Cybersecurity

Generative AI technologies, such as GPT models, play a vital role in diverse business functions, including content creation, customer interactions, and data analysis. The widespread integration of generative AI and its potential disruption from the legal battle underscores the reliance of various businesses on AI tools. Decision-makers need to consider the potential impact on their operations and explore contingencies to mitigate any adverse effects that may arise from the legal dispute.

Embracing Good Cyber Hygiene Practices

In light of the evolving threat landscape, maintaining good cyber hygiene is paramount for both individuals and organizations. This involves staying vigilant by keeping software and operating systems updated, minimizing user overprovisioning, and adhering to security best practices. By fostering a culture of cyber hygiene, businesses can mitigate the risk of falling prey to opportunistic attackers.

Looking Ahead: Securing the Future

As generative AI continues to evolve, the cybersecurity landscape will undoubtedly witness a parallel transformation. Businesses must anticipate the emergence of new markets for cybersecurity tools aimed at securing company-built generative AI models against potential attacks. By staying attuned to these advancements, decision-makers can proactively invest in measures to secure their organizations' future.

Conclusion

In conclusion, the episode shed light on the dual nature of AI efficiencies in cybersecurity, underscoring the need for businesses to adopt a proactive stance. By acknowledging the potential risks and taking actionable steps to fortify their defenses, decision-makers can navigate the double-edged sword of AI in cybersecurity. Embracing a comprehensive approach that encompasses technological advancements, personal cybersecurity best practices, and a culture of cyber hygiene will be pivotal in safeguarding organizations against emerging threats.

By staying informed and proactive, businesses can position themselves to harness the benefits of AI-driven cybersecurity advancements while fortifying their defenses against evolving threats.

Video Insights

Topics Covered in This Episode

1. Tenable and Its Role in Cybersecurity
2. Impact of Generative AI on Cybersecurity
3.  Role of Public and Private Sectors in Cybersecurity
4. Phishing Attacks and Cyber Hygiene Practices
5. Personal Cybersecurity Best Practices


Podcast Transcript

Jordan Wilson [00:00:17]:
There's a constant battle going on that I think not a lot of people see or understand, and it's being fought in cybersecurity and with generative AI. So we're gonna be talking about how AI efficiencies in cyber Can actually be a double edged sword, and we're gonna be talking about those things and more today on everyday AI. Welcome y'all. My name is Jordan Wilson, and I am the host. Everyday AI is for you. It's it's your daily livestream podcast and free daily newsletter, helping everyday people like you and me Not just understand what's going on in the world of generative AI, but how we can all actually use it to grow our companies and to grow our careers. So I'm excited to have a guest on today, an expert in cybersecurity, to actually tell us about this kind of ongoing battle that's Always being fought that many of us aren't even aware of. But before we get into that, let's first go over the AI news.

Jordan Wilson [00:01:16]:
And if you are joining us from the podcast, thank you. Make sure to check your show notes, to find our website. You can email us, all those great things. But Make sure you do go to your everyday ai.com to sign up for that free daily newsletter. We'll be recapping today's episode and a lot more. You can always go listen. I think we have now a 100 and 80 different episodes. You can go back and listen to all of those on our website.

Jordan Wilson [00:01:39]:
Read through also every single email newsletter. So it is literally a free Gen AI University at your fingertips. Alright. So let's go over what's happening in the world of AI news. So OpenAI has announced a large scale partnership with the state of Pennsylvania. So OpenAI's enterprise chat gbt service will be deployed by the state in a Pilot program by the state of Pennsylvania to help state employees with administrative work. So this pilot program will initially involve a limited number of state employees With the potential for expansion in the future. ChatGPT Enterprise will be used for tasks such as creating copy, drafting job descriptions, and addressing, conflicting guidance in employee policy.

Jordan Wilson [00:02:20]:
So a pretty big announcement. This is one of the first, big government partnerships, that OpenAI has announced, in a Huge way, the entire state. Alright. Alexa is getting some generative AI skills. Amazon has released has released 3 new Alexa skills that heavily incorporate artificial intelligence. These skills allow users to chat with historical figures and other chatbots, create custom songs and play an AI driven version of 20 questions. Alright. So these 3 new skills are character dot ai, Which is the one that allows you to chat with historical figures, Splash and Volley games, and they're all accessible through the Alexa app and the Alexa Skills website.

Jordan Wilson [00:03:01]:
Alright. Last but not least, a new AI powered hardware device made a big splash. So it is called the Rabbit R1, And it was just announced at CES, the Consumer Electronics Show. So the AI startup named Rabbit announced their new hardware gadgets, The r one, which is a stand alone AI device. So it's not an app that runs on your phone, and it's a piece of hardware, similar to the, other ones Such as the, what is it? The humane's, hardware device that was announced a couple of months ago. So this device from Rabbit has a 2.8 inch touchscreen, A rotating camera and a scroll a scroll wheel, and it uses Rabbit OS, so it has its own operating system, A universal controller for apps and has a dedicated training mode. It's already available for preorder at, I believe, $199 It is set to ship in March. So the Rabbit, Rabbit trained this model on how to use existing apps, Making it a potential solution for controlling various apps through a single interface.

Jordan Wilson [00:04:02]:
So, yes, it will be able to interact with the other apps that you use on other devices. So interesting. You know? One way we've been seeing generative AI really come to life over the last couple of months is through hardware devices. So, you know, maybe if you have, smartphone like an iPhone. You know? Maybe you don't have a lot of new generative AI capabilities, but they are coming, to hardware devices very quickly. Alright. So, a lot more on the website. So go to your everyday If you're joining us live, thank you.

Jordan Wilson [00:04:35]:
We're I'm I'm excited to bring on our guest on the show now. So, if you are joining us live like Megan or like Brian, Good morning. Thank you for joining us as always. But, I'm I'm excited to learn some things today. Right? That's what we do here at Everyday AI. We bring on, extremely knowledgeable guests who can teach us how generative AI is impacting different industries. So, with that, I'm very excited to bring on to today's show. Let's go ahead and welcome.

Jordan Wilson [00:05:02]:
There we have him. Glenn Pendley, who is the chief technology officer at at Tenable. Glenn, thank you so much for joining the Everyday AI Show.

Glen Pendley [00:05:10]:
Thank you for having me.

Jordan Wilson [00:05:11]:
Absolutely. Hey. Could you tell us just a little bit about what what is Tenable, and and what does Tenable do?

Glen Pendley [00:05:18]:
Yep. So, Tenable is, obviously, a cybersecurity company. That's why I'm talking to you today. And when you think of cybersecurity tools, there's A ton of them out there, but to simply kind of put it, there are 2 broad sort of, groupings of security tools. Tools that sit there and look at what bad guys are doing, and the environment tries to stop them. And then there are security tools that try to assess, you know, the good guy's environment and then give them instructions on how to fix the environment before the bad guys have a chance to attack. And Tenable sits on the preventative or proactive side of security where we assess, you know, your cloud, your laptops, your users. We look at How everything is configured, who's using them, software vulnerabilities, and then we give people a plan to try to reduce their risk before the bad guys attack.

Jordan Wilson [00:06:09]:
Maybe give us an example of, like, a type of of business that you work with. Are you working with just, you know, huge businesses? Are you working with small businesses? And then what are some of those, you know, day to day vulnerabilities that you, help, those businesses detect.

Glen Pendley [00:06:24]:
I mean, we have about 50,000 customers. We're one of the largest cybersecurity companies in the world, so it's a huge breadth of, different types of customers, everything from Governments and, you know, militaries down to, you know, local mom and pop flower shops, you know, and everything in between. So it's a it's a pretty Broad range of of customers, and different types of verticals and stuff like that. Mhmm. And some of the things that we help folks with is, you know, obviously, the Here's the software you have installed in your environment, the vulnerabilities you have, things like that, or, let's say from and operational technology even, like, from basic laptop sort of stuff to here's the devices that you have running your manufacturing, environment that's making the, you know, the plant run. Here's how it's configured, the firmware. Like, it so it it's a huge range of, really kind of being the, you know, the system of record for, like, state across everything that your environment.

Jordan Wilson [00:07:28]:
Yeah. And so, you know, I'm I'm curious because I think a lot of people when they think of cybersecurity, you know, even sometimes myself, I I really just think of, oh, you know, this is something, you know, really that the government is is taking care of. You know, where does that kind of, like, public first private sector, You know, where does it start? Where does it end? You know? Are are we getting certain, you know, protections? You know? Like like, you know, for people here in the US as an example, Like, are there you know, is the government looking out for things, or is it really just up to, you know, ourselves as, you know, business owners or, you know, hiring or working with a company like Tenable, to make sure that we're protected.

Glen Pendley [00:08:06]:
It's it's a great question because I mean, I I think, you know, Attackers are opportunistic. Right? Like, they'll they're like water. They'll find the path of least resistance and do whatever they need to do. So To assume that, like, oh, you know, you and I, we own a bakery. Like, nobody's gonna target us. Well, if you make yourself super easy to get targeted, they will, you know, if the if the juice is worth squeeze. When it comes to, you know, oh, somebody else is gonna take care of the problem, I definitely wouldn't rely on The the government to do that, though, I will say in, you know, in the last few years, we've seen, like, the the stand up of CISA, which is a government agency that's really focused on trying to again, they can't enforce private companies or people to do anything, but they've given out great Guidance on you know, to try to to ensure that people either have the the resources to work with companies like us or things that they provide And just educate private business, to to make better decisions and inform them. So It really is up to you, to kinda protect yourself, but there's more and more, I think, help from larger organizations, or like like government organizations to at least steer people in in the right direction.

Jordan Wilson [00:09:26]:
So, you know, obviously, with with cybersecurity, this is, an industry that has been using artificial intelligence way longer than most other industries just due to its nature. But, You know, Glenn, can you just kind of walk us through a little bit how generative AI, you know, over the last couple of years, has has changed, the cybersecurity industry?

Glen Pendley [00:09:48]:
Yeah. Again, another great question because it it's interesting. You know, within Tenable, we've been leveraging Different forms of AI before generative AI really kind of took off in a number of different ways. And when, you know, chat gpt came out, everybody got super excited. Even people with intenables, like, why aren't we doing anything with AI? And it's like, well, we have been. It's just that generative AI is more, like, and Practically applicable to more people. So, like, people feel it and see it more, whereas having a machine learning model that a bunch of data scientists put together and it just outputs something, It's not really the same sort of everyday people don't get the value out of that. So from a security perspective over the last few years, really, generative AI is tool.

Glen Pendley [00:10:37]:
Right? Like, whether it's cybersecurity or you work in marketing and you need to write emails to you know? It's just it's great To help somebody that knows what they're doing, just do what they do quicker, more efficiently, more options, and that same those same efficiencies are applied within security. So bad guys have been much more efficient in doing some of the things that they do, And it's up to us for as security vendors to kind of evolve our products to be just as efficient or allow the the good guys to be just as efficient to Combat, some of the stuff that the bad guys have been doing.

Jordan Wilson [00:11:15]:
Can you even talk about the the efficiency and maybe how that changes things for, you know, quote, unquote, The good guys in cybersecurity. Right? Because I'm I'm guessing that there were tasks, you know, when it comes to, you know, threat assessment or detecting vulnerabilities. I'm guessing that there are tasks maybe 5 or 10 years ago that would take many hours that could be done now in in minutes. So maybe could you walk us through just just 1 or 2 examples of how generative AI is specifically making, kind of this preventative, cybersecurity much easier for, you know, companies like Tenable.

Glen Pendley [00:11:50]:
Yep. So a very, very basic example. If let's say, you know, something that, you know, we do is from a Tenable perspective, and I I interact with the the laptop that you're using today. Right? And all of a sudden, you you'll be able to see we'd be able to tell you specifically, Well, you know, you're using Chrome. I'm just making this up. Right? But let's say you're using Chrome.

Jordan Wilson [00:12:10]:
You got it right. You got it right.

Glen Pendley [00:12:12]:
And, There's this vulnerability in Chrome that, like, is exploit will will give, like, the technical def CVE dash 2023 dash Some, like, kind of generic well, it's not generic name, but, like, just a a name, very little information from a summary perspective and say, well, this is really bad because of whatever the reason might be. So now you as a good guy sit there and be like, alright. Well, why is it bad for me? You know? Like, what does this really mean? Yeah. I have enough, and I trust That Tenable is telling me the right information, but I don't really get so now with generative AI, like, things that we've been able to implement is when we pull all of this data together from across, like, all the tools we have, instead of just saying CVE did this is this. It actually exactly what it's about and, like, continually looking at threat intelligence feeds, stuff on the Internet, things in the news. So, like, when you read about it, It's like, oh, this ransomware group is using this vulnerability to do this, this, and this. So now it's just it educates the defender on, like, why they should care about it. Whereas before, if they did actually go the extra step to be, you know, more educated on it, they'd have to go to the Internet, start googling stuff.

Glen Pendley [00:13:19]:
It just It just takes time, and they're like everybody else, everybody has way too much work to do and not enough time. So if we can just simplify By how people are consuming information and just educating them, allowing them to make better informed decisions, that's that's a great Practical application of Gen AI, which is what we've been,

Jordan Wilson [00:13:38]:
you know, trying to do. You know, on the other side, right, because we kind of already mentioned this, but, These efficiencies and the double edged sword is that, yes, it obviously makes it easier for, the bad guys to, you you know, exploit vulnerabilities. So, you know, whether it's, you know, individuals or, you know, state actors, how how are the bad guys, you know, using generative AI On the flip side, to to find these vulnerabilities faster.

Glen Pendley [00:14:06]:
Yeah. So there's, I mean, there's a a bunch of different examples, but 2, like, I think from a time saving efficiency, like, one good example is if, let's say, I wanted to whether I was a nation state actor or just like a, You know, a group of bad guys trying to make a ransomware group, for example, and I wanted to target your business. Like, one of the easiest things to do, and this is how It really happens in the real world is I'd go to LinkedIn and start looking at different employees and start kind of looking to see Who is who, like, kind of what their skill sets is, and you can really infer a lot of stuff like understanding what technology people have because of certifications they use, or it's just it Like just data mining, doing reconnaissance on different targets you wanna do. That takes time, as you can imagine. Generative AI Makes it a whole lot easier to start building out and mapping out, like, how who is who in an organization and how, like, the You can infer a lot of stuff, like I said, like, on technology. So now instead of taking a week or 2 or 3 or a month depending on the size of the organization and what you're trying to accomplish, You can really narrow that down to almost no time. Another easy example that's been impacting people as soon as, Like, Gen AI really came out and started hitting the market as phishing. Mhmm.

Glen Pendley [00:15:22]:
For for a number of years, like, these anti spam and anti phishing tools have had different models to look and stop, you know, the spam getting into your inbox. Well, Gen AI makes it really easy to bypass the existing models and some things that these different tools have put in place. So, you know, you've seen a lot of these from a from a vendor perspective, these tools Having to implement Gen AI again to combat the the sort of work that the bad guys have done to bypass those So the I mean, those are 2 kind of basic examples, but it shows how generative AI has made, Something's obsolete from a defender perspective and just the time efficiency from, like, a reconnaissance and allowing Skilled attackers to do reconnaissance on a

Jordan Wilson [00:16:14]:
environment. Glenn, I think I think that's a great, Example what you said because, you know, traditionally, even if you look at something as, you know, quote, unquote, low level, as Phishing attempts. I think, historically, they've always been easy to spot a mile away. Right? Like, you it it it was like, oh, there's a handful of them. They're all the same. They're Usually, poor grammar, nothing truly personalized maybe aside from from the name. But now it's like I even have have friends that have, You know, maybe small business owners and, you know, they're they're getting pretty sophisticated, you know, attacks that are very personalized that that seem almost Handcrafted. Is that you know, even when you think of how the bad guys are using it, would you say that there's more of a threat for, you know, those, like, lower level, you know, kind of phishing attacks on, small, you know, small businesses, or would you say that generative AI, At least in terms of the bad guys using it are going to help, you know, kind of these smaller bad guy groups become bigger and And more, you know, more dangerous because of generative AI.

Jordan Wilson [00:17:19]:
Which way do you see it going kind of on the bad guy side?

Glen Pendley [00:17:22]:
Oh, I I think it's, you know, It's because attack like, if you're really trying to attack attack something, you want you want your time to be worth something if you're the bad guy. Right? Like, I think because things, again, are more efficient, like, you want I I think it's gonna go more, like, quantity over quality. And the the reason why I believe this, and and you you were kinda touching on it a little bit, is, like, it it's funny. You you people from a security perspective, The overwhelming majority of real attacks when they happen, whether it's to normal like, everyday people, like, my father-in-law, for example, I swear to god, clicks on Now, like, gets infected every other week. To, like, huge government organizations, 99% of time, it's because of something like phishing. Like, the end user is the root cause. There's, like, people, like, always and it's funny. In the security industry, we We don't help, but there's always like, oh, this huge vulnerability and, like, you're these things I'm sitting on the and the things on the Internet are obviously

AI [00:18:28]:
ad bad, and you need to make

Glen Pendley [00:18:28]:
sure you secure them. But what ends up if you see all these huge real attacks that happen, It 99% of the time, it's by everyday user clicking on a link and people not practicing good cyber hygiene From a user perspective that allows the bad guy to get in, and then they move laterally to do something. And, again, it's usually through email or somebody clicking on a blink in which generative AI enables bad guys to do is more broadly create content that people it's more believable. So if, you know, our bakery shop down the road, we tip we probably don't have the money to put in good anti phishing, you know, software and stuff like this, and Maybe we only have 5 computers. But if I if as a bad guy, if we just blast enough stuff out, 1 of us clicks on that link, and now we have ransomware. And our 5 machines that we have don't work at all. Either our business adopts, or we have to pay some sort of ransom. So I think you're you're gonna see more and more everyday businesses be impacted or just everyday people be impacted with just things like ransomware because the quantity over quality is a more and Realistic thing with Gen AI and stuff like that.

Jordan Wilson [00:19:46]:
Yeah. And, hey, as a reminder here, we have, Glenn Glenn Penley, the chief technology officer at Tenable. So if you do have any questions for Glenn, make sure to get them in. Glenn, great great question here from Sean. So, you know, we're talking a lot of things, You know, at the big business level, but even personally so Sean's asking, are there any ways to use generative AI to boost our own and Personal cybersecurity. Right? It's it's it's a good question, but, yeah, are there any things that we can do even personally?

Glen Pendley [00:20:13]:
So I I do know, and I I've had to do this because I I wasn't just joking my father, I swear to god, he defects himself every other week. A lot of the, The, you know, the tools that you can buy, like, you know, on app stores and stuff, like security tools for personal use, A lot of them are starting to to implement different Gen AI capabilities into their own, Technology. Gmail does, I think, a pretty good job of, you know, the their anti spam and phishing stuff. Like, there's I would give, like, a recommendation. When you go like, whether you use Gmail or Yahoo, people still use it, or Microsoft's, offering, make Make sure you go in and, like, enable, because a lot of times, they won't enable a lot of the, like, the extra security features because people are too worried about Or like the like Google is more worried about you having a good experience with it, and security might not be the most important thing. So whether it's your web browser, your, you know, your email client that you're using, go in and try to find the enhanced security settings and enable them. Because a lot of times, the More and more software, you know, is leveraging Gen AI and but it's not necessarily enabled by default, so That would be one recommendation. And if you're downloading, like, you know, software on your own personal laptop, you know, make sure you're looking to see if they the features and functions

Jordan Wilson [00:21:39]:
have included.

Glen Pendley [00:21:39]:
That would be my recommendation.

Jordan Wilson [00:21:41]:
You know, that that actually is a great transition here to, Cecilia's question. You kinda just said there, hey. Be careful with downloads. So Cecilia asking, you know, could you review the top basics of good cyber hygiene? So maybe not, you know, having to, You know, rattle off a list of your top 5

Glen Pendley [00:21:55]:
Yeah.

Jordan Wilson [00:21:56]:
You know, right off the bat. But, you know, maybe aside from, you know, being careful what you download, you know, you know, being a a little, suspicious in a good way of of random emails coming in. Are there maybe could you name 1 or 2 other kind of good, you know, cyber hygiene things that all of us can take into account?

Glen Pendley [00:22:14]:
Yeah. The first thing is, especially from an end user perspective, because most people overlook that. They just think of their servers like it's, you know, 1999, and, like, we're still getting hit with worms. Make sure that, like, the the machines that your everyday users using are up to date, like the software, whether it's Chrome, it's automatically getting updated, that you're patching your machine, that, like, that you don't have vulnerabilities sitting on your endpoints, That in the event that there is an attack, there's not like so if somebody clicks on the phishing link, for example, with a a malicious link, If there's no software to exploit the machine, like, then it doesn't it won't matter. So keeping your machine up to date from a software OS perspective is is 1st and foremost. And, 2, from a user like, don't overprovision users where you can. The whole zero trust concept, don't make everybody in your organization administrators everything, because when somebody gets exploited, if everybody has the keys to the kingdom, you're you're done. You know? So Those are the 2 I mean, it's easier said than done to do all those things, but, like, if you do that, at least you're you're minimizing the the field of fire that The the bad guys can take advantage of You

Jordan Wilson [00:23:29]:
know, Glenn, I think there's a lot of, listeners on this show who maybe find themselves in the position of They work in a small or medium sized business. You know, maybe they're a, you know, CEO or, you know, they're a director of a large department in their company. At what point, especially with, you know, the speed now of generative AI making it easier for for for the bad guys, you know, to do their work. At what point do businesses need to say, alright. You know, we're relying on our own internal, You know, Windows or Mac, you know, virus protection and, you know, these best practice, you know, phishing techniques. But at what point do they have to say, alright. You know, we might need to, you know, bring in an expert to help us on the preventative side because I think once people get attacked, it's always like, oh, at that point, it's too late, you probably gonna be expensive, but at what point is it, alright. Hey.

Jordan Wilson [00:24:20]:
This is best practice, personal security. We're a small team versus, alright. We should be, You know, having, you know, a partner to help us on the front end prevent this.

Glen Pendley [00:24:30]:
Yeah. I mean, the I mean, in a a perfect world, it'd be, like, Immediately, but the reality of the situation is, you know, money might be tight. Like, you have a budget. Like, you're trying to grow a business. Like it's it's easy for me to say, like, oh, you should be buying our stuff, you know, yesterday. Like, what's taking you so long? But the the reality of the my recommendation is based on the reality of the situation. If I I would make some form of investment in again, regardless if we're our bakery shop or, You know, the other end of the spectrum is do the basics. Like like, whatever security vendor you you go with, whether, you know, Tenable or You know, whoever whatever part of preventative security, and it's it is defensive depth is important.

Glen Pendley [00:25:17]:
It's not like like As soon as you do preventative security, you don't have to worry about attacks because attacks will happen. So, again, you have to balance things. But I I see way too often, Especially in smaller companies, people get, like, caught up in the hype, and they'll they'll buy, like, this super fancy slick sort of tool that's like That will do you no good because you're not even doing the basics of, like, trying to minimize, again, that field of fire like, the scope of what could be attacked. So I I you know, as as early as you possibly can, like, do the basics. Take advantage of the the security tools that do come with, like, different software that you use from a business perspective. You know, Mac, Windows, like, you know, the the security things that they have. Like, I I mentioned a few, like, the email clients. There in a lot of cases, there are good security things that are embedded in different software nowadays, just people don't enable it.

Glen Pendley [00:26:13]:
So I I at least do that. And if you do start when it's time and, again, at any time, start investing in security Tools from different vendors. Just do the basics. Like, get go work with a vendor that's gonna make the most impact and not something like this slick just got pitched by some random sales guy.

Jordan Wilson [00:26:36]:
Yeah. Exactly. I think that's important. So so so, Glenn, we've We we've talked about a lot here, on the show so far today. So we've talked about how generative AI is is making it easier for The bad guys, but it's also helping, you know, the good guys, you know, to detect these vulnerabilities faster, and more accurately. But, you know, as we wrap up the show here, Looking forward, how do you see generative AI even changing, you know, the cybersecurity industry in the years to come? Is this going to be something where, you know, threats and vulnerabilities are going to be coming even faster as the technology advances?

Glen Pendley [00:27:14]:
Well, yeah, I I mean, I I think as, you know, new models, new LLM, like, as things evolve, that will evolve as well. I think from, I think we'll see emerging markets from a cybersecurity perspective. The need to secure as more and more companies Start building out their own large language models and applying their own stuff versus just using, like, chat gpt or BART or whatever it is. The need and the desire to to secure their own models because there are attacks against, Like, actual Gen AI tool, like, you know, you know, prompt injection. There's, like, lots of things you could do to mess with the models that people are using. So I I think We'll see the emergence of more and more security tools and a desire from companies that are building out their own, Gen AI models to secure that. So I I think that's something that we'll start seeing probable I I wouldn't be surprised, but this Within this year, we start seeing that.

Jordan Wilson [00:28:12]:
Mhmm.

Glen Pendley [00:28:15]:
And I do think, like, the deep fake, you know, when you start dealing with like that, like, I think that's, That could get really gnarly pretty soon, and it's an extremely difficult problem to solve. So it'll be interesting to see how that but between those 2, I think we'll start seeing more away from text based, you know, things that have been applied with the Gen AI up to this point from a security perspective to some of that.

Jordan Wilson [00:28:40]:
That's a good point. Yeah. You gotta you gotta have your, like, family safe word, right, especially as these as these clones start, you know, coming in quick and are are super, Super impressive. Well, this hey. I don't know about everyone else, but I learned a ton here, you know, best practices, on not just personal, you know, cybersecurity, but even just having a better understanding now on how generative AI is being used on both sides of the field. So, Glenn, thank you so much We're coming on the Everyday AI Show, and sharing your expertise with us.

Glen Pendley [00:29:11]:
Yeah. My pleasure. Thank you for having me.

Jordan Wilson [00:29:13]:
Alright. Hey, everyone. As a reminder, tomorrow, we're gonna be talking about GPT gold mines clever ways to cash in with OpenAI, probably releasing the GPT store any hour now. This is gonna be a great show. So, if if you caught something maybe on the show and you wanna know more, make sure to go to your everyday AI.com. We're gonna be talking a lot more in-depth About the conversation that we just had with Glenn, Penley, the chief technology officer at Tenable. So please sign up for that daily newsletter, and We'll see you back tomorrow and every day with more everyday AI. Thanks, y'all.

Gain Extra Insights With Our Newsletter

Sign up for our newsletter to get more in-depth content on AI