Today we released the sixth edition Cyber Signals, spotlighting how we are protecting artificial intelligence (AI) platforms from attempted abuse by nation-state threat actors.
In collaboration with OpenAI, we are sharing insights on state-affiliated threat actors tracked by Microsoft as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, Salmon Typhoon who have sought to use large language models (LLMs) to augment their ongoing attack operations. This important research exposes incremental early moves we observe these well-known threat actors taking around AI, and notes how we blocked their activity to protect AI platforms and users. At the same time, Microsoft is helping the wider security community to understand and detect the emerging prospects of LLMs in attack activity. We are recommending the inclusion of what we discovered in the MITRE ATT&CK® framework, to help security operations teams everywhere anticipate and recognize AI–assisted cyber threats.
This edition of Cyber Signals also shares insights into how we use AI to protect Microsoft and how threats actors are using AI to refine their attacks.
Cybercriminals and state-sponsored actors are harnessing AI to develop more sophisticated attack strategies, including the automation of attacks and the creation of convincing deepfakes for phishing campaigns and voice synthesis where a three-second voice sample can train a model to sound like anyone.
Microsoft uses several methods to protect itself from these types of cyberthreats, including AI-enabled threat detection to spot changes in how resources or traffic on the network are used; behavioral analytics to detect risky sign-ins and anomalous behavior; machine learning (ML) models to detect risky sign-ins and malware; Zero Trust, where every access request has to be fully authenticated, authorized, and encrypted; and device health to be verified before a device can connect to the corporate network.
AI’s role in cybersecurity is multifaceted, driving innovation and efficiency across various domains. From enhancing threat detection to streamlining incident response, AI’s capabilities are reshaping cybersecurity. The use of LLMs in cybersecurity is a testament to AI’s potential. These models, when used for good, can analyze vast amounts of data to uncover patterns and trends in cyber threats, adding valuable context to threat intelligence. They assist in technical tasks such as reverse engineering and malware analysis, providing a new layer of defense against cyberattacks.
Today’s organizations must build a secure foundation for working with AI and adopt AI-driven cybersecurity solutions that can adapt to evolving threats, detect anomalies in real-time, and respond swiftly to neutralize risks.
Microsoft’s approach to AI in cybersecurity is proactive and exploratory. We are delving into how AI can enhance our existing security measures, such as identifying patterns in large datasets and creating realistic simulations. We are also investigating innovative applications of AI, like using generative AI to develop secure code and employing machine learning to detect and respond to threats instantaneously.
Users of Microsoft Security Copilot have shown a 44% increase in accuracy across all tasks and a 26% faster completion rate. These figures highlight the tangible benefits of integrating AI into cybersecurity practices.
As we secure the future of AI, we must acknowledge the dual nature of technology: it brings new capabilities as well as new risks. AI is not just a tool but a paradigm shift in cybersecurity. It empowers us to defend against sophisticated cyber threats and adapt to the dynamic threat landscape. By embracing AI, we can ensure a secure future for everyone.
