2023 RSA Conference: Emphasizing the Advantages and Disadvantages of AI in Cybersecurity

The annual RSA Conference (RSAC) was held again this week in San Francisco and did not disappoint, with hundreds of announcements made. Although zero trust has been at the forefront of conversations at the last few RSACs, this year marked a new theme in the form of artificial intelligence (AI). During the opening remarks, Rohit Ghai, chief executive officer of RSA Security, underscored the importance of AI, given its ability to strengthen zero-trust architectures and identity management. However, bad actors will also embrace AI to increase the sophistication of cybersecurity attacks. It’s a double-edged sword that will require continued sharpening by security operations teams and the organizations they support. As with the application of any new technology to a given domain, learnings from AI are yet to be realized. AIOps is a well-established technology component within networking offerings from Cisco, HPE Aruba Networking, Juniper and others. However, AIOps has so far aimed to improve the deployment and management of connectivity and the automation of information and operational technology environments. As security and networking continue to converge, its role will expand to the mitigation of security threats arising from AI. Zscaler released the findings of its 2023 ThreatLabz Phishing Report, a twelve-month look back from its well-established security cloud that identifies phishing trends, emerging tactics and the corresponding industries and regions that are vulnerable. Unsurprisingly, AI tools such as ChatGPT make it easier to steal credentials. Consequently, this is an eye-opening report and worth a read. RSAC 2023 was characterized by its emphasis on the advantages and disadvantages of AI and numerous published cybersecurity reports designed to raise awareness of threats and subsequent remediation, in addition to cybersecurity platform enhancements. These subjects are a definite departure from the past few RSAC events, which seemed to be zero-trust