Kaspersky Lab warned the UN about the risks of using artificial intelligence in cybersecurity

Kaspersky Lab raised the issue of regulating the use of artificial intelligence (AI) in the field of cybersecurity at the UN. Systems based on machine learning can quickly become outdated, which creates risks, the company explains. They propose to develop principles for using AI, including ensuring constant human control over neural networks and training them on big data, reducing access to personal information to a minimum. The initiative is relevant for the global IT community, experts admit, but they consider the threat of the use of AI by hackers, and not by those who are protecting themselves from them, to be more pressing.

Kaspersky Lab has approached the Open Working Group (OWG) on security issues in the use of information and communication technologies (ICT) at the UN with a proposal to prepare principles for the development of AI to ensure cybersecurity.

The document, which Kommersant reviewed, notes that AI is used in the field of cybersecurity to identify and respond to threats, as well as analyze anomalies in IT systems. However, the use of machine learning “not only has a positive impact on cybersecurity, but also creates risks.” In particular, systems based on machine learning can become outdated or perform poorly when input data changes dramatically, the appeal says.

Human control should be a key element of the use of AI in the field of cybersecurity, including real-time expert access to all data and processes, Kaspersky Lab believes. They also consider it necessary to minimize the use of personal data when training AI, depersonalizing it as much as possible. As part of international AI regulation, the company proposes to train systems on “extensive open source data.”

Kaspersky Lab clarified to Kommersant that they have introduced the initiative, and in October they plan to hold a seminar “Ethical principles for the use of artificial intelligence in cybersecurity” as part of the Internet Governance Forum, which will be held in Japan under the auspices of the UN. At the same time, work in the field of cybersecurity is also being carried out at the interstate level. For example, within the framework of BRICS there is a Working Group on security issues in the use of ICT, the Ministry of Digital Development clarified to Kommersant.

The role of AI is becoming more and more important, it is used more often, so it is necessary that the final word belongs to humans, especially since information security systems are critical for the state and corporations, notes Oleg Kravchuk, director of strategic and international projects at the Security Code: “Therefore The initiative will most likely be supported by the international expert community. However, foreign colleagues most likely will not note that this idea was introduced by the Russian side.”

The issue of using AI in cybersecurity is being discussed at the UN, but will not be included in an agreement between states, says Johns Hopkins University graduate student Oleg Shakirov: “States are discussing and cannot resolve higher-level problems – what is a cyber conflict, how to regulate it within the framework of international law, too “technical” issues are rather avoided here.”

At the same time, Positive Technologies business consultant on cybersecurity Aleksey Lukatsky reminds that from a practical point of view, problems with AI are now more pressing “in the unregulated sphere”: scammers and hackers are already actively mastering the technology and creating tools such as FraudGPT (designed to create phishing emails). emails, hacking tools, carding, etc.), DarkBERT (a language model trained using a vast collection of darknet data), etc.: “They are not constrained by ethical and legal regulations.” Therefore, the expert adds, at the business level it is necessary to develop methods, also based on AI, that are capable of detecting malicious use of machine learning, for example, detectors of phishing attacks, deepfakes, malicious code and vulnerabilities.

Tatiana Isakova