Rethinking Security Architectures: AI’s Impact on Cyber


As artificial intelligence (AI) increasingly shapes the future of technology, securing digital ecosystems has become a critical imperative. During the NVIDIA AI Summit on Oct. 7-9, NVIDIA Chief Security Officer (CSO) David Reber highlighted the need and the opportunity to transform security architectures to incorporate AI, and effectively secure AI-driven workloads.

Reber outlined that the integration of AI into various technologies necessitates a fundamental reevaluation of existing security frameworks. He emphasized that companies must proactively adapt their cybersecurity strategies to harness AI’s potential while safeguarding sensitive data.

By leveraging cybersecurity AI frameworks like NVIDIA Morpheus, organizations can bolster their defenses against emerging threats in an increasingly complex digital landscape, Reber said.

The CSO explained that even simple AI solutions, such as summarization tools, can drastically reduce the time analysts spend on tasks, enabling them to focus on more advanced threats.

Reber broke down generative AI’s impact on cyber defense into three groups: use cases for attackers; use cases for end users; and use cases for defenders.

First, the rise of low-code and no-code tools has lowered the barrier for entry into cyberattacks, Reber said. “It’s not just the teenagers in their parents’ basements … You’re able to do it now at scale, with low to no code,” Reber said, explaining that the average person can now launch sophisticated cyberattacks at scale with the use of generative AI tools.

Reber also highlighted the challenges faced by end users, who are increasingly vulnerable to new forms of exploitation. He described a scenario in which a seemingly innocuous browser plugin could execute scripts and exfiltrate sensitive data. “Now I have to be trained: don’t ask dumb questions, don’t ask the wrong questions to my co-pilot, because I could also exploit myself now by accident,” he said.

And third – generative AI gives cyber defenders new tools. By utilizing AI’s human language interfaces, for example, defenders can now more effectively contextualize threats in real time, making it easier to respond to evolving challenges. “The new age defender is a prompt engineer. They know how to ask and elicit questions,” Reber said. “Everyone can now be a defender within our organizations.”

Reber further elaborated on opportunities to leverage AI to enhance cybersecurity for defenders. He acknowledged that much of the day-to-day effort for security teams is spent justifying whether a patch is necessary. “What we determined was, ‘Hey, this is something AI can help us with. AI agents are really good at this,’” he said.

NVIDIA Morpheus helps defenders parse through hundreds of issues and prioritize those that are most likely to be exploited.  The defenders can focus attention on patching those highest risk vulnerabilities.

As Reber continued, he underscored the necessity of utilizing AI in cybersecurity, “You need to start using AI now. You need to push the boundaries of your organization because you’re going to learn more than you ever realized.”

He provided an example of where NVIDIA began using generative AI and identified a critical challenge: traditional models struggle to manage vast amounts of enterprise data, particularly when trying to filter access control.

To tackle this, NVIDIA deployed individualized AI agents – “expert agents” – tailored for specific functions such as sales, HR, and finance. “What I’ve done is split my enterprise into expert roles,” Reber explained. This not only enhances security but also increases the value and effectiveness of AI bots, he said.

A new NVIDIA AI Blueprint showcases how developers can build an AI agent for security–to automate the time consuming process of triaging critical software vulnerabilities. Using generative AI, this blueprint can help accelerate the analysis of software vulnerabilities from days to seconds.

Moreover, he introduced the concept of “agentic architectures,” which facilitates orchestration across various expert agents. This approach allows users to pose questions while the system understands the context and routes requests through specialized agents. He said, “I now have four choke points to protect my AI systems and allow the business to move forward.” Reber said each expert agent operates under strict access controls, creating layered defenses that enhance overall cybersecurity.

Reber offered five essential AI security priorities for chief information security officers to begin considering today: data supply chain and governance; AI development and lifecycle; AI transparency and responsibility; AI adversarial research and development; and cyber responsiveness.

Finally, he encapsulated the urgency of embracing AI in cybersecurity: “There’s a lot of unknown ahead of us, but there’s a lot that we’ve learned. Embrace it from a security perspective. Start using [AI] now…If you wait until you get it perfect, you’re already going to be behind, and you’re going to probably miss the most important problems that you need to solve for your enterprise organization.”


 

Comments