AI, AI, AI, blah, blah, blah. These are the hot buzzwords in Cyber today, and
it will be for some time yet to come. I
have blogged about this I think rather extensively, and this is what I am going
to do today as well. But this time, I am
taking a different angle.
I am going to talk about the errors that AI can actually
make. One such area is what is known as “bias”. We pretty much all know what this term means,
but when it comes to AI, it can be defined as follows:
“Machine learning bias, also known as algorithm bias or AI
bias, is a phenomenon that occurs when an algorithm produces results that are
systemically prejudiced due to erroneous assumptions in the machine learning (ML)
process.”
Simply put, this is where your output gives you something
else, because it has been slanted, or even favored in one direction or
another. Heck, even human bias can be a
huge factor, as we will later see. In
general, there are three types of AI Bias, which are:
1)
In the Training Data:
AI systems need a lot of data at
first in order to for it to learn, and make predictions. If this initial training data is not a representative
set or is skewed in some fashion, all of the other subsequent outputs will also
be “biased” to some degree or another. It
is important to note that the training data is the foundation for all of the
other datasets that will be collected and used.
2)
In the Algorithms:
This can be considered to be at the
heart of any AI system. This is where the
data is processed, and from there, the outputs will be derived. If the algorithms are not fine-tuned and
optimized after the initial training run, there will be a certain level of skewness
in later runs, which of course is not wanted.
3)
In our own Minds:
This is technically referred to as “Cognitive
Bias”. This is where human prejudice
comes into play, and you either consciencely or subconsciously favor the
datasets you are selecting, or in the way you design your algorithms. The basic premise here is that you want a certain
outcome to happen, and you will feed in the data that way in order for it to
happen.
But the fear here is that these kind of AI biasness, if not
corrected, can lead to some grave security consequences, especially as
businesses today are making a full force move to the Cloud (such as Azure or AWS). Here is a sampling of some of these fears:
1)
The correct types of warnings and alerts will
not be sent:
AI is being used heavily today to
help filter out false positives and present only the real ones to the IT
Security team for appropriate triaging. But
if there is a certain level of bias the AI system could either overstate or
even understate the actual severity level of a threat. As a result, the IT Security team may respond
to the wrong alerts and warnings, thus leading to a cataclysmic security
breach. Worst yet, if the IT Security
team is implicitly trusting the AI system in this regard, it could even lead to
greater cases of what is known as “Alert Fatigue”. AI systems have been created in order to
prevent this exact thing from happening but once again, any kind of biasness
can defeat this whole purpose all together.
2)
The inability to see new threat variants:
One of the greatest benefits of an
AI system in Cybersecurity is its ability to try to project what the future
threat landscape could potentially look like.
But once again, any form of biasness, whether it is in the data or the algorithms,
could make the AI system lose this kind of effectiveness very quickly, thus
giving the IT Security team an extreme false sense of security.
3)
Less compliance with the data privacy laws:
Another key area where AI is being
used in Cybersecurity is in detecting potential leaks. If a biased AI system cannot get the clues in
time, your company will be faced with yet another kind security breach that you
don’t want to happen, because if it does, you will fall in the crosshairs of
regulators, and possibly face very harsh penalties and fines, as mandated by the
GDPR and the CCPA.
My Thoughts On This:
At this point, you are probably wondering what can be done
to help mitigate AI biasness. Here are
some quick tips for you:
1)
Educate:
To truly understand what AI biasness
is all about, you have to teach it to your IT Security team. As much as security awareness training is
important, so is this area also, at least for those employees of yours that are
helping to fortify the lines of defenses for your business.
2)
Run QA checks on the datasets:
Although this might be a time-consuming
process, it will pay its dividends in the end.
As it was stated earlier, the first datasets you feed into your AI
system is the most important. So make sure all of the data that you feed
into it is optimized and cleansed as
much as possible.
3)
Don’t depend alone on technology:
As much as we would like to think
that AI systems don’t humans, the bottom line is that it does, and this will always be the case. So make sure to get your IT Security involved
in all aspects of the AI system development and deployment.
4)
Use multiple AI systems:
Remember, you don’t have to use
just one AI system. You can use multiple
ones, and it is even recommended that you do so to help eliminate the possibility
of bias. This can be likened to having multiple layers of security in
order to decrease the odds of the Cyberattacker breaking through to your crown
jewels.
5)
Use biasness technology:
As much as AI is advancing, so are the
tools that are being used to support them.
So in this regard, be on the lookout for any kind of AI biasness components
that you can integrate into your AI system.
In the end, there will always be some biasness in AI
systems, that is just the nature of it.
But the trick here is to mitigate that level as much as possible, in a
way that is similar to mitigating the risks of being a victim of a Cyberattack.
But remember, AI systems are nothing but garbage in and garbage out. It is only as good as the data that
you need!!!
No comments:
Post a Comment