Recommendations for CISOs
Asked what CISOs should do in the wake of the report, Google said that organizations should check out Google’s Secure AI Framework (SAIF), which is a conceptual framework for secure AI systems.
Rather than enabling disruptive change, generative AI allows threat actors to move faster and at higher volume, the Google report concludes. “For skilled actors, generative AI tools provide a helpful framework, similar to the use of Metasploit or Cobalt Strike in cyber threat activity. For less skilled actors, they also provide a learning and productivity tool, enabling them to more quickly develop tools and incorporate existing techniques,” it says. “However, current LLMs [large language models] on their own are unlikely to enable breakthrough capabilities for threat actors. We note that the AI landscape is in constant flux, with new AI models and agentic systems emerging daily. As this evolution unfolds, GTIG anticipates the threat landscape to evolve in stride as threat actors adopt new AI technologies in their operations.”
In short, the report says, AI can be a useful tool for threat actors but it is not yet the game-changer it is sometimes portrayed to be.
