Protecting AI Companies: The Growing Threat of Endpoint Breaches

Endpoints in the AI industry are facing increasing threats from adversaries who are using sophisticated techniques to breach the security of companies. These attacks often rely on malware-free tradecraft, making them difficult to detect. According to CrowdStrike’s Threat Hunting Report, 71% of detections indexed using CrowdStrike Threat Graph were malware-free. Additionally, attackers have increased their use of remote monitoring and management (RMM) tools for malware-free attacks by an astounding 312% year-over-year in 2023.

To protect against these threats, AI companies are recognizing the importance of real-time telemetry data. This data allows them to identify anomalous patterns and predict breaches. Leading vendors like BitDefender, CrowdStrike, and Cisco capture real-time telemetry data and use it to derive endpoint analytics and predictions. Cisco, in particular, is doubling down on native AI as the core of its cybersecurity strategy with its new hyper-distributed framework, HyperShield.

Calculating indicators of attack (IOAs) and indicators of compromise (IOCs) is another crucial aspect of endpoint security. Companies like CrowdStrike and ThreatConnect use real-time telemetry data to calculate IOAs and IOCs, which help detect attackers’ intent and prove network breaches. AI-powered IOAs, like those developed by CrowdStrike, improve endpoint protection by operating synchronously with sensor-based machine learning (ML) and other defensive layers.

Gen AI, or generalized AI, is seen as the answer to the growing number of intrusion attempts faced by AI companies. Attendees at the VB Transform roundtable identified several areas where gen AI can contribute to closing the endpoint security gap. These areas include continuous network telemetry monitoring and verification, real-time threat detection and response, behavioral analysis and anomaly detection, reduction of false positives, automated threat response, adaptive learning with large language models (LLMs), enhanced real-time visibility and correlation, more accurate threat hunting, automating manual workloads on the SOC, and more precise predictive analytics.

In conclusion, as the era of weaponized AI unfolds, XDR (extended detection and response) platforms need to leverage AI and ML technologies to stay ahead of adversaries. The use of real-time telemetry data, the calculation of IOAs and IOCs, and the adoption of gen AI can significantly enhance endpoint security in the AI industry. By taking these measures, companies can protect their intellectual property, financials, and future R&D plans from malicious attacks.