WHAT KIND OF AI DO WE NEED IN SECURITY?

artificial intelligence

Most of the breaches begin with a phishing email that a human didn’t recognize as such. That’s because human brains are not very good spam filters. 
In security, emulating human intelligence is not the way to go. We need something to complement it, we need something intelligent but of a different kind of intelligence.

AI stands for Artificial Intelligence; it is the mother of all the buzzwords in the IT world.

The Merriam-Webster dictionary defines intelligence as “the ability to learn or understand or to deal with new or trying situations”.

Can you see why Machine Learning is tied to AI? It’s because learning is tied to intelligence.

The history of AI begins in the 1950’s. In the 1980’s we realized that learning was an important part of intelligence and Machine Learning (ML) begun. ML is a branch of AI.

Getting a computer to solve a complex problem in a smart way which involves learning, means working on AI and ML.

The classic definition of AI is “a computer performing tasks that traditionally required human intelligence”, but is human intelligence what we really need in security?
We’ve seen that filtering email is not a task where humans excel. Phishing emails are still very effective: so many users click on links and provide credentials to malicious actors, so many breaches begin with a user falling for an email phishing. Why would you want to emulate human intelligence as it is, in order to solve this problem?
Trying to solve this problem closely emulating a human brain involves a number of technical challenges and more often than not leads to frustration. Brains and computers have different qualities and limits. Depending on the problem you’re trying to solve, attempting to completely emulate human intelligence may not be effective. Security is one of those fields.

We are still working hard on understanding human intelligence, this adds to the challenge. While some features of human intelligence are very useful in the physical environment we evolved in, they are not very efficient in an artificial environment like the one Libraesva focuses on: electronically mediated communication. On the other side computers can easily perform some intelligent tasks (by “intelligent” we mean that they involve learning and adapting to changing conditions) that are very difficult for a human brain.
Computers, for example, can detect, remember and compare quantities and varieties of details that a human brain cannot pick or handle.

If you take advantage of these differences, rather than trying to replicate human intelligence, chances are that you’re going to get an artificial intelligence that despite being different, is more efficient at tasks where humans don’t perform very well, which is what we actually need.

Artificial Intelligence is a concept that is widely abused in marketing pitches in the security industry; that’s because customers love terms that evoke complexity,  but the kind of intelligence we need is not the artificial intelligence by it’s classical definition, which involves replicating what a human brain would do.

In Libraesva we decline Artificial Intelligence in a pragmatic way, departing from the academical attempt to emulate human intelligence as it is.  We look at human intelligence as a reference, not a landmark, because we aim at an artificial intelligence that excels where human intelligence doesn’t.
When we think about ways to improve email security we don’t only think in terms of doing, much faster, what an expert human would do. We always focus on what else could be done that a human brain will not ever been able to achieve.

Libraesva designed a number of specialized AIs that perform tasks like the semantic analysis of the message, keeping track of the relationships and communication patterns between people, highlighting anomalies in such patterns, comparing the most inner technical details of each email with a huge variety of hidden features that characterize legit and malicious traffic, and so on.
All of these systems act like experts with a very deep knowledge in a very specific technical discipline; they see very deep into their own expertise field but they lack the big picture. This is often the case with AI.
This is why in Libraesva’s security systems all these very specialized AIs provide their contribution to a higher level AI that acts like a good decision-maker, the one that always has in mind the big picture and takes the final decision based on each expert contribution.

This approach to AI proved to be quite effective.

Rodolfo Saccani
CTO / Head of R&D @Libraesva