Artificial Intelligence (AI) describes technologies that can make informed, non-random decisions algorithmically. It has many current and potential applications, it is the current pinnacle of humanities ceaseless drive towards greater and greater efficiency. In particular regard to OSINT though, it enables humans to collect, analyze and interpret huge sets of data, data sets so large that it would be entirely unfathomable to even approach them without machine assistance.

Everyone knows AI is shaping their world in one way or another. But often the changes are subtle, gradual and go unnoticed. Very few of us know what actually goes on behind the steel doors of the big tech companies like Alphabet, Facebook, and Apple. And yet we interact with their AI systems on a daily basis and those systems have huge power over our lives. In this article, we take a look at some of the key ways AI is being used today and how it will become increasingly important as our technologies improve.

5 Ways AI is Shaping the World 

1. Improving and optimising business processes 

The very first robots in the workplace were all about automating simple manual tasks. This is the age of factories and production lines. Today though, it’s not manual tasks that robots are taking over. Instead, software-based robots are taking on repetitive tasks carried out on computers. 

Initially, this was limited to automating simple repetitive tasks, such as “send follow up email 2 if no response after 3 days”. This has already reduced admin tasks and improved business operational efficiencies immeasurably. The next step though is the use of AI technologies to further alleviate some of the more labour intensive ‘intelligent’ tasks such as data gathering, aggregating and analysis, leaving people to spend more time on complex, strategic, creative and interpersonal tasks.

2. More personalization will take place in real-time

Big tech companies are already using data to personalization services. Google Discover, for example, is a feed based on a complex algorithm which reads your online history and tailors the news feed to your particular interests. Other big tech examples are Spotify and Netflix which use AI to suggest relevant media based on your historical behaviour. 

This technology is constantly being evolved and is probably one of the most noticeable in our day to day lives. The end goal is a system which can almost perfectly predict your desires and needs, an outcome none of us are likely to protest against. On the other side of the same coin though is the use of that very same data to target individuals with hyper-relevant ads. This practice can often seem intrusive and is one of the driving forces behind the adoption of VPN’s.

3. AI in the creative space

Some things are still, even in 2020, better handled by humans. That being said AI technologies are now beginning to encroach on the creative spaces. Scorsese's, The Irishman, is one example of this, where Robert De Niro was de-aged on-screen using AI technology. 

There are additional uses though, for example, AI is being used to edit video clips for the purposes of spreading misinformation, and often these edits are incredibly hard to spot. This has led to a new sector of cybersecurity which requires AI technology to spot AI-generated or edited video and audio files. 

4. Increasing AI in Cybersecurity

Even as data grows and is used to progress the development of AI this simultaneously opens up new avenues for exploits by threat actors. For example, AI can be used to create and automate targeted ‘intelligent’ phishing campaigns. AI-supported cyberattacks though have the potential to go much further.  As such, increasingly advanced AI is needed to combat the evolving cyber threat landscape.

Related: How Machine Learning is Changing Modern Security Intelligence 

5. AI learning to perfectly emulate humans

Anyone that keeps their eye on the work that Google is doing will know about their 2019 update, BERT. A natural language processing (NLP) framework which is designed to better understand context and intertextual reference so that they can correctly identify both the searcher's intent as well as the intent behind any content created. 

One of the key challenges that faces AI right now is idiomatic or referential speech; language that has more depth of meaning, for example, determining the importance of the concept of a mother, or understanding a phrase like “six feet under”. Our current research and development project at Signal is one example of the practical applications of overcoming this challenge. It involves using machine learning to enable our software to understand the intent behind text, even when ‘hidden’ behind challenging language like idioms, to more accurately identify threats.  

As these natural language processes advance, so too will conversational AI bots, to the point where, because of the range and complexities of their answers, you would be forgiven for mistaking them as human.

The Future of AI and what that means for OSINT

Artificial Intelligence, machine learning, and automation have already revolutionized intelligence gathering. With OSINT tools like Signal security teams and intelligence agents can effectively and efficiently monitor the open, deep, and dark web, setting up customized alerts based on searches that leverage boolean logic. Machine learning takes this intelligence to the next level. It allows for vast amounts of data to be collected, aggregated, and for all the irrelevant hits to be essentially culled, supplying the security team at the end with actionable, relevant intelligence.

Humans play an essential role in this new intelligence lifecycle. In defining the search terms to match security strategies, analysing the end date the system feeds back, reassessing the searches based on the new evidential data and implementing appropriate responses. This is a key role that will no doubt evolve as the technology becomes more accurate, reducing inefficiencies in process.

A key challenge facing modern security teams is the explosion of new potential threats, both cyber and physical, and the speed with which new exploits are taken advantage of. Additionally, in our globalized world threats can evolve from innumerable sources and manifest as a diverse range of hazards.

Because of this, security teams need to efficiently utilize automation technology and machine learning to identify threats as or even before they emerge if they want to mitigate risks or prevent attacks.

Artificial Intelligence in the Cyber Security Arms Race

Today, AI and machine learning play active roles on both sides of the cybersecurity struggle, enabling both attackers and defenders to operate at new magnitudes of speed and scale.

When thinking about the role of machine learning for corporate security and determining the need, you first need to understand how it is already being used for adversarial applications. For example, machine learning algorithms are being used to implement massive spear-phishing campaigns. Attackers harvest data through hacks and open-source intelligence (OSINT) and then can deploy ‘intelligent’ social engineering strategies with relatively high success rate. Often this can be largely automated which ultimately allows previously unseen volumes of attack to be deployed with very little effort.

Another key example, a strategy that has been growing in popularity as the technology evolves, making it both more effective and harder to prevent, is Deepfake attacks. This uses AI to mimic voice and appearance in audio and video files. This is a relatively new branch of attack in the spread of disinformation and can be harnessed to devastating effect. For example, there are serious fears of the influence they may bring to significant future political events such as the 2020 US Presidential Election.

These are just two of the more obvious strategies currently being implemented in a widespread fashion by threat actors. AI supported cyberattacks though have the potential to go much further. IBM’s DeepLocker, for example, describes an entirely new class of malware in which AI models can be used to disguise malware, carrying it as a ‘payload’ to be launched when specific criteria are met - for example, facial recognition of its target.

Managing Data Volumes

One of the primary and critical uses of AI for security professionals is managing data volumes. In fact, in Capgemini’s 2019 cybersecurity report 61% of organizations acknowledged that they would not be able to identify critical threats without AI because of the quantities of data it is necessary to analyze.

“Machine learning can be used as a ‘first pass’, to bring the probable relevant posts up to the top and push the irrelevant ones to the bottom. The relevant posts for any organization are typically less than 0.1% of the total mass of incoming messages, so efficient culling is necessary for the timely retrieval of the relevant ones.” - Thomas Bevan, Head Data Scientist at Signal.

Without the assistance of advanced automation softwares and AI, it becomes impossible to make timely decisions - impossible to detect anomalous activity. The result of which is that those organizations who don’t employ AI and automation softwares for intelligence gathering often miss critical threats or only discover them when it’s too late.

Signal OSINT and Machine Learning

Signal OSINT platform uses machine learning and automation techniques to improve data collection and aggregation. The platform allows you to create targeted searches using Boolean logic, but it is our machine learning capabilities which allow us to go beyond Boolean keyword searches. 

“By recognising patterns in speech and relations between commonly used words, one can find examples of relevant posts even without keywords. While phrases like ‘I’m gonna kill the boss’ can be picked up by keywords easily, keyword searches alone struggle with more idiomatic speech like, ‘I’m gonna put the boss six feet under’, and will incorrectly flag posts like ‘Check out the new glory kill animation on the final boss’. Machine learning, given the right training data, can be taught to handle these sorts of examples,” says Thomas Bevan.

Signal continuously scans the surface, deep, and dark web and has customizable SMS and Email alert capability so that security teams can get real-time alerts from a wide array of data sources such as Reddit, 4Chan, 8Kun etc. Additionally, Signal allows teams to monitor and gather data from dark web sources that they would otherwise be unable to access either for security reasons or because of captive portals.

Finally, the software allows users to analyze data across languages and translate posts for further human analysis. There are additional capabilities, such as our emotional analysis tool Spotlight, which can help indicate the threat level based on language indicators.

Complementing AI with Human Intelligence

In order to stay ahead of this rapidly evolving threat landscape, security professionals should be using a layered approach that pairs the strategic advantages of machine learning to parse through the vast quantities of new data with human intelligence to make up for current flaws in AI technology.

Machines have been at the forefront of security for decades now. Their role though is evolving as they get passed the heavy lifting, allowing analysts and security professionals to analyse hyper-relevant data efficiently. 

It is estimated that cybercrime will cost organization a combined amount of upwards of $6 trillion a year. Cybercriminals are getting smarter and to defend networks, predict threats, and protect staff, organizations need increased access to timely intelligence. 

Effective information security requires smarter detection techniques which is why many organizations are incorporating AI-driven solutions and products to enable their security teams. However, even with AI assistance the sheer amount of data to assess is encumbering. Signal offers a multi-faceted approach that incorporates filters using boolean logic, AI analysis, and a human hand.

Getting Actionable Insights in Real-Time

In threat intelligence having timely data means everything! Having hyper-relevant intelligence as or even before events are unfolding could mean the difference of several zero’s. By contrast, acting upon old threat insights that maybe have dated can be counter-productive, or even undermine the purpose of the intelligence.

Automation and AI tools can make all the difference when it comes to constantly collecting fresh data. A threat intelligence platform such as Signal which harnesses automation and AI tools massively expands the potential data sources and amount of data that an organisation is able to effectively and efficiently monitor. As well as enabling security teams to sift through all that data and detect anomalous and potentially dangerous activity.

Reacting fast is vital to mitigating threats, but what is even more effective is preempting potential attacks enabling security teams to take preventative measures. For example, using a dark web scan a security team might discover an exploit package for sale targeting a previously unknown vulnerability. Discovering this exploit pack allows the security team to patch the vulnerability before hackers have a chance to take advantage of it.

Automation isn’t Everything

Machines can save you time and in that way they save you money. The combination of AI and Automation when scanning the surface, deep and dark web allows your security team to have more eyes on more data sources. This is vitally important especially today when cyber skills are scarce and data growth so overwhelming. This combination helps prevent analysts from being utterly swamped by endless admin work and allows them to deliver true value to their role.

That being said. Machines can only do so much by themselves (at least for the foreseeable future. People remain fundamentally better at understanding insights from potentially vague context and who are able to deliver an effective response.

Acting fast as we have already mentioned is incredibly important. But just throwing machine learning at the threat intelligence problem isn’t nearly enough. The perfect blend combines rapid and large-scale initial gathering and analysis by machines that then hand-off to their human team-mates to apply strategic intellect while the data is still fresh.

Security professionals have to think how cybercriminals think: machines (e.g. botnets) to do the heavy lifting and a sprinkling of human intervention to execute as successfully as possible.

Injecting Human Intelligence into Automated Threat intelligence

The key to superior threat intelligence accuracy and timing is to leverage automation whilst simultaneously injecting human expertise. You don’t want to be wasting your human resources by making skilled data security analysts wade through piles of admin. Nor do you want those analysts to miss potential anomalous data because your automated system disregarded a seemingly meaningless information package which later turned out to be a viable threat. 

Signal allows you to create filtered searches using Boolean logic scanning your chosen data sources and understanding potential location information. These searches can additionally be run through our emotional analysis tool Spotlight. 

There is one more problem though. Getting the balance of human and automation right is essential if you want to derive an effective threat intelligence system at a competitive cost.

To solve this problem we have launched our Sapphire program. Sapphire is an optional bolt-on which enables Signal customers to leverage our skilled in-house data analysts to further refine their results allowing their in-house security personnel to spend time on delivering real value.

Final Words

As can be seen from the description above, Signal is not an “AI application” in the commonly understood way. Instead, it’s a system where we use AI techniques and automation in multiple places to create a tool which in the right hands creates an extremely capable intelligence solution.

Even though machines and software will continue to evolve with dazzling speed, the complexity of threat analysis means there will be plenty of challenging opportunities for human analysts for a very, very long time.