Gen AI revolution

The automotive and smart mobility ecosystem is entering a new era with Generative AI

The era of Generative AI (GenAI) is well underway in the Automotive industry, as OEMs rush to adopt GenAI capabilities to enhance customer experience and unleash the next wave of productivity. In 2023, Mercedes-Benz, a global OEM launched a ChatGPT-powered voice assistant to 900,000 beta testers using a private and secure instance of Microsoft's Azure OpenAI Service that does not share back data with OpenAI or the ChatGPT model. according to Gartner by 2026, more than 80% of enterprises will have used generative artificial intelligence (GenAI) application programming interfaces (APIs) or models, and/or deployed GenAI-enabled applications in production environments, up from less than 5% in 2023

GenAI: a double-edged sword

GenAI also poses risks as it could empower cybercriminals to conduct large-scale attacks more effectively. Large Language Models (LLMs) can be exploited to find and exploit vulnerabilities, generate malicious code, and even create self-evolving malware that evades current security measures. The dark web has seen a surge in GenAI mentions, indicating its growing relevance in cyber threats.

GenAI can be used to map endpoints, target APIs, and identify potential vulnerabilities, as well as provide step-by-step guidance on exploiting those vulnerabilities. LLMs can also be used to generate malicious code or scripts by assimilating information from public vulnerability databases and cybersecurity research.

The adaptability and efficiency allow for the execution of large-scale attacks that may bypass traditional cybersecurity measures. LLMs trained on cybersecurity threat intelligence data can be used to escalate offensive strategies and execute sophisticated attacks with automated processes and significant scale. By analyzing vulnerabilities and attack patterns, they can generate strains of malware that self-evolve, creating variations to attack a specific target with a unique technique, payload, and polymorphic code that’s undetectable by existing security measures. For example, threat actors can use LLMs to automate the discovery of vulnerabilities, increasing efficiency and allowing them to shift resources to exploiting vulnerabilities rather than identifying them. GenAI also allows attackers to rapidly sift through vast amounts of data, identifying the most vulnerable targets. This approach not only speeds up the attack process but also increases its effectiveness, as AI models can pinpoint weaknesses that might be overlooked by human analysis.

Additionally, GenAI can simulate various attack scenarios, helping attackers refine their strategies and improve their tactics. By using GenAI to simulate attack environments, cybersecurity faces an additional challenge, as it leads to more unpredictable and sophisticated attacks, increasing the difficulty of detecting these attacks.

According to research by Bain & Company, mentions of GenAI on the dark web proliferated in 2023, increasing by several orders of magnitude.

‍

Automotive cybersecurity leaders must embrace GenAI

On the defensive, GenAI has the potential to transform automotive cybersecurity solutions and operations, enabling a range of use cases—from agile investigations, to automating vSOC workflows, and even generating complex insights based on deep and dark web data and in-depth TARA. GenAI introduces unparalleled efficiencies, enabling cybersecurity teams to quickly analyze massive amounts of connected vehicle and mobility data across multiple sources, detect patterns, filter incident alerts, and automate investigations.

What should be done?

Corporate leaders should:

·      Understand that generative AI won’t rid cybersecurity of its operational and technical complexities.

·      Make generative AIand cybersecurity a recurring agenda item for board and C-suite meetings; and

·      Avoid a narrow focus on controls or certain risks—cybersecurity demands a holistic approach.

‍

Chief information officers/chief information security officers should:

·      Get security operations (SecOps) leaders to validate generative AI output, particularly threat-detection algorithms updated by generative AI;

·      Train new and junior SecOps employees to hunt threats with and without generative AI to avoid dependence; and

·      Where possible, avoid relying on a single vendor or generative AI model across the cybersecurity stack.

‍

Cybersecurity companies should:

·      Hire the right mix of talent to bring generative AI capabilities into their products; and

·      Guard against generative AI–created false information (hallucinations) and external tampering with generative AI algorithms and models that might create backdoor vulnerabilities.

Generative AI will rapidly advance, and it’s essential that all stakeholders from cybersecurity providers to enterprises continuously update their specialist knowledge and strategy to take advantage—and stay protected.

‍

Sources:

Upstream’s 2024 Global Automotive Cybersecurity Report

Gen AI in high gear: Mercedes-Benz leverages the power of ChatGPT | McKinsey

Gartner Says More Than 80% of Enterprises Will Have Used Generative AI APIs or Deployed Generative AI-Enabled Applications by 2026

Generative AI and Cybersecurity: Strengthening Both Defenses and Threats | Bain & Company

‍