Weekly Video: December 5, 2022
12–5–2022 (Monday)
Hello and welcome to another edition of Cyber Risk at Deal Speed, your weekly video update on the one big thing in cybersecurity for private equity investors and portfolio company management teams.
I’m your host, Shay Colson, Managing Partner for Cyber Diligence at Coastal Cyber Risk Advisors, and you can find us online at coastalcyber.io
Today is Monday December 5th and this week’s One Big Thing is AI. Specifically,
How will improved AI impact cybersecurity (OpenAI’s Updated GPT-3.5 Chat Bot)
Let’s jump in.
AI Accelerations & Cyber Risk
Artificial Intelligence company OpenAI released an updated version of their AI text generation framework this week, known as GPT-3.5 (because it’s a half-way release between the previous version - GPT-3 - and the future version - GPT-4).
The new capabilities are significantly better and both understanding natural language inputs and generating natural language outputs, but also inputs and outputs of source code, and combining logic and source code to do things like find vulnerabilities in smart contracts, suggest ways to exploit vulnerabilities, and reverse engineer pieces of software as well as explain them in plain language terms.
So what does this mean for our investments and portfolio companies?
The first thing to realize is that this is not a doomsday scenario by any means, but there are a couple of truths that we need to be aware of in our decision making
Pace of Progress. From today forward, AI capabilities will only get better, and they’ll likely get better at an accelerating rate. That means that what we’re seeing here, we’re going to get more of - and faster.
Reducing Barriers. The AI presents a way for threat actors - both skilled and unskilled - to be more active. Skilled actors are going to be able to use these AI capabilities to automate and scale their attacks, and unskilled actors are going to be able to use AI to identify vulnerabilities and launch attacks that they wouldn’t be able to on their own.
For us, this means that we an no longer afford low hanging fruit, and must significantly improve our capabilities to detect, respond, and recover from security incidents.
This means that for the things that are in our control (vulnerability management programs, multifactor authentication, training and awareness, etc.) - we need to be doing everything possible to improve our posture.
For things not in our control (third parties and supply chains, cloud platforms, open-source software dependencies, etc.), we need to ensure visibility into critical areas of technology that enable our businesses, and be able to identify anomalies and respond quickly.
Finally, we need to build resilience - data backups and the ability to rapidly procure new instances of technology that can keep our businesses running when incidents do occur.
None of this is new, but there is now I think a meaningful sense of urgency behind the efforts, as attackers are going to begin to advance ever faster.
Fundraising
From a fundraising perspective, we had several large fund announcements that helped put the grand total at more than $44B for the closing week of November.
Quite a push, and we’re now within $100B of the quarter-trillion mark for Q4 - something we just might hit with the push here at the end of the year.
Best of luck to all the firms with new capital to deploy!
You can find links to example OpenAI Chat Bot capabilities below, find back issues of these videos and the written transcripts at cyberriskatdealspeed.com, and we’ll see you next week with another edition of Cyber Risk at Deal Speed.
Links
https://twitter.com/lordx64/status/1598023663328014336
https://twitter.com/lordx64/status/1598027111435890688
https://twitter.com/JusticeRage/status/1598649735362945026
https://twitter.com/hackerfantastic/status/1599077577611542528