A discussion with Amazon Chief Security Officer Steve Schmidt on Cybersecurity and AI

Generative AI has become a game-changer in the field of cybersecurity, allowing both attackers and defenders to be more effective in their strategies. Steve Schmidt, Amazon’s Chief Security Officer, discussed the impact of generative AI on security at Amazon’s annual AWS re:Inforce cloud security conference. He highlighted how generative AI enables attackers to craft more effective phishing emails and solicitations, but also empowers defenders by allowing security engineers to focus on analyzing complex data and identifying potential threats. Schmidt emphasized that generative AI ultimately makes security engineers more efficient and effective in their roles.

One of the key use cases for generative AI in security is plain language summarization of complex events. Schmidt explained that security professionals often struggle to convey technical information in a way that makes sense to business leaders. Generative AI can help transform intricate technical data into a coherent story that is easily understandable to non-technical stakeholders. By leveraging generative AI for summarization tasks, security professionals can enhance communication and decision-making within their organizations.

Schmidt outlined three critical questions that companies should consider when adopting generative AI securely. First, businesses need to understand where their data is being processed and how it is secured throughout the workflow. Second, they should assess how user queries and associated data are handled, including whether the output from queries is used to further train AI models. Finally, companies must evaluate the accuracy of outputs from generative AI models and assess the relative risks associated with different use cases.

Drawing on his experience at the FBI, Schmidt emphasized the importance of understanding the motivations behind malicious activities in cybersecurity. He highlighted the parallels between espionage and hacking, noting that both are often driven by factors such as money, ideology, coercion, and ego. By focusing on the individuals behind cyber threats, security professionals can better anticipate and mitigate potential risks to their organizations.

In addition to his role at Amazon, Schmidt volunteers as an EMT and firefighter, where he gains valuable feedback and satisfaction from helping individuals in need. He explained that while working in cybersecurity can feel abstract and detached, volunteering provides him with tangible results and the opportunity to make a direct impact on people’s lives. By balancing his professional expertise with hands-on humanitarian work, Schmidt finds fulfillment in both realms and continues to bring value to those around him.

Overall, Schmidt’s insights underscore the transformative power of generative AI in enhancing cybersecurity practices and the importance of a human-centric approach to addressing security challenges. By leveraging technology to streamline security operations and focusing on the human element behind cyber threats, organizations can strengthen their defense mechanisms and safeguard against increasingly sophisticated cyber attacks. Subscribe to the GeekWire Podcast to stay updated on the latest developments in cybersecurity and technology.