AI is too risky for hackers, says former GCHQ boss

Robert Hannigan suggests that the technology isn't worth the trouble for state-sponsored attackers

The former head of GCHQ, Robert Hannigan

Robert Hannigan, the former head of GCHQ, has said that there is very little evidence of artificial intelligence (AI) being used in cyber crime or terrorism.

Hannigan was speaking at an event hosted by the London Office For Rapid Cybersecurity Advancement (LORCA), where he delivered a keynote on the so-called 'myths' and 'buzzwords' around AI in cyber security. 

In his opinion, while AI has transformed many aspects of modern life, it is yet to prove all that useful to state-sponsored hackers. He suggested there were not enough benefits to outweigh the "trouble" of investing in the technology for malicious purposes.  

"The cyber industry is great at scare stories, and I've read lots and lots of scare stories about criminal groups and even terrorists using AI, and to be honest, I've seen virtually no evidence for this at all, with a couple of exceptions," Hannigan said. "I would say that I think it's again a confusion with automation."

He added that AI would likely form a part of a hackers arsenal in the near future, but right now it simply presented too much "risk". As an example, he cited the SolarWinds hack, which he said was sophisticated but also appeared to be "hand-curated". 

"You can understand why the attackers might have wanted to do that, in order to hide themselves," Hannigan said. "And doing it at the scale, and going to the trouble of doing it through AI would probably be at high risk for them."

From there the subject of AI in cyber security flipped, with Hannigan expressing concerns about the security of AI. He said the issue was "high on everyone's list" because technologies such as driverless cars and automated medical diagnostics were rapidly becoming the norm. 

"The data is a huge vulnerability, and there have been lots of studies on so-called data poisoning, adversarial models, which basically say, we can trick the machine into misdiagnosing, for example, an MIT study on chest X rays," he said. 

"And if you have a malicious actor, or even an accidental actor, it is perfectly possible to see how data poisoning or incorrectly categorised data can lead the machine to do something completely wrong with potentially very serious consequences."

Featured Resources

Modern governance: The how-to guide

Equipping organisations with the right tools for business resilience

Free Download

Cloud operational excellence

Everything you need to know about optimising your cloud operations

Watch now

A buyer’s guide to board management software

Improve your board’s performance

The real world business value of Oracle autonomous data warehouse

Lead with a 417% five-year ROI

Download now

Recommended

Nigerian cyber criminals target Texas unemployment system
cyber security

Nigerian cyber criminals target Texas unemployment system

27 May 2021
Hackers use open source Microsoft dev platform to deliver trojans
Security

Hackers use open source Microsoft dev platform to deliver trojans

14 May 2021

Most Popular

Dell XPS 15 (2021) review: The best just got better
Laptops

Dell XPS 15 (2021) review: The best just got better

14 Jan 2022
Sony pulls out of MWC 2022
Business operations

Sony pulls out of MWC 2022

14 Jan 2022
UK businesses urged to join four-day working week trial
Business operations

UK businesses urged to join four-day working week trial

17 Jan 2022