On AI Appreciation Day, we recognize the transformative power of technologies evolving away from the public eye and outside the spotlight, such as Generative AI. However, there’s a quieter, less assuming version of AI delivering peace of mind to businesses and consumers alike operating behind the scenes: predictive AI.
Generative AI vs Predictive AI
Predictive AI analyzes large amounts of data – an unfathomable task for humans – using machine learning algorithms that can forecast future outcomes. Unlike its Generative AI counterpart, which aims to create novel content in various formats (text, audio, images, or video), it anticipates what will come next based on sophisticated algorithms and past behavior.
Where Can Predictive AI Be Applied?
There are many immediate applications for this technology, ranging from anticipating demand fluctuations for retailers, predicting shipment delays, optimizing supply chain routes, forecasting energy demands in power and utilities, assessing credit risk, flagging suspicious transactions for financial and banking institutions, and more.
One of its more visible applications is in cybersecurity, where it assists organizations in predicting attacks before they happen. The predictions produced by this technology provide organizations with the ability to make defensive decisions ahead of an anticipated incident. Running at high accuracy, this enables defenders to automate how they respond to threats, further enhancing productivity for security teams that are often challenged by the amount of incident alerts with a high mix of false positives. Examples include preventing ransomware attacks whose financial impact to organizations could reach dozens of millions.
Excelling in Threat Intelligence and Brand Protection
Defenders can see predictive AI in action through predictive threat intelligence and digital risk protection solutions. These solutions integrate with an organization’s existing security stack and enable automated action on their predictions, from identifying the threat to stopping the attack dead in their tracks before harm is done, freeing up personnel to focus on other tasks. This is no mere productivity gain: it fosters the liberation of human talent in the security operations center (SOC) to thrive and deliver value in other important activities.
In establishing correlations between behaviors and malicious associations, predictions can dramatically improve the accuracy and earliness of the content of threat intelligence feeds used by organizations to guard their networks, systems, and apps.
Predictive AI excels at predicting malicious behavior on the web, such as attempts to impersonate known brands (like banks, retail stores, utility companies, consumer goods brands, and social media platforms). For consumers, this means safer online interactions: phishing websites attempting to extract personal information or credentials can be identified and taken down before any victims are made.
Accuracy and Coverage Are Critical to Generate Value
In order to generate value, predictive AI has to be accurate. Accuracy in the predictions can be measured in false positive rates (FPR), a measurement of the rate at which the system incorrectly identifies something as a threat that is not. Traditional threat intelligence feeds measure FPRs in the range of single to double digits, according to anecdotal evidence and vendor claims. Predictive AI, on the other hand, can provide FPRs in fractions of a single digit.
It is important to understand that accuracy also depends on coverage. With a limited number of indicators, it’s easy for a threat intelligence (TI) feed to claim a false positive rate in the lower ranges. However, when one expands the predictions to cover a larger attack surface, such as the scope of the entire internet, these numbers could quickly gain scale, given the limitations of traditional methods in discriminating between malicious from non-malicious infrastructures.
To put things in perspective: premium, traditional TI feeds typically contain hundreds of thousands of domains. To cover the entire internet, a feed would contain hundreds of millions of domains, increasing the number of indicators of compromise (IOC) nearly a thousand fold. Are traditional methods that rely on detection of threats able to make accurate predictions at that scale? Not really. FPRs would multiply in the process.
Can Predictive AI Elicit New Threats Previously Unseen?
Another way to quantify how this technology changes the status quo of threat intelligence is to consider the uniqueness of the predictions made. This essentially means assessing which unmatched IOCs that such technology can obtain. A good measure of uniqueness is to compare a given predictive threat intelligence feed against consensus feeds such as VirusTotal, which aggregate indicators from more than seventy reputable, traditional TI feeds.
Low measures of uniqueness mean that the predictive feed in question might be redundant with existing sources and won’t add much to an organization considering its adoption. A high score in uniqueness means, on the other hand, that it contains findings that no other source can deliver.
Early Predictions Are Vital to Mount a Defense
Another critical way to measure the effectiveness of predictive AI is the earliness of its predictions. Predictions distinguish themselves from detections in part because they are done earlier in time, before the incident occurs. Therefore, it is vital to understand how many hours or days ahead these predictions are made when compared with traditional TI feeds. Once again, consensus feeds are key in making these measurements because they contain not only the IOC but also the timestamp of the first detection made by one of its aggregated feeds.
On average, predictive TI feeds can be more than two weeks ahead of traditional TI feeds. It turns the conceptual advantages of a prediction into a real upper hand for defenders, who now have the time to decide how to respond to the threat – a preemptive action.
When considered together, measurements of accuracy, coverage, uniqueness, and earliness help IT and cybersecurity professionals clearly differentiate between predictive and traditional threat intelligence feeds and realize the advantages of this emerging approach in their cybersecurity programs.
A Remarkable, Recent Feat
Developing a predictive AI solution is a recent, and remarkable feat. It is enabled by technologies like the cloud and the computational power that analyzes large sets of data known as graph databases. It is also a byproduct of human genius, able to devise algorithms that can uniquely identify patterns and track dynamic behaviors in the fabric of the internet that enable the accuracy of its predictions.
AI Appreciation Day serves as an opportunity to reflect on the ethical uses of AI, and its broader societal impact. Considering these concerns, predictive AI is an ally: it relies on public data, without needing confidential or personal identifiable information (PII) to make predictions. This technology can help us as a society to advance fair and unbiased use of public data while remaining compliant with regulations.
