While artificial intelligence (AI) tech has emerged as a game-changer in cybersecurity, one senior Federal official urged a degree of caution this week by saying that AI integration could do more harm than good without following strong foundational security practices.
Gharun Lacy, deputy assistant Secretary of State for Cyber and Technology Security at the Bureau of Diplomatic Security, underscored that message on May 28 during remarks at the Public Sector Cyber Risk Conference hosted by Qualys and GovExec.
“[AI] is a big magnifying glass on who you already are,” Lacy said. “If your fundamentals are sound [and] solid, then AI makes you better. If there are cracks in the fundamentals, AI will absolutely disrupt you.”
Lacy emphasized that organizations must revisit and reinforce their cyber hygiene practices before layering in advanced technologies like AI. Basic but essential tasks, such as maintaining a comprehensive software bill of materials, are often overlooked due to their lack of appeal, he said.
“It’s not sexy. But it is critical, especially as our technology continues to advance and move quicker,” Lacy said.
AI will both “amplify your weak spots and amplify your strengths,” making it crucial for defenders to first ensure they have a strong cybersecurity foundation. This principle, he noted, applies to all emerging technologies – from AI to quantum computing to supply chain innovations.
He cautioned against the enthusiasm to “sprinkle that magic AI dust” on existing systems. “If we’re missing those critical components … AI is going to open that vulnerability wide open and amplify it,” he said.