Part 4: AI Threat Detection (DE.CM)
Monitoring AI Systems and AI-Enabled Attacks
Artificial intelligence is enabling new forms of cyberattacks, including:
AI-generated phishing campaigns
Deepfake impersonation attempts
Automated vulnerability discovery
Manipulation of AI models through crafted inputs
The Detect function of NIST CSF 2.0 focuses on identifying cybersecurity events quickly through continuous monitoring.
Monitoring AI Systems
Security teams should monitor:
Abnormal AI prompt activity
Attempts to bypass AI guardrails
Unauthorized API access
Changes to machine learning models
Data exfiltration through AI systems
These monitoring capabilities help identify misuse or compromise of AI platforms.
Using AI to Strengthen Detection
AI also enhances defensive capabilities.
Security tools increasingly use machine learning to:
Identify anomalous user behavior
Detect unknown malware
Correlate threat intelligence data
Reduce alert fatigue in security operations centers
AI is becoming both a target of cyberattacks and a powerful defensive tool.
William Tulaba is a cybersecurity executive and security engineering leader focused on enterprise security strategy, cloud risk, and security operations.