IBM is describing their work on DeepLocker, and what it has to say about potential exploitation of artificial intelligence by criminals and other threat actors. Among the more interesting implications of their work are conclusions about AI's utility in attack. It shows considerable promise in making malware more evasive. Not only does it make attack code better at detecting and evading such useful security techniques as sandboxing, but according to IBM it can make reverse engineering malware "impossible."
We were with Cisco's Talos Group yesterday. The podcast from that session will be available shortly, but we'll share one observation from the Talos panel of experts. One of them deplored the move of the popular game Fortnite to Android, on the grounds that it was inculcating poor security habits in the children at whom it's pitched, habituating them to downloading apps impulsively and in an insecure fashion. He asked if it wouldn't be possible to do better, a call for security acculturation by design.
We hope to learn more later today about Comodo's Zero Day Challenge, intended as a riposte to what Comodo considers over-hyped and misleading claims for artificially intelligent security tools. (If we can actually hear what anyone says, that is. The floor at Black Hat is a howling bedlam that surpasses any pandemonium we've experienced at other security conferences. Our standing question the week for anyone we've spoken with: What? What's that you just said?)