Cybersecurity Races to Unmask New Wave of AI Deepfakes
RSA CONFERENCE 2024 – San Francisco – Everyone’s talking about deepfakes, but the majority of AI-generated synthetic media circulating today will seem quaint in comparison to the sophistication and volume of what’s about to come.
Kevin Mandia, CEO of Mandiant at Google Cloud, says it’s likely a matter of months before the next generation of more realistic and convincing deepfake audio and video become mass-produced with AI technology. “I don’t think it’s [deepfake content] been good enough yet,” Mandia said here in an interview with Dark Reading. “We are right before the storm of synthetic media hitting, where it’s really a mass manipulation of people’s hearts and minds.”
The election year is of course a factor in the expected boom in deepfakes. The relative good news is that to date, most audio and video deepfakes have been fairly simple to spot either by existing detection tools or savvy humans. Voice-identity security vendor Pindrop says it can ID and stop most phony audio clips, and many AI image-creation tools infamously fail to render realistic-looking human hands — some generating hands with nine fingers, for example — a dead giveaway of a phony image.
Security tools that detect synthetic media are just now hitting the industry, including that of Reality Defender, a startup that detects AI-generated media, which was named the Most Innovative Startup of 2024 here this week in the RSA Conference Innovation Sandbox competition.
Source: Mandiant/Google Cloud
Mandia, who says he is an investor in a startup working on AI-generated content fraud detection called Real Factors, says the main way to stop deepfakes from fooling users and overshadowing real content is for content-makers to embed “watermarks.” Microsoft Teams and Google Meet clients, for example, would be watermarked, he says, with immutable metadata, signed files, and digital certificates.
“You’re going to see a huge uptick of this, at a time when privacy is being emphasized” as well, he notes. “Identity is going to get far better and provenance of sources will be far better,” he says, to guarantee authenticity on each end.
“My thought is this watermark could reflect policies and profiles of risk that each company that creates content has,” Mandia explains.
Mandia warns that the next wave of AI-generated audio and video will be especially tough to detect as phony. “What if you have a 10-minute video and two milliseconds of it are fake? Is the technology ever going to exist that’s so good to say, ‘That’s fake’? We’re going to have the infamous arms race, and defense loses in an arms race.”
Making Cybercriminals Pay
Cyberattacks overall have become more costly financially and reputation-wise for victim organizations, Mandia says, so it’s time to flip the equation and make it riskier for the threat actors themselves by doubling down on sharing attribution intel and naming names.
“We’ve actually gotten good at threat intelligence. But we’re not good at the attribution of the threat intelligence,” he says. The model of continuously putting the burden on organizations to build up their defenses is not working. “We’re imposing cost on the wrong side of the hose,” he says.
Mandia believes it’s time to revisit treaties with the safe harbors of cybercriminals and to double down on calling out the individuals behind the keyboard and sharing attribution data in attacks. Take the sanctions against and naming of the leader of the prolific LockBit ransomware group by international law enforcement this week, he says. Officials in Australia, Europe, and the US teamed up and slapped sanctions on Russian national Dmitry Yuryevich, 31, of Voronezh, Russia, for his alleged role as ringleader of the cybercrime organization. They offered a $10 million reward for information on him and released his photo, a move that Mandia applauds as the right strategy for raising the risk for the bad guys.
“I think that does matter. If you’re a criminal and all of a sudden the whole world has your photo, that’s a problem for you. That’s a deterrent and a far bigger deterrent than ‘raising the cost’ to an attacker,” Mandia maintains.
Law enforcement, governments, and private industry need to revisit how to start identifying the cybercriminals effectively, he says, noting that a big challenge with unmasking is privacy and civil liberty laws in different countries. “We’ve got to start addressing this without impacting civil liberties,” he says.