SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Venafi forecasts rise of '1000x developer' & hacker threats
Thu, 30th Nov 2023

Venafi, the industrial pioneer in machine identity management, has unveiled its predictions for the cybersecurity and cloud native landscape in 2024, detailing an array of burgeoning threats and challenges on the horizon for the security industry.

“Throughout 2023, we've seen companies harness a wave of AI innovation; however, as this experimentation broadens, risks have been intensified and new threats have surfaced,” says Kevin Bocek, VP of Ecosystem and Community at Venafi. “Emerging threats such as AI poisoning and model escape have come to light, while vast influxes of generative AI code are being used by both developers and novices in ways yet to be fully comprehended. Coupled with AI and machine learning operating on cloud native infrastructure, platforms like Kubernetes are becoming increasingly attractive and vulnerable for attackers. If these issues aren’t appropriately addressed, the consequences could be far-reaching for security in 2024 and beyond.”

According to Venafi experts, two prominent phenomena are set to generate a ‘breach storm’ in 2024: the rise of the "1000x developer” and the “1000x hacker". Bocek explains, “The momentum of the ‘1000x developer’ movement – which endows developers with unprecedented productivity through the power of AI – will amplify security challenges in the forthcoming year. The velocity and intricacy of securing modern environments is formidable and, based on our research, 75% of IT and security leaders believe the speed and complexity of Kubernetes and containers create new security blind spots; 59% admit they have already experienced security-related issues within these environments.”

“The ‘1000x hacker’, an AI-fuelled adversary of equal potency and efficacy, will also ascend. It's inconceivable for organisations to hire a comparable workforce to counter these threats. The answer lies in harnessing automation operating at machine speed: if developers are harnessing AI to become 1000x more productive, we need our own ‘1000x CISO’ and ‘1000x security architect’ to keep pace,” Bocek adds.

Shivajee Samdarshi, Chief Product Officer at Venafi, predicts that 2024 will also see the advent of AI poisoning attacks, particularly targeting elections. Samdarshi notes, “In 2024, AI poisoning attacks will emerge as the new software supply chain attacks. Threat actors will manipulate data by infiltrating ingress and egress data pipelines as well as tampering with AI models and the outputs they generate. This will put even greater emphasis on individuals to scrutinise and make informed decisions as well as on media platforms to root out false content.”

Samdarshi warns, “From the creation of convincing deepfakes to an increase in targeted misinformation, the concept of trust, democracy and identity itself will be under the microscope. Securing any data being fed to AI systems through the verification of data provenance, and using technologies like code signing, are crucial in maintaining their integrity.”

Matt Barker, Global Head of Cloud Native Services at Venafi, envisages further regulatory encroachment into the development space in 2024, with potential amendments to liability for data breach in the Cyber Resilience Act. “In its present form, the Act is unworkable, particularly its provisions surrounding liability for open source code data breaches. More clarity is required in its language around liability. Without amendments, we could see a withdrawal of open source code contributions in the EU,” Barker clarifies.

Among the top predictions is the prospect of outages doubling in 2024 due to shortening machine identity lifespans. “We’ve seen recent havoc caused by certificate-related outages, with entire payment systems collapsing, leading to inability to buy groceries or refuel cars,” notes Bocek. “As certificate identity lifespans decrease, this could become increasingly common unless organisations automate their machine identity management.”