AI threats pose great cyber risks to smaller companies, experts tell House panel | CyberScoop<\/title> <meta name=\"description\" content=\"Executives from SentinelOne, Protect AI and IBM Consulting provide lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ai-cyber-risks-small-companies-house-hearing\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"AI threats pose great cyber risks to smaller companies, experts tell House panel\"> <meta property=\"og:description\" content=\"Executives from SentinelOne, Protect AI and IBM Consulting provide lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ai-cyber-risks-small-companies-house-hearing\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2023-12-12T21:55:47+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1701905043g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress-next\/dist\/css\/related-posts-block-styles.min.css?m=1701205643g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1702407147g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=7dab012cdc88b5676610\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/78551\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.4.2\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=78551\">\n<link rel=\"alternate\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-cyber-risks-small-companies-house-hearing%2F\">\n<link rel=\"alternate\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fai-cyber-risks-small-companies-house-hearing%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-78551 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ai-cyber-risks-small-companies-house-hearing\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"25.727923627685\">\n<div class=\"single-article__header-content\" readability=\"32.212389380531\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/government\/\"> <span>Government<\/span> <\/a> <\/li>\n<\/ul>\n<p> Executives from SentinelOne, Protect AI and IBM Consulting provide lawmakers on the cybersecurity and infrastructure protection subcommittee with a laundry list of recommendations to better combat AI threats. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-2.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Digital generated image of html code over deep black background. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"43.719052110351\"><body readability=\"89.918066683898\"><\/p>\n<p>Attacks by malicious hackers using artificial intelligence could swamp smaller companies that are already overwhelmed by cybercrime, experts warned lawmakers during a congressional hearing Tuesday.<\/p>\n<p>Testifying before the House Homeland Security and Governmental Affairs subcommittee on cybersecurity and infrastructure protection, experts from the private sector discussed AI-related threats, including increased efficiency for malicious hackers to develop malware, <a href=\"https:\/\/cyberscoop.com\/online-influence-operators-continue-fine-tuning-use-of-ai-to-deceive-their-targets-researchers-say\/\">spread disinformation<\/a> and elevate the scale of attacks at a time when smaller businesses are constantly being impacted by hacks.<\/p>\n<p>Bringing up the famous and complex Stuxnet virus that took down the Iranian nuclear plant, Alex Stamos, chief trust officer at SentinelOne, said that developing the worm required a substantial amount of resources. With AI, Stamos warned, such operations could become less costly for attackers.<\/p>\n<p>\u201cMy real fear is that we\u2019re going to have AI-generated malware that won\u2019t need that,\u201d Stamos said. \u201cThat if you drop it inside of an air gap network in a critical infrastructure network, it will be able to intelligently figure out, \u2018Oh, this bug here, this bug here and take down the power grid even if you have an air gap.’\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Stamos also noted that in recent years, criminal cybercrime groups have become \u201cprofessionalized\u201d with the technical sophistication that one would expect from nation-backed hackers.<\/p>\n<p>\u201cThe truth is, we\u2019re not doing so hot,\u201d Stamos said. \u201cWe\u2019re kinda losing.\u201d<\/p>\n<p>Small and medium businesses, Stamos said, are \u201cnot ready to play at that level.\u201d He advocated for moving those smaller players to the cloud so there is less responsibility on individual organizations and more \u201ccollective defense.\u201d<\/p>\n<p>Stamos said that one key thing that the Cybersecurity Infrastructure and Security Agency can do is get an <a href=\"https:\/\/cyberscoop.com\/cisa-cyber-reporting-law\/\">incident reporting regime<\/a> up and running. The agency is set to require critical infrastructure owners and operators to notify them of any major cyber incident.<\/p>\n<p>The reporting is intended to fuel a better understanding of the current threat landscape, as there are few requirements currently for companies to report breaches to the federal government. Stamos did note that the Securities and Exchange Commission\u2019s own incident reporting requirements are likely to have a negative impact on cybersecurity efforts due to the \u201cover-legalization\u201d that the ruling will have.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Stamos also said that CISA should help break information silos apart, saying that one of the issues in cybersecurity is that firms \u201cdon\u2019t talk to each other enough.\u201d<\/p>\n<p>Ian Swanson, the chief executive officer and founder of Protect AI, said in his opening statement that in order to secure AI, there should be a \u201ccomprehensive inventory\u201d that lists out the \u201cingredients\u201d of AI.<\/p>\n<p>\u201cOnly then do we have visibility and auditability of these systems, and then you can add security,\u201d Swanson said.<\/p>\n<p>Swanson recommended that the Department of Homeland Security create a machine learning bill of materials and invest and protect the open source software ecosystem that AI relies on. He noted that the Biden administration should be talking to all players in the AI space \u2014 startups as well as Big Tech companies like Open AI.<\/p>\n<p>Debbie Taylor Moore, senior partner and vice president of global cybersecurity at IBM Consulting, noted in her opening statement that CISA should focus on AI education and workforce development, particularly within the critical infrastructure sectors, and share information like vulnerabilities and best practices.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cAddressing the risks posed by adversaries is not a new phenomenon,\u201d Moore said. \u201cUsing AI to improve security operations is also not new. But both will require focus and what we need today is urgency, accountability and precision in our execution.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3530997304582\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2023\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ai-cyber-risks-small-companies-house-hearing\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>AI threats pose great cyber risks to smaller companies, experts<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[384,452,293,117,439],"tags":[388,454,299,119,443],"class_list":["post-2188","post","type-post","status-publish","format-standard","hentry","category-artificial-intelligence-ai","category-cybersecurity-and-infrastructure-security-agency-cisa","category-department-of-homeland-security-dhs","category-government","category-policy","tag-artificial-intelligence-ai","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-department-of-homeland-security-dhs","tag-government","tag-policy"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/artificial-intelligence-ai\/\" rel=\"category tag\">artificial intelligence (AI)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/department-of-homeland-security-dhs\/\" rel=\"category tag\">Department of Homeland Security (DHS)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a>","tag_info":"Policy","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2188","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=2188"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/2188\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=2188"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=2188"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=2188"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":2188,"date":"2023-12-12T21:55:47","date_gmt":"2023-12-12T21:55:47","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=78551"},"modified":"2023-12-12T21:55:47","modified_gmt":"2023-12-12T21:55:47","slug":"ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2023\/12\/12\/ai-threats-pose-great-cyber-risks-to-smaller-companies-experts-tell-house-panel\/","title":{"rendered":"AI threats pose great cyber risks to smaller companies, experts tell House panel"},"content":{"rendered":"