In Korea, there is a phrase “Kang vs Kang,” which resembles the nature of the “chicken game” theory. It describes a situation where neither side yields until one is forced to give up, putting forth every ounce of strength in the battle.
Security companies are racing to release AI-powered security products. A common feature in most of these products is the application of AI in detection functions. This is undoubtedly a highly effective and essential area for development, as AI can act as an unlimited extension of the human eye in terms of quantity.
AI now stands alongside, or sometimes replaces, humans in the fight against cyberattacks. However, it’s crucial to note that AI is also being used in cyberattacks. Moving beyond traditional, indiscriminate, and automated attacks, today’s attacks have become sophisticated machines with AI integration.
These intelligent AI attackers often confront AI defenders at the network or endpoint layers, resulting in an “AI vs. AI” battle. This scenario pits so-called “powerful AI intruders” against “powerful AI defenders,” initiating a chicken game. This dynamic can aptly be described as a “Kang vs Kang” situation in the AI era.
Delving deeper into this dynamic, AI attackers can be likened to piranhas with diminished eyesight. Once a target is identified, they initiate rapid, automated attacks based on preset methods, akin to a piranha instinctively biting into anything that crosses its path. On the other hand, AI defenders are essentially legacy machines. Despite the term “intelligence,” these AI systems lack true reasoning capabilities because they rely on a blacklist approach. AI defenders detect only those malware types specifically identified by developers and operators. Claims from AI security companies about recognizing and blocking unusual behavior or access may sound promising, but we all know the truth: even those are based on predefined case combinations. The calculation of possible scenarios is also its limitation.
Thus, in the era of “AI security Kang vs Kang,” the conclusion becomes clear: we need a whitelist approach instead of a blacklist approach. Block everything and allow only the absolute minimum, staying within what we can manage.
The emergence of AI and the growing emphasis on Zero Trust have highlighted the need for a shift toward whitelist-based security systems. This fact aligns closely with the broader trends shaping the future of security.
