Renowned IT expert and Finland's most well-known white-hat hacker, Benjamin Särkkä, advocates for more adventurous AI implementation while acknowledging that AI's expanding role in our global information society requires increasingly flexible, robust, and responsive cybersecurity on all levels.
Särkkä is the first to admit that he has a fascination with things some people might not find appealing—like visuals derived from horror imagery. So, when Särkkä asked ChatGPT to provide an image of a monster guarding the gates of hell, he was perplexed to find the AI unwilling and unable to complete this task.
"Rather than providing the image, the system informed me I was asking for something bad. That some eminent moral authority pulling on the strings of the AI was telling me I was a bad boy for it," Särkkä jests. His tone quickly takes a more somber tone, however.
"Now, there are a few things inherently problematic with that. One: pictures of fantastical monsters aren't an inherently evil thing. I'm an adult who can decide what kind of imagery is good for me and what isn't. Two: I had no insight, input, or control on what the moderating team at OpenAI had put in place as moral barriers halting the image from being created."
Spurred on by this, Särkkä began investigating the possibility of running an image-generating AI system on his home computer. This made him think of the relationship between dog and tail: How many other things related to AI, cloud services, and other network-centric functionalities are teaching us to use the services they provide in very specific ways—to think within and around them in specific ways? If users are forcefully led down preconceived behavior patterns orchestrated from afar, it will surely have a limiting effect on people's creativity.
Moreover, it will limit people's ability to deliver business value down the line, as their operating environment is limited and truncated by default.
We have only scratched the surface of AI implementation
Särkkä notes that he isn't the biggest fan of the current trend of AI models, whereby organizations and individuals pay companies for the privilege of acting as substitute teachers and sparring partners for their foundational language models. These models are then sold back to the people who have contributed to their development and advancement in one way or another.
"When discussing generative AI regarding images or broader use, most equate it with services like ChatGPT or Microsoft's Copilot. Cloud service providers whose technologies most are more than happy to pay for, as they are very impressive. The recently released ChatGPT 4o is nothing short of astounding. But there are significantly more use cases for AI, and there are significantly more ways of utilizing AI than what most people perceive as available and possible," Särkkä continues.
Särkkä adds, that he simply cannot envision a foreseeable future where all prevalent technology does not include AI as part of the stack somewhere along the line. Furthermore, there is a finite and steadily dwindling number of operational areas in the modern world where AI components aren't implemented or already in place. Depending on the viewpoint, this serves optimists and pessimists alike. From Särkkä's perspective, however, the path goes straight down the middle.
"What we're lacking is a balance within the discussion. These days, people tend to be either all in on AI, all in on cloud services, all in on all these new technologies, or they're holding back, thinking this is the end of the world. We need to introduce a sense of balance back into the discussion," Särkkä states.
Envisioning a purpose-built AI entity gets you halfway there
So, how does all this relate to cybersecurity, modern access management, and security solutions like SASE? Särkkä offers insight:
"Companies that want to get the most out of AI presently should start building their private cloud or invest in a stronger foundation of GPU computing power, allowing them to develop their in-house AI models. The initial investment would pay off quickly. This would enable the creation of AI models that are purpose-built, extremely efficient, freely and flexibly modifiable, legally compliant, and fully company controlled."
Companies' self-implemented AI models open entirely new possibilities for optimization and implementation, which in turn spur competitive advantage and space to develop an even more diverse range of functionalities and services. But the question is: How does this relate to cybersecurity, modern access management, and security solutions like SASE?
"Companies need to run in the cloud to get the most comprehensive and versatile benefits from AI models. This means that private cloud infrastructure must be managed and protected as robustly as possible, for which there is practically no better solution than identity management. And in that context, the best solution is SASE," Särkkä summarizes.
Usability is the heart of a well-oiled cybersecurity machine
"In terms of flexible, positively impactful solutions, Zero Trust architecture is a really good example. When I was a little cyber security professional, we talked about the principle of least privilege, now known as Zero Trust. All modern security worth its weight is identity and access management, which is at the heart of Zero Trust and thereby at the heart of SASE services," Särkkä continues.
According to Särkkä, multi-factor authentication is great, but passwordless protection is even better. Suppose biometrics can be used, again, even better. Anything that improves and streamlines the usability factor of the authentication process is an improvement. The larger the enterprise and the group of people operating under its umbrella, the greater the issue of improving usability becomes.
"We must ensure that we deal with good actors and legal entities. If we don't have reliable safeguards, the number of possible problems around this issue will only grow. Considering cybersecurity measures, it is important to note that as the field of AI implementation widens, the role of validated user identity recognition and verification increases. It is not merely important – it is vital," Särkkä concludes.
Ensure your company’s business-critical security is handled by appropriate expertise enabling better usability. Read more about DNA Data Security Services!
