2024 will bring new challenges to the cybersecurity industry - artificial intelligence will play a significant role.

Venafi has released its predictions for the upcoming year in the cybersecurity and cloud-native space, emphasizing that artificial intelligence will continue to introduce new threats and amplify existing risks. New threats such as AI pollution have also begun to emerge, considering that AI and machine learning operate on cloud-native infrastructures, technologies like Kubernetes pose greater risks and become bigger targets for attackers.

It is well known that artificial intelligence continues to introduce new threats to enterprises by exacerbating existing risks. However, while these trends are expected to continue, Venafi also predicts that cloud-driven developments, such as platform teams playing a larger role in cybersecurity, will emerge.

Increase in AI "pollution" attacks and digital hacker attacks

In 2024, Venafi predicts that there will be a "1000x developer" movement combined with a "1000x hacker," creating a perfect storm of vulnerabilities.

According to the company's research, the "1000x developer" movement is gaining momentum - a concept that sees developers leveraging the power of AI to increase productivity by a thousandfold, amplifying future security challenges.

Venafi sees that enterprises are already struggling, with 75% of IT and security leaders believing that the speed and complexity of Kubernetes and containers are creating new security blind spots. Additionally, 59% of respondents admit to experiencing security-related issues in Kubernetes or container environments.

Complicating matters is the rise of the "1000x hacker" - Venafi describes this as AI-enabled attackers with equal productivity and power. Kevin Bocek, Vice President of Ecosystem and Community at Venafi, states, "Organizations cannot practically hire 1000 cybersecurity experts to compete with these threats. The solution lies in embracing the power of automation that operates at machine speed."

He continues, "The only way to keep up is with the power of automation that operates at machine speed. If developers are using AI to increase productivity by a thousandfold, we need '1000x CISOs' and '1000x security architects'."

The company also predicts that 2024 will be the year of AI pollution attacks, and enterprises need to ensure the security of their data. Shivajee Samdarshi, Chief Product Officer at Venafi, states, "By 2024, AI pollution attacks will become new software supply chain attacks. Such attacks will manipulate the threat actors' manipulation of data input and output pipelines, as well as pollute AI models and their generated outputs."

Samdarshi continues, "With the use of AI in various business-critical workloads - possibly with little supervision - maintaining the integrity of these systems needs to be the utmost focus."

"Meanwhile, as major global elections coincide with the widespread adoption of generative AI, we are likely to see AI accelerating election interference in 2024. From creating convincing deepfakes to increasing targeted misinformation, the concepts of trust, identity, and democracy itself will be tested."

"This will require greater individual scrutiny and informed decision-making, as well as media platforms eradicating false content."

The importance of network resilience in the face of new technologies

Venafi also predicts that regulations in 2024 will further encroach on the development space, and the responsibility for data breaches will change.

"The language of the EU Network Resilience Act regarding liability needs to be more explicit, or people contributing to open-source code in the EU may stop," says Matt Barker, Global Director of Cloud-Native Services at Venafi. "As we enter 2024, we will see an increased focus on 'knowing your code' - supported by regulations such as executive orders on SBOMs - which means organizations will need to establish and verify the sources of the code they are using."

He continues, "Now that AI is being used to generate code, determining code origins is more challenging than ever. Those who fail to do so will soon find themselves at risk, not only from attacks but also regulatory fines."

In addition, as organizations extend security and governance between trust boundaries, by 2024, machine identities and access management will shift to the workload level.

"With increasing maturity, organizations have begun using the cloud in a more distributed manner across multiple trust boundaries, all of which contain identities that need to be managed," says Sitaram Iyer, Senior Director of Cloud-Native Solutions at Venafi.

"The challenge in 2024 will be to ensure that security controls work within the environment and can be managed consistently. This requires a strategic shift towards a more neutral, decentralized way of managing machine identities and controlling access, which can only be achieved through workload-level identity and access verification."

He continues, "Therefore, the adoption of federated identities such as SPIFFE machine identity will increase. This will enable organizations to leverage existing public key infrastructures for strong encryption across workloads, regardless of where they are running."