The Ministry of Science and ICT is examining the need for developing security-focused AI models to counter evolving AI-based cyber threats.
During a briefing on May 8 in Gwanghwamun, Seoul, Choi Woo-hyuk, head of the Cybersecurity Policy Division, stated, "There was a consensus that the current information security system is insufficient to address threats based on AI models. We discussed the necessity of a dedicated AI model specialized in cybersecurity."
Earlier that day, the ministry held a meeting with experts from academia and industry to discuss responses to global AI companies' cybersecurity projects. Participants included firms involved in developing independent AI foundation models, such as SK Telecom, Upstage, and Motif Technologies, as well as key AI companies, the president of the Korean Society for Information Security, and chief information security officers (CISOs) from major corporations.
The ministry's position is to enhance the performance of currently available security-focused models in the short term while considering the establishment of a security response system based on independent AI models in the medium to long term.
Choi noted, "There was a consensus on utilizing independent AI models to create a security-focused AI system. We are not at the stage of finalizing a plan but are in the process of discussing its necessity." He added that a new direction for the information security paradigm will be explained between late May and early June.
The meeting also showcased a demonstration of AI-based penetration testing. The ministry and the Korea Internet & Security Agency (KISA) used Anthropic's Opus model to identify vulnerabilities in specific corporate services, leading to account theft and unauthorized access.
Choi explained, "There was a case where AI found a way to generate a new password without knowing the existing one. We confirmed the process of AI identifying vulnerabilities and accessing services after securing accounts."
According to the ministry and KISA, the test revealed a total of seven vulnerabilities. Notably, AI was able to perform what would typically take professional hackers several days in just about ten minutes.
Choi remarked, "AI identified vulnerabilities that would take professional hackers days to find manually in a short time. While it is currently not at a level that general users can easily utilize, the speed of attacks could increase as professional hackers become more adept at using prompts."
Meanwhile, on May 11, Deputy Minister Ryu Je-myung is scheduled to meet with representatives from Anthropic to discuss strategies for addressing AI-based cybersecurity threats. Choi stated, "The need for a response related to Mitos has been raised, prompting the government to request cooperation in advance."
* This article has been translated by AI.
Copyright ⓒ Aju Press All rights reserved.