No, in the second part we won’t be interviewing ChatGPT again and marveling at its capabilities.

This time we’ll take a look at the development and possibilities of AI in general and venture a glimpse into the future, which experience shows can become reality in the IT world very quickly.

Prehistory

While IT enthusiasts are used to being swept away by new hypes every day, the average IT user is still overwhelmed by the innovations of the last five years. Users expect IT to be as easy and intuitive to use as a microwave oven. But while a microwave oven follows the same logic, the sheer volume of data and possibilities in IT rarely provide simple ways to get to the goal that are understandable to the classic user.

This is where the search engine comes in, scouring the Internet with its rapidly growing volumes of data for supposedly relevant content. In a brilliant race, Google and a few competitors have gained the upper hand in this discipline in just a few years. It is no coincidence that “googling” has become the shorthand for searching the Web. And no matter how curious the query, Google delivers more or less relevant hits. Google’s algorithm determines the relevance – i.e. the order – of the usually millions of hits. This can be influenced by “Search Engine Optimization” (SEO) and/or for a fee. It is now common knowledge that this business idea works.

The Internet is the repository of human knowledge. Thanks to search engines, this source of knowledge becomes controllable and generally accessible. But is this really the case? Who still takes the trouble to study not only the “top 10” search results, but also the information that is only listed on page 100 or 100,000? And if you have the time, how do you deal with information on page 1000 that contradicts the top 10 results?

This one-way transfer of knowledge has become even more serious in social networks. Just one of many examples: When it comes to video portals, Google’s YouTube is the go-to site. To keep YouTube rolling, it is important to place ads and keep users online as long as possible. The best way to do this is to use sophisticated algorithms to determine the user’s presumed views and interests and then serve them up, i.e. confirm or even reinforce them with more similar content. And so, thanks to YouTube, an “aluminum hat” in Hintertupfingen, Germany, sometimes feels that his view of the world, however abstract, has been confirmed by seemingly millions of like-minded people.

This lopsided way of imparting knowledge has become even more serious in social networks. Just one of many examples: When it comes to video portals, nobody can get past Google’s YouTube subsidiary. To keep YouTube rolling, it is important to place ads and keep users online as long as possible. The best way to do this is to use sophisticated algorithms to determine the user’s presumed views and interests, and then cater to them, i.e. confirm them or even reinforce them with more similar content. And so, thanks to YouTube, an “aluminum hat” in Hintertupfingen, Germany, sometimes feels that his view of the world, however abstract, has been confirmed by seemingly millions of like-minded people.

All AI, or what?

So why this long digression and how does it all fit in with ChatGPT? Quite simply, the new AI-based tools like ChatGPT take knowledge transfer to the next level. The user no longer has to experiment with a string of terms in the search box to find the right content. Instead, he “chats” with an AI that provides an understandable, detailed, and grammatically correct answer to even complex questions. In contrast, a classic search engine suddenly seems as old-fashioned as the microwave oven mentioned at the beginning.

And no sooner has the ChatGPT hype started than resourceful tinkerers have tied together several AI tools into an automatic homework management system. The hype goes into the next round. This technology leaves the educator, who assigns homework for the student, perplexed and overwhelmed. After all, the report card is no longer the student’s own knowledge, but the knowledge compiled and formulated by a technology. Apart from the fact that it is difficult for the teacher to read the student’s personal knowledge from such “work”, the student hardly gains any relevant knowledge from this way of dealing with homework.

“You don’t have to know everything, you just have to know where it is,” is an adage that certainly still has its place. With AI, however, humans are almost completely relieved of the need to think. And therein lies the rub.

To the point

When we apply this thinking to the world of IT security, things get really exciting. Because program code is still generated by “flawed” humans and is therefore not flawless per se. Yes, AI can also generate code, but it still lacks the creative, value-added approach to doing so. And AI-generated code (read: buggy code) is not bug-free either. Vulnerabilities arise from errors in code. AI can both detect vulnerabilities and fix or exploit them. The dilemma here is the speed or throughput with which AI implements these capabilities. Humans are clearly at a disadvantage here.

To illustrate this, consider a practical (but hypothetical) example: Administrator “Anton” has his IT landscape under control. He uses monitoring, detection and response, and backup services, and regularly updates all systems in strict accordance with ITIL. Since he cannot do this around the clock, he has two colleagues to support him, service providers to relieve him of tedious routine tasks, and consultants to help him implement complex changes. Everyone involved works according to the same strict rules as Anton himself. Yes, I admit, the scenario is rife with irony. But let’s stay in this bubble of the ideal ITSM world for now.

Team Red

Even in this perfect world, there are still many opportunities for a potential attacker due to the flawed code. A human attacker would probably need several days or even weeks to find and exploit a vulnerability, since there are thousands of known vulnerabilities to know about and possible attack vectors to explore. This depends heavily on the skill and experience of the attacker. And the attacker would have to consider very carefully whether to waste his time and energy on Anton’s systems. If the attacker were to use AI instead, he would have at his fingertips knowledge of all the known vulnerabilities in the world, including descriptions of how to exploit them. It would suddenly be possible to examine the mass of possible entry points in a matter of minutes. The AI would thus greatly increase an attacker’s options. It no longer depends on the individual skills of the attacker. Ransomware becomes junk. Anyone can use it, almost like a microwave. And if it doesn’t work, you can just use another one.

Team Blue

On the defense side, AI can make a significant contribution as a detection and response solution. There is a reason why AI-based products are increasingly replacing traditional virus scanners. But they can only reach their full potential if they are allowed to operate unfettered. In other words, if AI is used for an attack, it is imperative that Anton also uses AI to detect the attack quickly enough and defend against it in the shortest possible time. He needs to trust that AI as much as he trusts his colleagues and service providers. AI-based detection alone is not enough; an AI-accelerated response is required. Such a response can result in the disruption of individual services or, in extreme cases, the entire IT operation. Anton can be held responsible for any miscalculation and the resulting damage. But how does this work with AI? And in the future, who will be able to understand the logical steps on the way to a potentially fatal wrong decision by an AI and ultimately evaluate it as an “error”?

Realization

We guessed it… an IT expert will have to do it again. Let’s hope that with all the AI, there will still be enough real intelligence available. Because IT professionals, their knowledge and their experience will continue to be crucial. And there is no substitute for them. A diploma may be faked by AI. But the shoulder stripes are worth nothing if the necessary knowledge is missing at the moment of probation. So please, let’s stay with it voluntarily and acquire knowledge instead of just letting the AI pass it on. That is anything but intelligent.

On our own behalf

Also intelligent: If you know of any potential IT enthusiasts who are about to be replaced by, say, AI, feel free to tip us off. We can always use reinforcements and offer many opportunities for further education in theory and practice 🚀.