Welcome to the forefront of conversational AI as we explore the fascinating world of AI chatbots in our dedicated blog series. Discover the latest advancements, applications, and strategies that propel the evolution of chatbot technology. From enhancing customer interactions to streamlining business processes, these articles delve into the innovative ways artificial intelligence is shaping the landscape of automated conversational agents. Whether you’re a business owner, developer, or simply intrigued by the future of interactive technology, join us on this journey to unravel the transformative power and endless possibilities of AI chatbots.
Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.
SAN FRANCISCO—US government agencies snubbed this year’s RSAC Conference, but that didn’t stop the rest of the infosec world from showing up. According to RSAC, almost 44,000 people attended, close to last year’s record-breaking attendance. The conference also boasted over 600 exhibitors touting their services in the halls of San Francisco’s Moscone Center. And more than 700 speakers contributed to over 350 sessions across tracks such as Analytics & Intelligence, Cloud Security, and The Human Element.
For an entire week, we were at the epicenter of cybersecurity’s biggest ideas, witnessing firsthand the innovations, debates, and breakthroughs that are defining the field. From eye-opening sessions to game-changing discussions, here’s a snapshot of the trends and insights that no infosec professional can afford to ignore.
As has been the case for the last several conferences, artificial intelligence was a seriously hot topic. Presenters debated whether AI agents should be treated like humans for security purposes, demonstrated that AI facial recognition is both unreliable and subject to abuse, and generally explored myriad uses for AI in security, both by cyberattackers and doughty defenders.
Securing AI with AI may not be as absurd as it sounds. Mitch Ashley, VP and practice lead analyst at Futurum Group, and Alan Shimel, founder and CEO of Techstrong Group, discussed the challenges of securing dynamic entities such as AI agents. Ashley and Shimel are well aware of the dangerous road ahead, but they claim it may be necessary. AI agents, whether we like it or not, are being widely adopted by companies. Given the inevitability of AI technology, we need to actively work to secure AI agents. Shimel and Ashley propose a layered approach where AI agents and third-party threat detection models will be necessary to place adequate guardrails on agents. Otherwise, the security implications will be catastrophic.
Securing AI with AI may not be as absurd as it sounds.
It might be worth reconsidering your next chatbot prompt, especially if it involves oversharing your personal details. Diana Freed, assistant professor at Brown University, and PHD student Julio Poveda explained how even chatbots tailored at helping domestic abuse survivors can be rife with privacy failings. Lackluster protections can result in direct technology-facilitated harm from abusers who may have access to the victim’s device. Freed and Poveda call for opt-in data storage practices, clear privacy policies, and full transparency about which third parties may have access to user data when a chatbot is used.
Anonymity may soon be a thing of the past. Jake Moore, global cybersecurity advisor at ESET, gave a demo that felt right out of Mission Impossible. He demonstrated how a pair of Meta smart glasses can be easily configured to identify individuals in real time. Moore also pointed out flaws in facial recognition technology as a whole, criticizing its early, widespread adoption by law enforcement agencies worldwide. In his provocative demonstration, he showed how easy it is to create fake bank accounts with free consumer-level tools. Next, he used deepfakes to thwart advanced facial recognition technology, avoiding detection with ease.
Government security agencies have necessarily expanded their reach into cybersecurity, and these agencies have long had a major presence at the RSAC Conference. Jen Easterly, current CEO of RSAC, was, until last year, the director of CISA (the Cybersecurity and Infrastructure Security Agency). The current administration pulled back from sending representatives, even canceling talks by speakers from the FBI and NSA, but both countries and country-sized corporations can’t ignore security.
One style of corporate security is a bit like playing whac-a-mole. An attack rears its ugly head, and the security team smacks it down. Repeat forever. According to Google threat intelligence VP Sandra Joyce, this approach is no longer valid, especially given the speed and scale that AI enables for cyberattackers. Joyce exhorted RSAC attendees to take the fight straight to the attackers, using all available techniques to make cybercrime too risky and expensive, and illustrated her point with several instances handled by her team at Google.
RSAC gave us the rare sight of four former National Security Agency directors sitting together on a stage. The NSA has long been known as the “black box” of surveillance and cyberespionage. So it was refreshing to see the directors talk, and even joke, with a startling, non-governmental frankness. But there was little to smile about. A couple of the directors noted the US is becoming dangerously “numb” to the daily cycle of data breaches and hacks. Another warned that China might be preparing to weaponize AI on a scale we aren’t ready to meet. Would a cyberattack that kills people finally shake us out of our indifference?
It wouldn’t be an RSAC Conference without sessions discussing the human elements of security. How do we design security systems that people will actually use? Why do we keep falling for phishing and other forms of fraud? A truly comprehensive security posture will necessarily incorporate an understanding of human foibles.
The US is becoming dangerously “numb” to the daily cycle of data breaches and hacks.
Ever since the first caveman tricked his neighbor into trading a pile of rocks for some tasty mastodon steaks, con men have been persuading others to act against their own interests. The fraudsters who use phishing techniques to steal data or break into networks are no different. Why don’t we ever learn? Randy Rose from the Center for Internet Security explained that the reason is built right into our brains. Drawing on a wide range of studies and sources, he showed how we’ve evolved to be influenced by various types. The solution to phishing, he noted, doesn’t lie in browbeating all employees with examples of red flags to watch for in email, especially given that AI is now eliminating those clues. Rather, we all need to elevate our thinking out of the take-it-easy, primitive style and keep our brains actively making clear observations and logical conclusions.
Considering that the conference offered more than 350 sessions, there’s no way we could cover everything. Among the interesting talks we missed were:
That’s a wrap for this year’s RSAC Conference. For more, be sure to keep up with our security coverage regularly and tune in later this year for Black Hat in Las Vegas.
Read Our Editorial Mission Statement and Testing Methodologies.
My Experience
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.
Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.
In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.
The Technology I Use
Much of the testing I do, particularly testing with real-world ransomware, is just plain dangerous. To perform such tests safely, I sequester them inside virtual machines managed by VMWare Workstation. For cross-platform testing, I use a MacBook Air, a Google Pixel 4, and a 6th-generation iPad.
I rely on my Delphi coding skills to create and maintain small applications. These include programs to check whether an antivirus correctly handled the malware it detected, launch dangerous URLs and record the security program’s reaction, and analyze the malware that I collect for use in testing. I also wrote a tiny browser and text editor for use in testing security apps that have predefined reactions for known products.
I do my writing and research on a Dell OptiPlex desktop, relying on Microsoft Word (my fingers know all the shortcuts). Many of my articles include charts and analysis; Excel is my go-to for those. When work hours end, though, I escape the bounds of Microsoft and Windows. There’s an iPhone in my pocket, I relax with my oversized iPad, and my Kindle Oasis is always loaded with the best science fiction and fantasy.
When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.
Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.
In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.
Much of the testing I do, particularly testing with real-world ransomware, is just plain dangerous. To perform such tests safely, I sequester them inside virtual machines managed by VMWare Workstation. For cross-platform testing, I use a MacBook Air, a Google Pixel 4, and a 6th-generation iPad.
I rely on my Delphi coding skills to create and maintain small applications. These include programs to check whether an antivirus correctly handled the malware it detected, launch dangerous URLs and record the security program’s reaction, and analyze the malware that I collect for use in testing. I also wrote a tiny browser and text editor for use in testing security apps that have predefined reactions for known products.
I do my writing and research on a Dell OptiPlex desktop, relying on Microsoft Word (my fingers know all the shortcuts). Many of my articles include charts and analysis; Excel is my go-to for those. When work hours end, though, I escape the bounds of Microsoft and Windows. There’s an iPhone in my pocket, I relax with my oversized iPad, and my Kindle Oasis is always loaded with the best science fiction and fantasy.
Read full bio
is obsessed with culture and tech, offering smart, spirited coverage of the products and innovations that shape our connected lives and the digital trends that keep us talking.