Google’s research division Deepmind introduces a new evaluation framework that analyzes how AI makes existing attack techniques more efficient.
A new framework from Google DeepMind aims to systematically analyze the role of AI in cyberattacks and better equip security teams against emerging risks. Tests with Google’s Gemini 2.0 model show that new attack techniques rarely emerge, but existing techniques become more efficient through the use of AI. These insights should help organizations to better deploy their defense mechanisms.
From attack chain to impact score
Google DeepMind proposes an evaluation framework to map the impact of AI on cyber threats. The model analyzes how AI makes existing attack techniques more efficient, and which phases in a cyberattack consequently require extra attention. DeepMind worked with data from 12,000 known incidents where AI played a role.
The evaluation framework consists of four steps. First, representative attack chains are selected, such as phishing, DDoS attacks, or zero-day exploits. Then, a bottleneck analysis is performed: which steps in the attack chain can AI make easier or faster? Next, the team develops benchmarks to specifically measure AI performance in these phases. Finally, an impact score is determined that estimates the potential cost savings for attackers across the entire chain.
read also
Gemini Above All: Google DeepMind Keeps AI Research Behind Closed Doors
Tests with Google’s own Gemini 2.0 model show that AI primarily increases the scale and speed of attacks. New attack techniques rarely emerge, but existing tactics become more efficient. AI performs well in tasks such as reconnaissance, evasion, and maintaining access. More difficult tasks like exploit development remain complex for now.
Defense measures
The insights from the framework should help organizations to deploy defense measures more effectively. For example, it appears that AI is already reasonably successful in the installation phase and in command-and-control communication. According to DeepMind, this calls for more robust detection and response mechanisms. The framework can also serve as a basis for more realistic AI-enabled ‘red teaming’.
A notable proposal in the paper is measuring AI’s impact through a kind of “cyber inflation index”. This would indicate how AI lowers the economic threshold for cyberattacks, as less time or specialized knowledge is required.
With this framework, DeepMind aims to contribute to a more informed discussion about the role of AI in cybersecurity. It provides tools to better understand risks and proactively adapt defense to changing threats.