Leading cyber security AI company Darktrace has a system that learns what normal behaviour looks like for a network and identifies deviations from that norm to detect new attacks that haven’t been seen before. SJUK meets Chief Technology Officer and Co-Founder, Matt Dunn to find out more.

In 2024 a lot of companies want a slice of the pie when it comes to AI, and most are talking about it.

“The problem is, not all AI is created equal,” says Matt. The right type of AI trained on the right type of data must be applied to the right security problem.

“Using data to try and understand the world isn’t new.

“AI and machine learning are only just the latest generation of statistical techniques to try and help humans understand complex situations.

They really do have quite a rich heritage and are getting very smart, but it’s important to know the differences.”

Matt explains that 99% of AI we see on the market, from the giant LLMs (large language models) in use by Open AI and Meta to the budding fin-tech start up are about providing some output based upon patterns the system has already learned about.

People are using GPT to write everything from their school essays to respond to business emails.

The reason why it can do that, as well as some very clever mathematics and CPU power, is because GPT has learned from an awful lot of other school essays and business correspondence, so it knows what they should look like.

One business email will look very much like another business email.

The problem with applying AI to the cyber problem, is that method will only take you so far, says Matt. “You want your AI to respond to attacks, so you teach it what attacks look like, right? This is the problem.

“The bad guys know that the longer you use an attack, the more likely it is to get caught. If the AI that is defending you only learnt on last month’s attacks, then that’s what it can stop, last month’s attacks.

“The bad guys know this and will spend every effort to continually alter their methods.

“They have a new helper too. Ironically, it’s AI. The same tools that are being used to generate school essays on Shakespeare can and are, being used to generate new attacks faster than ever before.”

What’s the solution?

According to Matt many cyber defence solutions have chosen to streamline their AI pipelines, trying to get the latest attacks learnt as fast as possible and then apply that learning to defend others.

This isn’t a bad approach. But it’s not quite enough.

Matt tells us that the average time from initial release of email threat to detection has risen from 3.5 days in 2018, to 13 days in 2023.

In short, this means the bad guys are winning.

Staying several steps ahead

Darktrace’s approach is different, says Matt.

Instead of relying on learning on attack data – which, by the time you see it, is already out of date – you learn on what normal looks like and then look for deviations from that norm.

“You would expect the police to arrest anyone breaking into your house, not just those on the ‘most wanted’ list or those wearing a mask and a stripey top”, Matt explains.

“To do that you need to understand what is normal for the house, not just what burglars look like.”

It was a significant departure from the rest of the industry when Darktrace was founded back in 2013 and it has earned the company pole position in both cyber and AI industries globally. 

But how important is Darktrace’s roots in European technology? Very important, according to Matt.

“Starting a Cyber AI business in the UK, specifically Cambridge, was incredibly beneficial.

“At the start it was our close connections with technology that emerged from academic study and, of course, access to incredible talent leaving the university.

“This was particularly important when, back in 2013, AI was either something you would hear about in science fiction or at an academic conference on statistical processing.”

Have things changed? “Absolutely” says Matt. “AI has gained a lot of acceptance in the last ten years. People were naturally wary at the start, but now we’ve seen rapid adoption.

“The importance of Cambridge is one thing that hasn’t changed. Cambridge attracts some of the best mathematicians and engineers from all over the world and 95% of our R&D is based there for a reason.”

Public and industry opinion, of course, has changed radically.

It’s very hard to find a company that doesn’t claim some involvement of artificial intelligence in their product.

The problem, according to Matt, is that AI is, at best, loosely defined. “There are lots of companies doing some exceedingly good research in AI. But AI is not a single discipline.

“There are as many flavours of AI as there are of mathematical algorithms.

Also, there are plenty of off-the-shelf varieties that can play little involvement in the actual output of a product.

“I think people need to stop asking, how good is your AI? But instead think about whether it works or not.

“AI and machine learning were created to help do things at a scale and speed that humans cannot.

“If the AI in question doesn’t achieve that, doesn’t make the task easier, then it doesn’t justify its existence. It doesn’t matter how clever it is.”

Where does Darktrace see the future of AI in the cyber industry? “I think we’ve actually only just started”, says Matt, “So far, the focus has always been on the whack-a-mole style of defence. You wait for a bad thing to happen, then you hit it.

“Then wait for the next bad thing. It’s, of course, something we have to do, but it’s never-ending, it’s a fight you can never win.

“I think far too little attention has been given to the shift-left mentality.

“If you have intelligent systems that are aware of how everything in your organisation fits together, you can really put those systems to better use.

“What we really need are systems that are secure and immune by default.

“I think we’ll see significant advances in areas like risk and resilience and that are self-hardening. AI systems have so much more potential than just playing ‘tag’ with attackers”.

About Matt Dunn

Matt Dunn is a founding member of Darktrace and the CTO of Europe in the R&D headquarters in Cambridge.

With over 25 years’ experience in data science, security and engineering Matt oversees the development of Darktrace’s cyber security products and AI/ML operations.

Twice recognised by the Royal Academy of Engineering MacRobert Innovation Award Committee for outstanding innovation, Matt continues to work closely with organisations to foster innovative technology from the UK and Europe.

This article was originally published in the May Edition of Security Journal United Kingdom. To read your FREE digital edition, click here.