I’m still hoping that the somewhat irrational anger towards “AI” stuff subsides
I think this anger is linked to the irrational exuberance for “AI”.
Personally, I kinda hate AI. Not because of any sort of fear of job loss or anything like that. It’s because “AI” has been rolled out heavily in the Cybersecurity space, making my work life hell because of it. Models are only as good as their training and this means that any AI model which is going to spot anomalies in a network needs to spend a good amount of time being trained. However, what the vendors sell are touted as unsupervised models. They just need to spend a while on your network and they can automagically learn what “normal” is and then alert you on “abnormal”. This ignores the fact that you still need your analysts chasing false positives constantly from this black box. And that “black box” aspect is a major problem. You’ll get an AI/ML based alert with exactly fuck all in detail on why the alert triggered. If you’re lucky, you might get a couple log entries along with the alert, but nothing saying why those entries are suspicious.
I will grant that, there are a few cases where the “AI” in a product has worked. Mostly, it’s been in language processing. Heck, having an AI half-write a function for you in a tool you don’t use very often is quite nice. You almost always need to rework the results a bit, but it can get you started. But, my first question for any vendor talking about “AI Detections” is “how do we tune false positives?”. It’s just too big of a headache. And most of them try to downplay the need or dodge the question. Or, you have to babysit the model, effectively making it a supervised model. Which, fine. Just stop telling me how much time it’s going to save me, when I’m going to spend more time supervising the model than searching for threats in my environment. And, for fucks sake, design that shit to explain itself.
As for putting AI in my system. I can see a use case for language processing. Heck, I’d love to have the Star Trek style, “hello computer…” type stuff actually work worth a damn. Google and Siri are pretty close, though even those can be shit on toast when trying to do anything slightly complex. And having all that done locally, without having to send data “to the cloud” sounds great for privacy and security (until MS adds a keylogger as part of the OS). But, given how much time my GPU sits at or very near idle, I do wonder if the extra chip is worth the silicon or space.
In the end, I’m expecting this to go much the way TPM has. We’ll all end up with it in our systems, whether or not we know, care or use it. All because manufacturers just start soldering it on to everything. Maybe someone will find a good use for it eventually, distributed AI porn, maybe? But, like a lot of AI, it seems like a solution in search of a problem.
I think this anger is linked to the irrational exuberance for “AI”.
Personally, I kinda hate AI. Not because of any sort of fear of job loss or anything like that. It’s because “AI” has been rolled out heavily in the Cybersecurity space, making my work life hell because of it. Models are only as good as their training and this means that any AI model which is going to spot anomalies in a network needs to spend a good amount of time being trained. However, what the vendors sell are touted as unsupervised models. They just need to spend a while on your network and they can automagically learn what “normal” is and then alert you on “abnormal”. This ignores the fact that you still need your analysts chasing false positives constantly from this black box. And that “black box” aspect is a major problem. You’ll get an AI/ML based alert with exactly fuck all in detail on why the alert triggered. If you’re lucky, you might get a couple log entries along with the alert, but nothing saying why those entries are suspicious.
I will grant that, there are a few cases where the “AI” in a product has worked. Mostly, it’s been in language processing. Heck, having an AI half-write a function for you in a tool you don’t use very often is quite nice. You almost always need to rework the results a bit, but it can get you started. But, my first question for any vendor talking about “AI Detections” is “how do we tune false positives?”. It’s just too big of a headache. And most of them try to downplay the need or dodge the question. Or, you have to babysit the model, effectively making it a supervised model. Which, fine. Just stop telling me how much time it’s going to save me, when I’m going to spend more time supervising the model than searching for threats in my environment. And, for fucks sake, design that shit to explain itself.
As for putting AI in my system. I can see a use case for language processing. Heck, I’d love to have the Star Trek style, “hello computer…” type stuff actually work worth a damn. Google and Siri are pretty close, though even those can be shit on toast when trying to do anything slightly complex. And having all that done locally, without having to send data “to the cloud” sounds great for privacy and security (until MS adds a keylogger as part of the OS). But, given how much time my GPU sits at or very near idle, I do wonder if the extra chip is worth the silicon or space.
In the end, I’m expecting this to go much the way TPM has. We’ll all end up with it in our systems, whether or not we know, care or use it. All because manufacturers just start soldering it on to everything. Maybe someone will find a good use for it eventually, distributed AI porn, maybe? But, like a lot of AI, it seems like a solution in search of a problem.