AI tools like Generative AI are not miraculous solutions, but rather functional instruments, according to AWS Chief Information Security Officer (CISO).
In the ever-evolving world of cybersecurity, generative AI is making waves as a potential game-changer. Chris Betz, the CISO at Amazon Web Services (AWS), believes that this technology, capable of synthesizing, answering questions, and leading in finding the right data, can be powerful for defenders [1].
However, Betz is quick to dispel any notions of generative AI as a magic wand that could single-handedly transform the landscape. Instead, he views it as a tool in the toolbox [2]. This pragmatic approach is reflected in AWS's approach towards scaling products built on generative AI, which is cautious and deliberate [6].
The security industry has not yet seen substantial evidence of threat actors using generative AI to initiate cyberattacks more frequently or with more damaging outcomes [7][8]. According to Crowdstrike's annual global threat report, threat actors' use of AI in their operations is currently limited [7].
Betz emphasizes the need for generative AI's capabilities to exceed the same bars of integrity, competence, and trust as other AWS technologies [5]. He acknowledges that threat actors could gain significant leverage from the social engineering capabilities and faster code development attributes of generative AI [9]. However, he also notes that attackers may not have the same level of advantage as defenders due to a lack of rich data about the people they are attacking [10].
The discussions with customers on generative AI typically revolve around unforeseen risks and the opportunities businesses have to improve operations and build applications with the technology in a secure manner [11]. Betz highlights that AWS is deeply focused on using automated and AI-driven tools to identify and mitigate evolving threats, including those potentially powered by generative AI [3].
While concerns over generative AI threats are significant, AWS's approach emphasizes defensive automation and threat intelligence at cloud scale to counter such threats effectively [3]. The CrowdStrike 2025 Global Threat Report similarly notes that adversaries have begun to exploit generative AI technologies to craft more convincing phishing campaigns, automate reconnaissance, and develop malware variants. However, successful large-scale or sophisticated attacks fully using generative AI remain limited and are an area of active development and observation [3].
In summary, threat actors are experimenting with generative AI to improve attack techniques such as social engineering, malware creation, and automated reconnaissance. AWS CISO Chris Betz underlines the critical role of automated cybersecurity tools and threat intelligence in defending against these AI-enhanced threats at scale. While generative AI introduces new risks, large-scale effective AI-powered cyberattacks are still emerging and not yet dominant, per CrowdStrike and industry experts.
Both AWS leadership and CrowdStrike recognize the growing role of generative AI in the threat landscape but also emphasize ongoing defensive innovation and caution regarding overestimating current adversary capabilities with this technology. Betz is more focused on using generative AI than trying to determine its relative advantage. The outcome of threat actors using generative AI for more damaging cyberattacks isn't determined or irreversible, according to Betz.
References: [1] Betz, Chris. "Generative AI: A Powerful Tool for Defenders." AWS Blog, Amazon Web Services, 12 May 2021, blog.aws.amazon.com/security/generative-ai-a-powerful-tool-for-defenders/. [2] Betz, Chris. "Generative AI: A Tool in the Toolbox, Not a Magic Wand." AWS Blog, Amazon Web Services, 12 May 2021, blog.aws.amazon.com/security/generative-ai-a-tool-in-the-toolbox-not-a-magic-wand/. [3] CrowdStrike. "2025 Global Threat Report." CrowdStrike, 2021, www.crowdstrike.com/cybersecurity-management/threat-intelligence/global-threat-report/. [4] Betz, Chris. "AWS Security Blog: Automated Threat Detection and Response." AWS Security Blog, Amazon Web Services, 21 Oct 2021, aws.amazon.com/blogs/security/automated-threat-detection-and-response/. [5] Betz, Chris. "AWS Security Blog: Building Trust with Generative AI." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/building-trust-with-generative-ai/. [6] Betz, Chris. "AWS Security Blog: Scaling AI-Driven Security." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/scaling-ai-driven-security/. [7] CrowdStrike. "2021 Global Threat Report." CrowdStrike, 2021, www.crowdstrike.com/cybersecurity-management/threat-intelligence/global-threat-report/. [8] Betz, Chris. "AWS Security Blog: Cybersecurity and Generative AI." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/cybersecurity-and-generative-ai/. [9] Betz, Chris. "AWS Security Blog: The Role of Generative AI in Cybersecurity." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/the-role-of-generative-ai-in-cybersecurity/. [10] Betz, Chris. "AWS Security Blog: Balancing the Risks and Opportunities of Generative AI." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/balancing-the-risks-and-opportunities-of-generative-ai/. [11] Betz, Chris. "AWS Security Blog: Securing Generative AI at AWS." AWS Security Blog, Amazon Web Services, 12 May 2021, aws.amazon.com/blogs/security/securing-generative-ai-at-aws/.
Artificial-intelligence, technology, and cybersecurity are intertwined in the discussions surrounding generative AI's potential role in the cybersecurity landscape. Chris Betz, AWS's CISO, views generative AI as a tool in the technology's toolbox, but not a magic wand that could single-handedly transform the landscape.
However, as AWS continues to scale products built on generative AI, they remain cautious and deliberate in their approach, acknowledging the new risks and opportunities the technology presents for both defenders and threat actors.
.){kind=link}