In a new report, the Royal Swedish Academy of Engineering Sciences, together with AI Sweden and the National Cyber Security Centre, puts forward a number of new recommendations for large Swedish organisations at risk of cyberattacks.
"It's mainly about being fast now, because this threat has emerged quickly. Just a few weeks ago we saw how large AI systems surprisingly demonstrated the ability to hack into large computer systems," says Pontus Johnson, KTH professor and chairman of the working group behind the report.
He continues:
AI has the knowledge to find and exploit vulnerabilities in various systems and this is changing the threat landscape for our digital infrastructure.
“AI can help us”
Pontus Johnson says that the antidote to the new threats is to fight AI with AI.
With our few human defenders, we will not be able to keep up on the defence side. We must use AI to be able to find vulnerabilities ourselves before the attackers do. AI will also be able to help us fix the vulnerabilities that are found. AI will also be able to help us find attackers who are on their way into different systems, he says.
Furthermore, Pontus Johnson believes that what is usually called cyber hygiene must improve in order to avert the AI threat.
We need to do better with the old traditional cybersecurity work. We need to have better passwords, we need to do proper backups, and we need to update software on time.
Two actors threaten
There are primarily two different types of actors who, using AI, threaten the cybersecurity of organisations, companies and municipalities:
Nation-states and cybercriminals.
Nation states have great resources. Of particular concern is China. It is widely known that they spy a lot on Sweden and they have great AI capabilities, says Pontus Johnson.
Cybercriminals don't have as many resources. But they are opportunistic. They attack a broader segment of society. They are looking to make money and they do it through extortion. They get into a computer system and encrypt the content. Then they demand money to decrypt or not leak the information. With AI, they can attack much more than they do today.





