{"id":7086,"date":"2026-04-17T20:06:09","date_gmt":"2026-04-17T20:06:09","guid":{"rendered":"https:\/\/www.europesays.com\/ai\/7086\/"},"modified":"2026-04-17T20:06:09","modified_gmt":"2026-04-17T20:06:09","slug":"time-for-government-business-leaders-to-figure-out-ai-cybersecurity-regulation-harvard-gazette","status":"publish","type":"post","link":"https:\/\/www.europesays.com\/ai\/7086\/","title":{"rendered":"Time for government, business leaders to figure out AI cybersecurity regulation \u2014 Harvard Gazette"},"content":{"rendered":"<p>As new agentic AI models continue to come online, cybersecurity experts laud their ability to sift through vast quantities of data quickly and autonomously \u2014 making them great tools to help fight cybercrime.<\/p>\n<p>But, they warn, those attributes could also be put to work by bad actors to hack systems and risk our personal data, our economy, and our national security.<\/p>\n<p>A group of <a href=\"https:\/\/events.seas.harvard.edu\/event\/agentic-ai-and-cybersecurity-threats-governance-and-strategy\" rel=\"nofollow noopener\" target=\"_blank\">cybersecurity experts were recently brought together for a Berkman Klein Center for Internet and Security<\/a> discussion, during which all agreed that it\u2019s high time for business and government leaders to regulate the tech \u2014 before it\u2019s too late.<\/p>\n<p>Cybercrime, <a href=\"https:\/\/www.ibm.com\/reports\/threat-intelligence\" rel=\"nofollow noopener\" target=\"_blank\">recent data from IBM shows,<\/a> is rising rapidly. According to a 2026 study, the company found that cyberattacks aimed at public-facing software and systems applications \u2014 many of which utilized AI \u2014 had a year-over-year increase of 44 percent.<\/p>\n<p>High-profile attacks include the November data breach of Anthropic \u2014 the AI company behind the Claude Code assistant. Attackers were able to use their own AI models to scan for weak spots in its source code and publish its inner workings.<\/p>\n<p>\u201cThe unfortunate thing is that the bad people only have to win once in some sense, whereas the defenders have to win all the time,\u201d said James Mickens, Gordon McKay Professor of Computer Science. \u201cTo me, at least, that\u2019s a concerning aspect of what it means to think about agentic cyber security, attacks and defenses.\u201d<\/p>\n<p>Moreover, <a href=\"https:\/\/cybernews.com\/cybercrime\/shinyhunters-link-sso-vishing-attacks-okta-paywall\/\" rel=\"nofollow noopener\" target=\"_blank\">cybercriminals have made alarming progress in phishing attacks<\/a> over recent months, using AI to fine-tune targets and craft messages.<\/p>\n<p>\u201cA year ago, we still had email messages in our inbox that had misspellings that were not colloquial English, that were easy to identify if you were vigilant. Now, all those signals are gone.\u201d<\/p>\n<p>Robert Knake<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" height=\"683\" width=\"1024\" src=\"https:\/\/www.europesays.com\/ai\/wp-content\/uploads\/2026\/04\/040326_Risk_Cybersecurity_0158.jpg\" alt=\"Robert Knake.\" class=\"wp-image-426773\"  \/><\/p>\n<p>\u201cA year ago, we still had email messages in our inbox that had misspellings that were not colloquial English, that were easy to identify if you were vigilant. Now, all those signals are gone,\u201d said Robert Knake, panelist and partner at Paladin Capital, a cyber-venture capital group.<\/p>\n<p>Knake also served as the first deputy national cyber director for strategy and budget in the newly created Office of the National Cyber Director at the White House from 2022 to 2023.<\/p>\n<p>In Knake\u2019s view, the federal government needs to start requiring the private sector to take greater steps to prevent attacks that jeopardize consumer and national safety.<\/p>\n<p>\u00a0\u201cWe\u2019re not at a place where we can say any error in your software that leads to a harm, you need to be responsible for. That will kill off software development,\u201d he said. \u201cBut we could create a safe harbor in which we say, if you\u2019ve done \u2026 these basic things, like using the most current and known secure version of an open-source package \u2026 you should not be held liable for a bad outcome from your software. If you haven\u2019t done them, you should be.\u201d<\/p>\n<p>According to Mickens, this type of regulatory scheme may be easier said than done \u2014 especially as the cybersecurity landscape continues to change.<\/p>\n<p>For decades, he said, tech companies like Microsoft and Amazon have included stopgaps in their codes to prevent traditional internal security breaches, without formal government regulation.<\/p>\n<p>\u201cThe big difference with AI is that the threat model changes,\u201d Mickens said. \u201cEssentially, there\u2019s some human in a chair that\u2019s outside of the data center who\u2019s sending evil commands to the code that\u2019s running in the data center and otherwise trying to trick it into being evil with AI.\u201d<\/p>\n<p>Any conversation on mandating security measures against outside forces and AI will have to clearly define the liabilities at stake and the types of hardware and software that would ensure compliance he added.<\/p>\n<p>Josephine Wolff, associate dean for research and professor of cybersecurity policy at the Fletcher School at Tufts University, added that regulation could become especially tricky if the private sector is asked to be proactive in finding vulnerabilities across large networks.<\/p>\n<p>\u201cDocumentation and inventories are both really important and really hard,\u201d she said. \u201cCan you inventory all of the code that\u2019s running on your computers so that if there\u2019s a vulnerability, if something goes wrong, you can at least know where you need to look?\u201d<\/p>\n<p>But while the liability piece remains murky after online systems are breached, all the panelists agree that companies should not be responsible for retaliation against the hackers. A school of thought in combatting cybercrime argues firms that are hacked may be in a unique position to \u201chack back.\u201d<\/p>\n<p>\u201cI think that the more actors you have out there in the name of self-defense, intruding on other people\u2019s networks, the less likely you are to de-escalate anything,\u201d Wolff said. \u201cThe idea that you\u2019re going to bring in the private sector and have that lead to anything but greater chaos seems hopelessly optimistic to me.\u201d<\/p>\n<p>Moreover, she added, the idea that large companies like Google and Microsoft would make sophisticated surgical strikes to take down small clusters of servers launching denial of service attacks at them is unlikely.<\/p>\n<p>\u201cI think you would have a whole bunch of much crazier firms with many fewer lawyers feeling like, here\u2019s our opportunity to take on North Korea. And that doesn\u2019t seem to me like a safer world.\u201d<\/p>\n<p>Mickens imagines a world in which offloading retaliation efforts to the private sector could also lead to corporations running unmanned agentic firewalls.<\/p>\n<p>\u201cIt sees an intrusion, traces the hackers back to London, Berlin, and then does something offensive. I think that world very quickly degenerates into essentially high-frequency trading, except now in cyber security, where you just have a bunch of algorithms going back and forth and reacting to each other in very real time,\u201d he said. \u201cI don\u2019t think we want to get into that world for the same reason that, in general, we don\u2019t want to sort of deputize vigilantes in the physical world.\u201d<\/p>\n<p>And as for combating <a href=\"https:\/\/edition.cnn.com\/2024\/02\/04\/asia\/deepfake-cfo-scam-hong-kong-intl-hnk\" rel=\"nofollow noopener\" target=\"_blank\">phishing scams bolstered by AI<\/a>, the panelists imagine a world, equally obscure at present, that would allow genuine human identities to be verified online.<\/p>\n<p>\u201cThis has been a problem in the ecosystem going back 30 years,\u201d Knake said. \u201cI think that the threat of AI just means that we are going to have to know with certainty who we are dealing with, and that it is a real person if they are claiming to be a real person, so that we can trust who you\u2019re engaging with.\u201d<\/p>\n<p>Mickens added that while digital identification could be a viable option to combat cybercrime moving forward, it may hit some roadblocks because of how consumers use the internet.<\/p>\n<p>\u201cOne reason digital IDs have traditionally struggled is that there are many scenarios in which someone wants to be identified as part of their identity, but not the full identity,\u201d he said. \u201cFor example, if I\u2019m the victim of domestic abuse or I\u2019m a runaway kid or whatever, I may want someone to know I am a human but I don\u2019t want them to actually know my real name. I want the things that I say to be associated with a particular pseudonym consistently, but I don\u2019t want it to be my real name. Those types of practical problems would need to be solved to make some of these proposals real.\u201d<\/p>\n<p>Overall, tech companies and government agencies are facing constant changes in AI capabilities. Along with the changes come both challenges and opportunities to harness technology.<\/p>\n<p>\u201cThe ability to have agentic AI essentially sitting over your shoulder, on your phone, on your computer, looking at everything you\u2019re doing and saying this certainly looks like it\u2019s a kill chain for a fraudulent scheme, is there,\u201d Knake said. \u201cWe can do this. We just need to find the right market players who will make that investment and build that technology.\u201d<\/p>\n","protected":false},"excerpt":{"rendered":"As new agentic AI models continue to come online, cybersecurity experts laud their ability to sift through vast&hellip;\n","protected":false},"author":2,"featured_media":7087,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2],"tags":[1691,24,25,309,6381,597,2594],"class_list":{"0":"post-7086","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-ai","8":"tag-a-i","9":"tag-ai","10":"tag-artificial-intelligence","11":"tag-business","12":"tag-computers","13":"tag-government","14":"tag-law"},"_links":{"self":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/7086","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/comments?post=7086"}],"version-history":[{"count":0,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/posts\/7086\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media\/7087"}],"wp:attachment":[{"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/media?parent=7086"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/categories?post=7086"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.europesays.com\/ai\/wp-json\/wp\/v2\/tags?post=7086"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}