Artificial intelligence (AI) and machine learning (ML) have been marketed as game-changing technologies amid the climbing number of breaches, increased prevalence of non-malware attacks and the waning efficacy of legacy antivirus (AV). Yet doubts still persist, especially when they're used in siloes. For now, it appears to be a fledgling space. According to Carbon Black's Behind the Hype report on the subject, nearly two-thirds (64%) of security researchers said they've seen an increase in non-malware attacks since the beginning of 2016; and, the vast majority (93%) of security researchers said non-malware attacks pose more of a business risk than commodity malware attacks. This group of attacks include remote logins (55%); WMI-based attacks (41%); in-memory attacks (39%); PowerShell-based attacks (34%); and attacks leveraging Office macros (31%).

The research, which Carbon Black says looked "Beyond the Hype" found that the roles of AI and ML in preventing cyber-attacks have been met with both hope and skepticism. The vast majority (93 percent) of the 400 security researchers interviewed while conducting this research said non-malware attacks pose more of a business risk than commodity malware attacks, and more importantly that these are often not stopped by traditional anti-virus offerings. Mike Viscuso, co-founder and CTO of Carbon Black told SC Media UK: "Researchers have reported seeing an increase in the number, and sophistication, of non-malware attacks. These attacks are specifically designed to evade file-based prevention mechanisms and leverage native operating system tools to keep attackers under the radar." One respondent explained: "Most users seem to be familiar with the idea that their computer or network may have accidentally become infected with a virus, but rarely consider a person who is actually attacking them in a more proactive and targeted manner."

AI is helping cybersecurity but researchers are warning about over-promising. Cybersecurity pros shouldn't rely on artificial intelligence and machine learning just yet, according to a new report. The report from security firm Carbon Black, which surveyed 410 cybersecurity researchers and 74 percent said that AI-driven security solutions are flawed, citing "high false-positive rates", while 70 percent claimed attackers can bypass machine learning techniques. The respondents did not write off AI or machine learning as unhelpful but rather said that they just aren't there yet and cannot be solely relied on to make big decisions when it comes to security. AI and machine learning should be used "primarily to assist and augment human decision making," said the report.