One factor needed to ensure data quality is subject matter expertise. Domain experts can provide invaluable feedback when deploying, for instance, machine learning for cybersecurity. "Typically, you do something with your data so that an AI algorithm can interpret it," Ramzan said. That step might involve deleting incomplete or inaccurate data or adding contextual information to an additional data set. "When you do this step, it should be geared toward allowing the algorithm to look at the data elements that matter the most and coming up with some determination about the problem you are trying to solve," Ramzan said.

As countries across the world grapple with the novel coronavirus, there has been a significant effort to integrate input from sources, from surveillance cameras to point-of-sale systems and connected health devices. The trend has highlighted the power of Internet of Things (IoT) deployments for public data collection as well as the technology's privacy-eroding potential. South Korea, for instance, has aggregated data from IoT devices and smartphones to create detailed logs of its citizens' behavior. The nation has documented where residents went, how long they stayed, who accompanied them and whether they were wearing a mask. Part of an aggressive approach, the South Korean strategy, which includes extensive testing for the novel coronavirus, has proven to be largely effective in curbing infection without closing businesses or mandating universal quarantines.

Privacy-preserving AI techniques could allow researchers to extract insights from sensitive data if cost and complexity barriers can be overcome. But as the concept of privacy-preserving artificial intelligence matures, so do data volumes and complexity. This year, the size of the digital universe could hit 44 zettabytes, according to the World Economic Forum. That sum is 40 times more bytes than the number of stars in the observable universe. And by 2025, IDC projects that number could nearly double.

When artificial intelligence is the right tool to improve security, the most important step is not choosing the right algorithm for the job. Security teams and data scientists should start with strong data sets and a clear understanding of the business goal. Zulfikar Ramzan, chief technology officer of RSA, moderated a panel on cryptography at RSA 2020 and shared this advice. Ramzan leads technology strategy for the organization and holds more than 50 patents. He said that AI and machine learning have been part of the security world for more than a decade.

That was among the takeaways from the Tuesday morning keynote sessions here at RSA 2019. "AI is the new foundation for our entire industry, it will enable us to better defend ourselves, to better detect threats, to out-innovate our adversaries, to solve other key issues," said Steve Grobman, CTO of McAfee. "But we have to ask, are we looking at AI objectively? We cannot only focus on the potential, we must also understand the limitations and how it will be used against us." Grobman continued with an example of work McAfee did in taking public safety data sets about crime and with 50 lines of python and machine learning to predict whether a crime would be committed in a specific region of the city based on certain parameters.

Artificial intelligence is emerging as a useful cyber security tool, but experts are warning companies not to view the technology as a "silver bullet". Many elements of cyber defence -- particularly monitoring large amounts of data -- can be better handled by machines than humans. "It's not so much that AI does it better, but that it works unendingly and consistently without getting tired," says Daniel Miessler, director of advisory services at IOActive, a cyber security consultancy. At present, most security teams are only looking at "a tiny fraction -- less than 1 per cent" of the data their organisations are producing, he says. In a large organisation, analysing the rest is such a monumental task that it can quickly overwhelm humans.

There is a lot of hype around artificial Intelligence, and while the technology can be useful, it does have limitations, according to RSA CTO Zulfikar Ramzan. Speaking at the Dell Technologies Experience at the South by South West (SXSW) event in Austin, Texas, on March 12, Ramzan detailed his views on AI in a session titled "AI: Boon or a Boondoggle?" "There is a tendency to think of AI as this all-encompassing panacea that can solve any problem," he said. Ramzan explained that AI can be somewhat of an abstract concept. What it basically means is that computers can be trained to be intelligent with certain kinds of tasks. Within AI, there is the subfield of machine learning, which he said is often used by people interchangeably with AI.

According to research announced during the recent Black Hat conference in Vegas, some 62 per cent of infosec pros reckon weaponised AI will be in use by threat actors within 12 months. That artificial intelligence was on the agenda at Black Hat should come as no surprise. The promise of AI, from machine learning through to automation, in cyber security has become a major marketing tool amongst vendors. The good guys are clearly investing heavily in AI-defence research, but what about the bad guys? Itsik Mantin, director of research at Imperva, points to a demonstration at Defcon last week as to how "AI can be used to design malware utilising the results of thousands of hide and seek attempts by malware to sneak past anti-virus solutions by changing itself until it finds the right fit that allows it to sneak below the anti-virus radar."

Artificial intelligence (AI) and its role in security was a hot topic at last month's RSA Conference in San Francisco. But some cold water was also being thrown on the growing tendency of vendors to use AI, especially machine learning, as marketing hype. AI indeed "moves the needle," Zulfikar Ramzan, the RSA chief technology officer (CTO), said at the conference. But, he added, "the real open question to me is how much has that needle actually moved in practice?" To cut through the marketing hype, it is necessary to understand the real capabilities and limitations of artificial intelligence in security.

Vendors at this week's RSA cybersecurity show in San Francisco are pushing artificial intelligence and machine learning as the new way to detect the latest threats, but RSA CTO Zulfikar Ramzan is giving visitors a reality check. "I think it (the technology) moves the needle," he said on Wednesday. "The real open question to me is how much has that needle actually moved in practice?" It's not as much as vendors claim, Ramzan warned, but for customers it won't be easy cutting through the hype and marketing. The reality is that a lot of the technology now being pushed isn't necessarily new.