By Josh Goldfarb
Artificial Intelligence and Machine Learning (AI/ML) are hot topics these days.
To me, AI/ML aren’t generic solutions but tools that need to be applied to specific problems for them to be effective.
So, what are some problems that enterprises struggle with that AI/ML can help solve? While not an exhaustive list, here are a few:
Automated attacks
Automated attacks are often perpetrated by networks of bots. These attacks can lead to fraud losses, inventory manipulation, reputation damage, data theft, increased infrastructure costs, performance issues, and increased support costs, among others. Detecting and mitigating automated attacks involves understanding the difference between human and automated traffic.
While this may sound simple conceptually, in practice it is a difficult undertaking that requires a variety of different techniques. One of these techniques is the use of AI/ML—not generally of course, but instead, applied very specifically to the problem of separating unwanted automated traffic from legitimate human traffic.
Fraud
Fraud is a problem for enterprises, especially those that transact heavily online. Two forms of fraud heavily impact the digital channel are Account Takeover (ATO) and Account Opening (AO) fraud. ATO most often involves an unauthorized user taking over an account using compromised credentials, man-in-the-browser (MITB), social engineering, or some other means. AO involves another unauthorized user opening an account using stolen or synthesized Personally Identifiable Information (PII).
Reliably detecting fraud without generating a large number of false positives requires more than rule-based and signature-based fraud detection. It requires understanding the intent of the end user in the session as they interact with the online application. This entails observing and applying AI/ML to analyze the end user's behavior, their device characteristics, and the network/environment they are connecting from. This is another very specific application of AI/ML that has seen good results in practice.
API security
Enterprises have needed to push forward technologically to keep up with rapidly evolving market demands. This has entailed pushing out customer-facing applications and APIs to meet end user demands. In some cases, these applications and APIs are not adequately secured and protected before being released. In other cases, they are not properly inventoried and managed.