CyberArk Software Ltd. (CYBR) Earnings Call Transcript & Summary

Ladies and gentlemen, A reminder, that you can submit questions at any time via the Ask Question tab on the webcast page. At this time, it is my pleasure to turn the program over to your host, Tal Liani.

Great. Thank you, everybody. Thanks for joining us again. I'm excited to host CyberArk today, a leader in identity security, to discuss AI implications across cybersecurity. And we all ask the question on how would cybersecurity be impacted by AI and generative AI, both on the defense and the offense parts. And to discuss this, we'll be hosting Lavi Lazarovitz, Lavi is the Head of Cyber Research, where he leads a group of ethical hackers that examine emerging attack techniques and post-exploit methods. And Lavi and I share something unique. Both of us have names that no one can pronounce. So after even 30 years, it doesn't matter. So I'm very pleased to host Lavi. I'm sure it's going to be very interesting. The session is a presentation. And I know you're going to be interested in the presentation. Lavi is going to take us through examples. And it's about 26, 27 minutes, maybe 30 minutes. After that, we're going to open the lines for Q&A. There's no line for Q&A. As you know, you need to submit me the questions. You can submit the question throughout the presentation on the portal, and I will read it to Lavi at the end. Erica Smith, SVP, Investor Relations and ESG will also be joining us for the Q&A part. Lavi presentation will cover both the advantages and the disadvantages of AI and how it relates to cyber. So Lavi, over to you.

Thank you very much, Tal, for inviting me and for the warm welcome. As you mentioned, it's going to be super interesting [indiscernible] examples, you were one of the targets for our research here and I'll share it with anyone pretty soon. So let's get right to the session. I'm going to start with something that you probably -- you also -- you probably heard about generative AI and the recent ChatGPT developments and not only classifying data, but generating text, images, audio and so on. If you follow investment advice, you're giving them. You probably heard about the guy who has ChatGPT for the best way to invest $100 and turn it into as many dollars as possible as you see here on the screen. If you're into cryptocurrencies and Web3, you maybe thought about asking mid-journey, what does Satoshi Nakamoto, the inventor of Bitcoin looks like, like the guy here on the right. There has been a lot of buzz about AI recently and with good reasons. Generative AI is incredibly powerful and became incredibly accessible. And today, I'm here to talk to you about the attackers innovation, the other side and generative AI. So let's move on to the next slide. And this incredible leap for AI is, as I mentioned, also available for attackers. There's already been a lot of discussions on how this giant leap in AI technology is changing the threat landscape and driving attacker innovation. And as I mentioned today, I would like to share with you a few of those insights on those new attack vectors and especially the identity security perspective. And I'll do this with research and insights from CyberArk labs, where I come from and other security researchers. And Tal mentioned just a bit about what we do. I'll elaborate a little bit more. The team -- the research team and myself, we do -- if I have to admit, we have a fun job. Our job is to break things. The research team's main mission is to play the attackers, attack emerging technologies, authentication protocols, operating systems and security boundaries in general. And we also research and understand deeply new malware and recent attacks. And we use our understanding of the attack surface to shape new defense lines around identities with CyberArk product and innovation teams close by. And we also shared quite a bit of the research with the community through our blog open source tools and security conferences, and this is also a great opportunity here for me today. So let's get right to it and hop into the next slide. To help visualize where AI technology intersects with the attack chain, I'll take the commonly used MITRE Matrix which breaks down the different attack techniques to matching categories or tactics like reconnaissance, as you see here, initial access, privilege escalation and so on. I'll examine different AI-based tools, techniques and procedures. This is also called TTPs and map those TTPs to different tactics and categories while highlighting how the AI TTPs will affect us. Then I'll try to predict or I shall say, imagine, if you like my journey terminology, the upcoming effects of AI on the attack techniques and the threat landscape in a more general sense. So this is the metrics that you see here with the different categories. And the next slide. One evident intersection we've already seen is generative AI based defects used to impersonate celebrities or even U.S. presidents. The deep fix can be used for phishing or vishing, which is the voice version of phishing , which falls under the initial access category of the MITRE Matrix. And I would like to show you a quick example of how this vishing attack might look like very soon. And just imagine this, imagine me going over my deck for today with my main messages and suddenly getting a message from Tal and I see his Avatar on WhatsApp and he sends me a voice message. I want to show you how it looks like. So let's hop on to the demo video. [Presentation]

So I played the messages. I sent out messages asking where he wants the reports. And I'm thinking -- I was probably thinking to myself whether I should check with Tal or I should check with Erica, if I should really share the report, if this is really Tal. But it's not him. I trusted him, but it's not human. To create this demo, we actually used AI text-to-speech model that was trained on Tal's voice for media interviews. And believe me, I had to listen to Tal talk about Cisco and talk about his understanding interpretation of the market, which I learned a lot and also created this short and, I think, very trustable voice sample. And now you can imagine that the distance from here to getting access to sensitive information or credential is very short. And we learned a lot to -- about scrutinizing texting e-mails and be wary of phishing attacks. Obviously, not completely because many people still fall for this attack. But generally, people know that it is risky to click links and e-mails. And generative AI vishing is another instrument that is available for attackers. Now they can use AI-generated voice to get a sense of trust in their target. In this case, it was me. And I should also say, I also use the model, obviously, to get Tal's approval or to use your voice. You should hear that as well. [Presentation]

So you can imagine how such vishing can be done in scale using automated real-time generation of text and text-to-voice models. And you see that we can also generate the approvals ourselves. So super easy, I'll probably use it in the near future for other requests. I'm not. All right. Let's move on to the next slide. Another thing that we're experimenting with is real-time video and audio deep fakes that could be used not only for audio messages, but also for real-time video chatting. Now imagine getting a video call from the CFO, the CEO, asking for something in their voice and face. And I want to show you a quick demo of how that looks like. So you can play the video on the previous slide. [Presentation]

Okay. I know it probably felt a little odd. This is a recorded demo of Gal Zror which is CyberArk lab's group manager. Talking to the camera, while the model reflects Udi Mokady's image, who is CyberArk Founder and Chairman. And just imagine getting a zoom with that reflection how maybe a little bit scary at first. And obviously, how it might create trust issues for all of us. And we should also take into account that those models become more accurate, more accessible, not so much resource demanding which means that those will become more believable. The technology can create mass vishing campaigns that could boost the phishing email click ratio that is currently stands around 5% to 10%. 5% to 10% is the ratio of the number of clicks against the number of emails sent in the phishing campaign. Now think about that. Think about yourself, would you fall for such phishing or a vishing campaign? And maybe Udi's and Tal's voice was a little bit robotic, but these tools are getting better. And if you're thinking no chance, this is too basic. Then I'll say, okay, the examples that I showed you here today is still very specific and tailor and handmade. But in technology, we have this API-first approach that can actually solve this problem. It's possible to create an automated feedback loops, A/B testing, dynamic adjustments and so on. It might have not worked through you here today, but you already helped a lot. Just by giving the model inputs that you can use to -- or it can -- that can be used to correct the model. And now just imagine how many employees are there in your company, how many employees are there in Bank of America. This is the number of opportunities that threat actors have to phish or vish or get initial access. And this is just today. It will learn from this attempt failed or not and become better to offer any other victims, new test tomorrow. Now you might ask, what about using AI technology to identify AI-generated voice? And one input for you to consider is that AI models become -- as AI models become more mature, identifying AI-generated artifacts will not be trivial. It may not be a balanced equation. AI experts predict that AI-generated content will eventually be practically indistinguishable from human-created content. It's travel for the academy, much like it might be for a security professional. All right. So moving on to another intersections that we can expect, which is generative AI with biometric authentication. Now let's move on to the next slide. Let's switch from attacking the ears to attacking the eyes. Face recognition is now a common authentication option. And generative AI could be used to attack this type of authentication, providing another way for attackers to compromise an identity and gain initial access on an endpoint on the server, and here is one very interesting example for it. One exciting research done in Tel Aviv University attempted to ask whether it is possible to create a face generated by AI, at this one that you see here on the screen that could be used as a master key for all face recognition authentication protocols and faces. The researchers at Tel Aviv University used an AI model called GANs or generative adversarial networks. It differs from the model that mid journey uses, which create images based on text. The GANs model, the research was built, represents an image using a vector, just a set of numbers defining the image characteristics. It then manipulate this vector, changing it just a bit to create a different image that might match more image vectors. And let's see how it works at high level. Let's move on to the next slide. They started with a random image and represented as a vector. You see it at the top of the screen. This vector is compared to other face vectors in the image database. The comparison is then fed to the image optimizer where the magic happens essentially, the optimizer outputs a new optimized image vector, which is then used again to as a seed for the image generator to get an actual face image. And this face is compared again to all images in the database and just WASH WinS repeat. This is the process. And then to the outcome. We go on to the next slide. The outlook of this iterative process executed multiple times on different face recognition algorithms and different optimizing algorithms produced 9 sets. Those are the rows in the -- on the skin that you see. Each of 9 faces, each with its own success rate, which you can see under each image. The percent is the number of faces that match this specific face. And now to the best result. Let's move on to the next slide. The best result the research produced is a set that matched more than 60% of faces in that database. And this is remarkable. That means that with this set in hand, a threat actor has 60% chance to bypass face recognition authentication and compromise an identity. 60% means that this attack vector is viable. But still, you should say, well, this is a theoretical research. And now because this is a theoretical research, I want to show you the practical implication how a threat actor could bypass actual face recognition authentication. And to show you that, I want to focus on the research and a demo that we've done in CyberArk labs, focusing on Windows Hello, which is a common implementation of face recognition authentication. Let's run through the first part of the demo. [Presentation]

I hope that you saw that. Let's -- on the second part and continue from there. [Presentation]

All right. So I'll explain now. What you saw in this demo is that our research [indiscernible] used an evaluation board. This was the card or the chips that you see -- you saw on the table. On that card, on that evaluation board, Omer implemented a mimic of Windows Hello-compatible camera and integrated his own image vector. And now as soon as we connected the evaluation board to the laptop, the evaluation board start bombarding Windows Hello again and again with the image vector until it hits the right timing and the machine opens. And that was our proof of concept to show how bypassing authentication, how initial foothold could take place using this set of images that we've seen in Tel Aviv University research on master face. Now one question I like myself, and I also ask [indiscernible] who is CyberArk lab's Director of machine learning and AI, is why now. Generative AI models have been around about a decade now. Why did the breakthrough happened just now? And the short answer to that is simply scale. What happened recently is just the sheer scale of the learning that takes place, and I want to show you the numbers behind it. So let's move on to the next slide. The graph that you see here shows the number of parameters on the Y-axis. Each notable breakthrough model since 1950, the time aspect or the time dimension is on the X-axis. The number of parameters at each model had to process during the learning stage. Now in 2019, GPT-2 was released. The previous version of ChatGPT was based on it. And the model size of GPT-2 is about 1.5 billion parameters of text and words. In November 2022, GPT-3 came out and GPT-3 model size is about 175 billion parameters. And there is more than 100x growth in just 3 years. This is remarkable. Let's move on to the next slide. And you can probably already see that the growth here is exponential and very steep. You might also notice that the number on the Y-axis also grows exponentially, which means that the number or the model size curve here is super steep. It's extremely steep. This growth in parameters is directly connected to advances in cloud computing. And this is what changed. This is what's powering more advanced AI features and threats. And what this exponential growth means is that we should expect AI models to become better, much better, and it will happen fast. AI models will be better than getting deep fakes, in clearing face images, malware and so on. It will change the threat landscape and it will change it soon. And in other words, if you think you wouldn't fall for Tal's fake voice or Udi's deep fake face and voice that we've just heard. You should probably come to a CyberArk impact next year or just follow CyberArk labs because those things will change rapidly. And one thing that is important for me to note here is that any machine learning experts will tell you, and it's not only the size here that matters. Planning data quality is exceptionally important. As machine learning experts like to say garbage in, garbage out. And in this case, we have billions of parameters in and out. So of course, besides the sheer size of the model, there's a lot to it, what data is processed, how the data is processed, the logic of the learning models, many brilliant researchers have spent years developing those algorithms that will scale and produce highly accurate results. So it might give us all a little bit room to breathe, but not so much. Every security company, including CyberArk, are making moves now to counteract this change in the threat landscape. All right. Let's move on to the -- or back to the MITRE Matrix into the next slide. We talked about vishing and authentication bypassing under initial access. And you can also expect the curve we've just seen to produce highly effective classifying models. I'm sure you remember that last machine learning, hype cycle and security, where everyone talked about how AI will be able to identify malicious activity just by sniffing logs in network traffic. Well, and to be honest, we can expect the classifiers to be effective and allow or more effective and blue teamers and [indiscernible] to find vulnerability patterns more effectively. We have already seen plug-ins for decompilers, which is commonly used by researchers to make it easier for the researchers to analyze binary code by adding co-documentation and so on. You can expect vulnerability scanners to leverage AI capabilities, making the daunting vulnerability scanning process more effective. And we've seen GitHub Copilot and even ChatGPT, generate code. And we can, of course, expect the same with malware. AI harness for offensive campaign make an impact on the early stages of the attack and during the pre-initial foothold and during reconnaissance malware development and the initial access as we see here. Yet one thing to note here that it's not clear that AI TTPs or tools, techniques and procedures, will make any impact on the later post initial foothold stages, the privilege escalation, credential access and lateral movement. It seems that the tools, techniques and procedure used today will still be effective. And maybe most importantly, what we understand is that it appears that the identity, the authentication, the credentials will still be a prime target as we see in today's attacks. Just to add a quick note here. Microsoft recently released a report on an attack group called Storm that targeted Microsoft, and they targeted their QA engineers in a very clever way to extract sensitive credentials for customers. And so just another note or a data point to understand that the attackers are after identity still even in this AI changing threat landscape. So point is defenders still need thorough intelligence in identity security controls. And one exception to my understanding here that we see about the pre and post initial foothold stages. This exception, as you see also noted, is polymorphic malware, and I want to touch this just a bit. Let's move on to the next slide. Polymorphic malware is a malware that mutates its implementation, while keeping the original functionality intact. And until recently, malware was copolymorphic, if we change how it encrypted its different models, making it challenging to identify the malware. Generative AI opens a possibility to mutate or actually regenerate code with different implementation. So our lab research has experimented with creating the polymorphic malware using ChatGPT. And by the way, we use ChatGPT not because it's the best AI model to write code with, it's absolutely not. But because it's so accessible and was fun to play with. So let's see a quick example of it in the next slide. We asked ChatGPT to generate an information [indiscernible] and malware that fetches cookies and password once executed on our machine. And this is what we got. And I'm not going to delve into the code. Just by looking at the color coding, you can see that ChatGPT created here 2 different implementations. The right blue one, which actually worked and the left that didn't. And during the experiment, we learned that ChatGPT is an enthusiastic yet very naive developer. It will write code quickly, but it will miss the details. It might not import all libraries or other dependencies. In our case, at our first attempt, instead of just using Windows API to decrypt cookies, it just used a hard-coded password, you see on the red rectangle in line 27 password equal peanuts, the generative AI or ChatGPT just made it up. It assumed that this is the password and tried to decrypt the cookies with it. And one of the things that we learned from it based on that experience, we learned the concept of defense evasion using polymorphic malware created by AI is viable. ChatGPT didn't do a good job, but other models are doing a good job in writing code and potentially malware. And we can, of course, accept models that are trained on a huge code repositories to generate better code, legitimate or malware as mentioned. And now I want to quickly imagine with you how an information stealing campaign might look like using the polymorphic model. And I have 3 short or 3 part of a demo here, showing a campaign behind the scene. We are usually -- we're hearing more about the victims user organizations, infected with information stealing code, cryptocurrency wallets, keys and so on. And I want to show you how it might look like from the other side very soon. Let's have a look at the first part. [Presentation]

All right. So the first part of this demo, what you saw is a threat actor choosing a target, choosing the code or the malware it wants to generate, in this case, as I mentioned information stealer and our generative AI malware module starting to build that model. And it tried several times, it clearly finds a sample that works, which could be a sample that I haven't seen before in the while meaning that for security agents, it might be difficult to identify this code as malware. This is the first part. Second part will be on how it is deployed on the endpoint and stealing the credentials. So let's see the second point. [Presentation]

All right. So what we saw is our Victim Roy logging in, immediately all the cookies are stored within the browser and the malware now copying it. The last part that you'll see is a simple, what we call session hijacking where the threat actor now use the cookies to access the victim session. So let's see the third part. [Presentation]

All right. So last part, as I mentioned, was just a simple session hijacking with the most important thing -- the most -- the new thing here is how the model we generated and how it's not detected by new security agent. All right. So I want to conclude and highlight the bottom line. So let's move on to the next slide. If you're thinking about this relatively simple, yet visionary demo in the previous initial access demos, we can learn a few things. The first thing that we can learn is that AI already has and will continue to have an impact on the threat landscape. It will change how we find security weaknesses or at least how effective the process is, how code is developed and how malware is developed. It will open new opportunities for threat actors to target identities and even bypass authentication. And we saw the curve, it will get better and better and fast. And we also see that common techniques like session hijacking or DLL hijacking and other techniques for escalation of privileges or defense evasion or compromising valid credentials to an application to the bank account to [indiscernible] and so on will still be effective and in use and an identity is still a prime target for threat actors. Compromising identity will keep being the most common and effective way for threat actors to move laterally and gain access to data. And lastly, we can see that malware-agnostic defense approaches become even more critical, meaning that for any organization out there, developing a security layer that not only attempt to quarantine malicious activity, but in force preventive practices is critical and essentially around identities. Examples of this include implementing endpoint privilege security, conditional access, restricting provisions on the endpoint and so on. This malware agnostic controls, we continue increasing in value and effectiveness considering the changing threat landscape that AI brings to the table. AI will also help defenders, AI can be used to counter and -- or to counter the change in threat landscape. AI and generative AI can and should optimize security controls deployment. Imagine AI generating a policy, security policy, at least privilege policy that is fine-tuned, so it allow you to work and provides the best or optimal security. And I might mention it during the Q&A session if it comes to that. Harnessing AI to continuously optimizing security boundaries on identities, open the opportunity to build a highly effective mitigation for current and future attacks. And this is the bottom line from our research and in that deck. And now before transitioning back to Tal, I'll let Tal's deep fake clone to do that. So let's hear. [Presentation]

Lavi, you got me scared. I lost a lot of way the last few years. Next time use a better picture, please. Number two, the clone was amazing because it's not just my voice, it's also the way I speak. Like, for example, I can tell someone I hate you and then say, thanks, I always say thanks at the end, and you managed to replicate it. And by the way, for the audience, we never spoke about it. He just got my permission to use publicly available presentations or something. So it's just amazing. So I want to -- first of all, for everyone, if you have a question, please send it via the portal.

I want to ask you a few questions, actually. The #1 question I have and while we're getting some questions from the audience is, what does it mean for corporates? It looks like a giant step-up in the threat landscape. And how do corporates deal with it, meaning they need to have such different capabilities and such different capacity of defending now? How do you see it happening? It will -- the threat develop much faster than the defense basically.

So to be honest, and I think that your observation on how fast the threat actors move has always been like that. Threat actors made the move and then defenders usually had to react. We saw that, for example, when many organizations or corporates out there had to face COVID and allow remote access now for employees from remote. Suddenly or actually highlighted even more how the network perimeter is not the perimeter anymore. You can access assets from anywhere. And now something else becomes the perimeter. The entity, the identity of the employee, the service that needs to make the connection is now the focus. So in this case, and I think that you are right to say, threat actors will probably make the move to either to create a polymorphic malware or deep fakes to bypass authentication. And one of the things that we highlighted in this deck and in our research is how important it is for organizations to be malware agnostic. Many organizations out there are -- already are, to some extent, malware agnostic. They are not only looking for malware or malicious activity. They are taking action to deploy preventive controls that will give them enough buffer to deploy new defense lines or security controls that will mitigate the new and changing the threat landscape.

Got it. Your presentation is about identity coming from CyberArk, it's about the identity, it's about the risk to identity, right? All types of identity, voice and visual, et cetera. Can we -- because you're such an expert, can we expand a little bit the discussion to the threat of AI, can you take us through the threat of AI to other types of cybersecurity areas, threat injection, endpoint, even cloud protection, et cetera. We're -- where do you see the risk outside of identity, which you outlined in your presentation? Where do you see AI being a risk to cyber?

So here's my insight that I think we will see and impact other areas of security. We can expect threat groups to leverage AI just like a software company to invest in cost leadership, reduce costs when developing malware and develop or deploy new disruptors. One I think a good example for it is ransomware as a service groups. Those groups develop new ransomware, they have competition by other ransomware as service groups that sell the infrastructure in malware. And now AI becomes a major tool for them to reduce cost and to build new disruptors like polymorphic malware, for example. So one area that I expect to see change is the velocity. This is how software companies measure their effectiveness, how first they move is to see those ransomware groups, for example, ransomware evolving more rapidly. Another aspect that I think we will see AI affecting very soon is not only developing malware, but also developing the ability to evade defensive controls. So polymorphic malware was just one example. But once there are -- once threat actors are -- have an initial access to a network, they now operate. Microsoft talked about Storm, how they were affected. And nowadays, the threat actors are manually working within the network very slowly to not to be detected. And I think that a sort of a threat consultant will be one of the ways that we'll see threat actors using AI. So it will be much more difficult for threat actors or for defenders to identify threat actors once they are in the network. So sort of -- I think that the point is defense evasion. And from the threat actor side, it will be a threat actor consultant for them, if you like.

Got it. I have a question -- one last question. We don't have time. And the question is, it looks like a complicated and a very big task to defend against AI. I mean the tool is amazing for both ends of the spectrum. Do you think that the market for cyber defense in AI time would be a market of small companies or big companies, meaning can a small company lift up the kind of the hurdle of defending for AI, et cetera, and develop tools or is the requirement so big that we're only going to see kind of big companies, big cloud titans, like some very, very big companies doing it.

So I think this is a good question. So first of all, I think that the companies or the type of organizations that will benefit most from this technology is the bigger ones. Those are the enterprise because they deal with much more machines, much more logs in scale. And AI is really good in digesting data and giving context. And for stock analysts, having such technology in hand is a game changer. For smaller organizations, I think it will come because we see that OpenAI and other another developing -- AI technology developing companies, lower the bar. They lower the bar in the investment that you need to make in order to get value from it. I think that 5, 10 years ago, we had to invest a lot in the security perspective. We have to invest a lot to build a model that works for us that allow us to get an insight on malicious activity of identity within the network. Nowadays, the bar is a little bit lower. We have models on the shelf that we can use to make sense of this data. In the next few years, I think that the bar will get lower and allow smaller companies, I'd say small enterprises to also see the value with a better ROI on it.

Got it. I have to stop it here. Thank you very much, Lavi, it was fascinating, and I'm happy to hear myself and without nothing I said what I said. But if anyone has any other questions, please send it to me or directly to Erica from CyberArk. And thank you so much for the time and effort.

Thank you, Tal. Thank you for inviting me. It was a pleasure.

Great. Thanks. Have a great day.

See you all. Bye.