Cybersecurity in the Age of AI - Mr. Matanyahu Englman and Mr. Gil Shwed

First, thank you everyone and thanks for the opportunity to speak to all of you. My background starts at 10 years old, when I was very curious about computers. At the age of 12, I got my first job. At the age of 14, I got a permanent job at the Hebrew University in Jerusalem, and I also started studying as a special student. I'm probably the youngest university dropout because I dropped out at the age of 17. Then, like every Israeli, I did my army service, also in the field of technology and computers. I started Check Point at the age of roughly 24, and that was 33 years ago. In the first few years, I was a developer, then I became the salesperson, and we built a company around that. I learned almost everything on the job, growing a company from three people—I started it with two amazing founders—to a company today that's almost $3 billion in revenues, more than 7,000 people in almost every country around the world.

First, if it was easy to be an entrepreneur or a manager, everybody would be that. It requires a lot of qualities. But I think what sometimes separates the people who are successful from other people that are as smart and pick up the right ideas and the right values is resilience. In order to succeed, you need to stick to your values, stick to your ideas, overcome many challenges, and you need to be very strong because most of the time people will challenge you and doubt your ability to succeed.

When I was young, yes. Most of my career, at least in the early days, I was the youngest person in the room. When I worked at university, I worked with super smart professors and I was 15. When I started Check Point, I was 24, 25, and everyone that worked with me was older, much older. The top executives we hired two or three years after we started the company were all 10, 20, and 30 years older than me. I looked very young back then, and I said, let's not discuss that. Our discussion should be on what we are trying to achieve, on what we are trying to do, not on the age.

I think that AI is one of the biggest revolutions that we ever faced. In 100 years, 200 years from now, we will know if it's a revolution or part of the overall technology revolution that we experienced in the last 40, 50 years. But I think it's a huge part and it's a huge power multiplier for humankind. If we use it right, it can advance everything we're doing as human beings in every area. From the ability to communicate—you can communicate in any language, consume things in any language, it can show it to you in text, voice, video, presentation, in every possible language. That's a huge barrier gap in education. It can tailor education to individual needs. That can be a huge multiplier for education in analyzing and consuming content and material. It will find all the information in the world and present it exactly in the format that we want to consume. AI is the newest and probably the most sophisticated one, with plenty of potential on one side, and it is also very scary, just like people were afraid of machines and computers in early days.

So we all look at many different risks. People speak about the risk to employment, that we won't need so many people. I'm less afraid of that. I think we'll just be more productive and we will use our intuition, our experience, our human capabilities in a better way and do less of the basic work that was once required from us. In the cyber space, AI is a huge challenge, but also a huge opportunity. Let's start with information leakage. If you look at the internet, people spoke about it as an information risk, and it is a risk. All the bad things that we expected to happen on the internet happened. You can break into infrastructure, steal things, kids can be exposed to wrong content, crime can be done on the internet. All of that is true. Still, I think that today, in retrospect, 30 years later, we are in a much better shape with the internet than we were before. I think the same is true for AI. The difference is that on the internet, people can get into our systems and we access public information, but we are not intentionally sending all our information. The way AI works today, it's not just that you can get access to material, you are also exporting your material. You send it to an AI agent, the AI agent reads it, and the side effect is that the information is being leaked or shared with the public. We have to understand who that public is, who is behind it, and whether they are keeping our confidential information confidential. By the way, it's not always exposing it. The AI engines can also analyze it, so they can know much more about us than before. So we need to be very cautious about how we export information, who holds it, and develop the right level of trust with the cloud AI infrastructure that keeps our information. In AI, all that process can be done a thousand times better and faster, so we won't have much time to stop it. Attackers will not necessarily break into the most vulnerable place because that's the resources they have, but they'll break into a thousand more places. That means as defenders of cyber attacks, we have to deploy tools to also be faster, which we can. Keep in mind that the job of a security analyst—there was a talk a few years ago that there are three to four million missing cyber security experts in the world. A big part of that job can be automated. AI tools can analyze more data faster, do it 24/7, much better than a human being. So human beings can supervise these tools and do a better job. On top of everything I described, which is how we use AI in traditional attacks, the attack on the AI models themselves is also very scary. You can inject or send instructions to the AI machine to do bad things, give you data you shouldn't have access to, damage the system, and so on. So how do you outsmart the AI system to cause it to do not what it's intended to do, and how do you stop that attack? Today, a lot of the CPU cycles or GPU cycles in AI are used not just to generate the right results but to filter the results so they don't do the wrong things.

If there are ways to try different methods to get into a system, before it involved very smart people that tried again and again hundreds of times until they succeeded. They worked for a week to try 100 different methods. Today, you can do a thousand methods in one minute with a tool that never gets bored because it's an AI tool, and it can have similar, sometimes even better, creativity than a human being. We are seeing that kind of attacks every day. We must make sure that—and of course what we are all afraid of is that AI will outsmart us and take over our systems. I think these things are real. We have to be careful. But like everything invented by humankind, from the discovery of fire millions of years ago to the invention of firearms not so many years ago, we have to take control over the system and make sure we use it for the right causes and limit the wrong usages. It's not easy, but it's always a new challenge. I think we can do it.

I think we all—as governments or as companies—have to understand that if we won't be there, we will be at a big disadvantage. We can't just say we're doing our job right and let's keep it the way it used to be. The world is not going to be like it used to be. By the way, we have that example. 30 or 40 years ago, it would have been hard to bring examples, but today it's very simple. If you're not on the internet, you can't be in our modern world. There's maybe one country in the world that's not internet-connected these days, and by the way, that specific country is very advanced in cyber attacks and internet, but not for their citizens. So you must be on the forefront of that. I think it's a force multiplier. If governments are faced with the fact that they need to provide more and more services faster and they don't have the resources, AI can do a great job. A lot of the job of government officers—checking what people are asking for, making sure they treat all people equally, and analyzing each request using the right criteria—AI is great at doing that. AI is not biased. It doesn't have any discrimination. You tell it the rules, you tell it the examples, and it will do the right job and give the public great service. You won't need to wait a day, a week, a month, or sometimes more to get a request from any government authority, because AI can analyze these requests in real time. By the way, if we're looking at service—and I'm always talking about service because as human beings we are consuming service 24/7—the most important factor in giving service is how fast you give it. We react emotionally very strongly. If we get an immediate answer, we say great. If it takes a week to get an answer, we believe somebody is not treating us well. AI can give us service really fast, and that will improve our good feeling about life and about government. If we trust our leaders, trust our government, because it's not waiting for two months until you're in the queue to get an answer. You'll get an immediate answer that says, this is the criteria, you follow them or you don't, that's what you should do. I think from that perspective, governments can really enjoy that kind of service. What about what-if scenarios? You can ask AI what you do. We're talking about communication. I'll give you an example. I used to write emails to our employees, giving my message to the public: this is what we need to focus on, this is what we did right, this is what we need to improve. In the past, I wrote what's on my heart, but I'm very involved and I never understood what people would get from it. So I did focus groups and let a few people read my emails and asked, what did you get out of it? Then I tested them. That cycle very few people do. Most people write and expect people to understand them, and the level of understanding is always limited. Now with AI, you write a message—by the way, you ask AI to write a message, it does a good job. Then you ask an AI agent to read the message and ask, what did you get out of it? Now you're saying, did I get the right thing? I wrote a three-page message. What are the key points you got out of it? If it's the points you wanted, you know you did a good job. If not, you improve it and change it. It's easy because you can ask AI to improve the message until the point is right. It's the same if you write a simple letter as a leader and you want the public to know what you're saying, or if you write a report that is a thousand pages long and you want to know that the typical human being will get the messages you wanted them to get. So it's easy: what's the one-page summary, ten-page summary, or one-line summary of my report? Did I convey the message? That's a tool that can be used again if you're talking about people that communicate, which is a big part of what we're doing. That's a huge force multiplier. You can test it, check it, understand the implication of delivering a certain message because you can do a simulation of how people will react. I'm sure it won't be perfect. We always talk about AI making mistakes. Sure, we also make mistakes. If you're asking me, AI probably makes fewer mistakes than human beings. It makes mistakes, and I'm checking my AI models all the time, sometimes comparing them to other sources and challenging them. It makes mistakes, but in general, AI will make fewer mistakes than human beings. We have to be aware of that. That's why it's scary. That's why it's artificial intelligence and not machines that we expect not to make mistakes. If we use it right, I think we'll get it to the right places in life.

I think for you, it's one of the professions that can benefit the most, because what you're doing is analyzing a lot of information, comparing it to regulation, comparing it to common practices, comparing it to other data. These are things AI can be a force multiplier of 100 times. The same is true for your output, which is usually a long text that most people can't read. AI can do an amazing job both writing it and analyzing the information, so you can audit and check many more systems. You can also do more checks automatically instead of asking people to check if something works. Ask an AI bot. Many systems can be checked automatically and do real-world tests. You can write the reports, summarize them, follow up on them. Even the job of following up—you can do online audit as you mentioned before. You can do it almost in every field. You can process more data, summarize it better, and most importantly, before we get to the stage where these reports get processed automatically and things are fixed automatically—which will happen not very long from now—you can do the follow-up today. If you need to take 50 points and call the body you've audited and ask what they changed, it's a very time-consuming task. Now you can do it with an AI tool that sends a reminder, checks, and maybe automatically finds out that things were fixed. If something is exposed, you can automatically do the check mark because it's not exposed anymore, and narrow down the list of changes from 50 to 30 to 20, and call again the body you need to audit until it's done. Notify the humans behind that on the progress, notify them when you don't get action. For example, if you get the right response—here is our plan—communicate it, it works, they are on it. A week or a month later, depending on your schedule, we've checked again. Progress is good, not perfect, or no progress—please help us, we've done three reminders and it doesn't work. So for your kind of organization, AI is a great tool. On top of that, you also need to audit and check for the risks. As I said, with AI, one of the risks is that all the systems are susceptible to attacks by the wrong prompts, and second, that we are exporting much more information out of our organization. In the past, if a programmer in an R&D company used to consume data from the internet and download code and materials about how to develop stuff, we were consuming information, not exporting it. Today, if I ask an AI tool to improve my code or find a vulnerability or write my code, that means my code already lives in some public cloud. Remember, today 99% of the AI infrastructure is outsourced to a few large organizations and it's in the public. So how to develop that oversight so we can trust these organizations to keep our data safe and not share it with others or use it against us? Unintentionally, they might let other people use that data against us. That's going to be a challenge that we need to stay on top of. We can't stop the revolution, and we shouldn't. I think it's a good revolution, but we must make sure we secure that revolution.

I work in the technology world, which is one of the most global worlds. You produce one product, and if it's good, it's consumed all over the world. It's one of the only areas where you have a product that is used globally. Today, almost all countries in the world are using our products. We have employees from a cultural perspective, and you still need people to localize it, sell it, service it in many countries. We probably have people on the ground in like 90 countries. Over the years, I've learned about the cultural differences and how to bridge them. The good news is that AI is an amazing tool in bridging that gap. In the past, we invested a lot of time localizing our software, translating user manuals. Today, it's all automated. You can get any material from any country. Not only that, we're not just talking about translating instructions. I can now say to my AI tools, please take that message, software, report, or risk and give me an idea how to localize it to the needs in France, Singapore, or India. AI will give me immediate ideas. It can say, you know, these people in this country culture, and you can put more cultural aspects into that. That will greatly improve the level of collaboration because in humankind, we are not sensitive enough, and we definitely don't have the knowledge as a single human person. I cannot say I'm an expert on how to communicate with people from different cultures. AI is amazing in that. You can say, how to construct that message so that people in all audiences will better understand it? AI will give you very good ideas and translate the information. So from a collaboration standpoint, that can be amazing. By the way, we are seeing today some AI tools where you can speak in your native language and people will hear it in their native language. It will make some mistakes, but probably fewer than a human translator. That's my point. I think that's a great tool for collaboration. Take our example. We are speaking here in English, and English is not our natural language. If we spoke in Hebrew and asked AI to translate it into all the languages of the people in the room, everybody would think we are native in their language. It would be much more personal because they would feel that. This test can be easily done by simple AI tools.

First, I don't know if it will take two years, five years, or 15 years. It's hard to predict. When you try to build a strategy, you may be right about the direction but never right about the timing and the impact. Global trade is something where there's nothing we consume every day that doesn't have parts produced in different parts of the world. Even with the latest challenge the world faced with COVID, the one thing that never stopped was global trade. We were stuck in our homes, consumed information electronically, but goods kept flowing with ships and planes all over the world because otherwise the world would stop. The internet connected us and we lived our life through it. If I look at AI, it will continue that revolution. We will be able to communicate much better, work together more, and create new things. People will do less routine work and more supervising sophisticated systems that do our job. We will still be needed. Our intuition, our ability to create new ideas, our personal communication will be more important because that's what we are left with. It's not about writing a long report or a thousand lines of software. It's about how we communicate that the software is great, or how we understand the feeling and behavior of our customers or the publics we serve. But we will still need the intuition to translate them into the right actions. If we work instead of eight or nine hours a day the way most people work in the Western world, and we work four days a week, our life will be better, not worse. Let's get that. If we are more productive and have enough resources to consume more things in our free time, that's good for the economy, not bad. If AI can do some of the work we are doing, and by the way, in the last few years, that's not what happened. We became more productive, but I think we're working harder in most countries. People work harder today than they used to 50 years ago. So if the risky part that we will have less work happens and we work less, I think it will be good. We need to balance it to ensure social justice and that it's divided in the right way. I think as human beings, we can do that. I don't think it's something that's not doable. The world in general, if you look at the last few hundred years, has become better. There are fewer gaps today than 50, 100, or 200 years ago. In developed countries, everybody has access to everything from food to education, something that didn't exist 100 years ago in the same country. The same is true with AI and education. Every kid in every village in India, China, Israel, or Africa can have access to the most sophisticated education. They can have a personal teacher that is AI at the highest level, no matter where they are. That can be a great force multiplier if we use it right, and I think we need to use it right.

Thank you very much.