How would AI change Information Security / Cyber Security in next 1 to 3 years?

First, AI has already and will continue to empower adversaries, helping them target phising into automated spear-phising. It already powers meta-attacks based on iterative learning: trying anything and gradually understanding what type works. It helps generate fake content for have more realistic large scale fake profile.

AI has helped defensive capacity by identifying patterns in attacks but this is rudimentary and will continue to play catch-up for the years to come. A change in paradigm will help, by trying to think of adversaries like learning machines and building dedicated AI-focused honey pots to learn how they learn.

One good example is creating false identities to bypass facial recognition tools. This is quite an intensive domain of research and is also very facsinating because one can visualize what AI can do !

The Cyberdefence and research area is capitalising on Machine learning to do simple stuff. However companies like Dark Trace have advanced tooling commoditised to assess patterns within and external to a specific organisation. Where AI is developing is in the extended supply chain assessment of risk and risk actors as well as in the data value chain.  For the first a number of tools and capabilities exist to protect assets and mitigate attacks. Although integrating them may a different challenge to ensure systems coverage. There have been massive leaps in the IOT assessment for asset management protection and threat. (reducing the threat of Toasters).  For me the more exciting is the merger of Data governance, data and privacy protection and cyber risk assessment in the data value chain. This typically is where the Value is for cyber thieves. Here the AI maths and methods are still evolving and the mindset, culture and outside thinking is evolving.