KT Joins NATO's Largest Cyber Exercise to Defend Against AI Attacks

KT has participated in NATO's largest cyber exercise, 'Locked Shields,' as the sole domestic mobile carrier. During the drill, KT's Red Team showcased advanced cyberattack defense capabilities utilizing artificial intelligence (AI). KT explained that with recent cyberattacks rapidly changing in speed and scale by employing AI, the defense side must also respond with AI to effectively mitigate them. The KT Red Team diagnosed that the spread of generative AI has evolved cybersecurity into a 'complex threat' targeting national security and social infrastructure.

KT's Red Team sought to automate vulnerability detection and improve analysis efficiency using AI, training in a way that disables internal defense systems like actual attackers. They conducted experiments for AI-based preemptive blocking against diverse attack vectors targeting complex infrastructures such as IT, networks, authentication, and cloud. During internal review processes, they also increased the use of AI to automate vulnerability detection and enhance analysis efficiency. For KT, which operates complex infrastructure including IT, networks, authentication, billing, and cloud, the attack routes are extremely varied. Therefore, they continued experiments to preemptively block attacks that exploit trust relationships between infrastructures, going beyond simple web vulnerability checks.

KT's Red Team highlighted the need for comprehensive management, including data, models, access control, and supply chain security, due to the expansion of AI data centers (AI DC). The expansion of AI data centers presents new security challenges, requiring comprehensive management of AI infrastructure beyond server security, encompassing data, models, access control, and supply chain security.

The Red Team identified the most dangerous attack types in the next 3-5 years as combinations of AI-based automated attacks, supply chain breaches, cloud breaches, and bypassing trusted zones. They anticipate an increase in attacks that bundle actions from account hijacking to data leakage into a single 'campaign,' rather than targeting isolated vulnerabilities.

There is an urgent need to transition to a security system centered on 'cyber resilience,' which enables rapid recovery without service interruption even during an incident. Security collapses at the weakest link; therefore, rather than just introducing the latest security equipment, systems must be continuously tested from an attacker's perspective to verify the effectiveness of detection systems.