What does generative AI mean in the context of cybersecurity?

I have already written about the adversarial impact of generative AI, so what about the impact on defenders? How can generative AI underline the security in cybersecurity? In this post, I will go over how this technology can have a real-world impact on CISOs and their teams today. 

Threat Detection and Response

The first area that comes to most people’s minds in the industry is one where ‘traditional’ AI has been having an impact for many years already. Generative AI brings new possibilities to the Threat Detection and Response (TDR) space. 

Some of these new models like Variational Autoencoders (VAEs) are effective at describing normal system behavior. Once trained, these models can flag data that deviates from the expected, highlighting malicious activity.

These methods can then also be used to create highly tailored and specific security rules for intrusion detection and prevention systems. 

Additionally, generative AI vastly boosts the efficacy of automated penetration testing methods, further strengthening defenses by highlighting vulnerabilities that might otherwise have been missed.  

Data and Network Management

Managing and interpreting large sets of structured and unstructured data sounds like a perfect task for AI, and it is. We expect to see generative AI helping to design or rejig network topologies at a level of complexity beyond that of human analysts. 

The technology is also perfect for labeling and categorizing data with minimal human input, we are already using generative AI models to help manage and maintain asset inventories in a near-automated fashion. 

On the cryptography front, prompts can be employed to verify that robust password practices are in place that are superior to using rules-based systems like “must include at least one number or special character”, while still upholding privacy principles. 

Even with the best practices, one must be prepared for the worst, a breach. Operators can use generative AI to produce very real looking fake datasets, to be used either as decoys or canary-in-a-coal-mine type devices. 

Automation and Operator Assistance

Generative AI can speed up and improve a wide range of cyber operator tasks, up and down the seniority chain. In an area where teams struggle to find the right expertise, gaining operational leverage is key. 

Here, chatbots can power initial incident response processes, since they are instant and available 24/7. They can take the lead in writing up incident reports allowing teams to focus on, let’s face it, more interesting tasks. 

Going further, models using generative techniques can predict the evolution of ongoing attacks and generate recommendations for appropriate countermeasures in real time. 

Back to the mundane, for organizations that may not have established robust cybersecurity policies, or kept existing policies up to date, generative AI can aid in creating initial drafts or suggestions based on industry best practices and the specific needs and risk profile of the company.

Another area where content constantly needs to be created and updated is Security Awareness Training. Here, GenAI can learn from end-user communications to create more realistic training scenarios in a continuous and timely manner, tailored to the organization’s threat landscape as well as the user’s specific day-to-day. This boosts both the quality and the resonance of training materials. 

As a booster to training efforts, AI-assisted content verification is also having an impact on both operators and end-users by analyzing emails and content before humans, models can help spot phishing attempts and deepfakes, warning or shielding the user. Generative Adversarial Network (GAN) models are particularly effective at ‘understanding’ content designated for human consumption. 

Training, Research and Innovation

We touched upon the cyber labor shortage already, one way to alleviate it is through better, faster training programs both to speed up the candidate pipeline but also to upskill the existing pool. Generative AI has a huge role to play in this arena. 

By creating enhanced simulations, Generative AI can assist both red and blue teams in devising new and unique attack scenarios, adding dynamism (and realism) to training sessions. 

Models can also be used in a defensive manner where one AI is trained to attack, and another is trained to defend, iteratively improving both models, leading to more robust defense mechanisms and potentially innovative methods for human operators. This will speed up hypothesizing new types of attacks or the studying of emergent cyber threats, allowing professionals to anticipate and prepare for novel challenges or even predict future ones. 

Pressing the Advantage 

As an AI-native company, that is a company born in the era where generative AI really came into its own, we are constantly thinking about how GenAI can help stack the odds in favor of cyber defenders. Although this list is not exhaustive, it does serve to show that the possibilities are vast, and the opportunities plenty. 

Fast, cheap and performant AI, of the type made possible by part generative pre-trained transformers (GPTs), is a game changer for builders everywhere. In cyberdefense it comes at a time of urgency, where defenders cannot help but feel overwhelmed by the magnitude of their challenge – this technological revolution but the initiative back on our side, let’s press the advantage.

PUBLISHED BY

Nadim Lahoud

7 Aug. 2023

SHARE ARTICLE:

Categories

AI

Recent Posts

VIEW ALL
DMARC

Mail Check is Changing: What UK public sector organisations must know about…

Jack Lilley

The National Cyber Security Centre (NCSC) has suggested a change to Mail Check services starting on 24 March 2025. This change mainly involves ending DMARC aggregate reporting. This change comes as a measure to expand the services provided by Mail Check to any UK based organisation, while also limiting the cost and complexity of…

Read more
DMARC

Beyond DMARC: How Red Sift OnDMARC supports comprehensive DNS hygiene

Red Sift

Registrable domains and DNS play a crucial role in establishing online identity and trust, but their importance is often taken for granted. During new service setups, record updates are often overlooked, accumulating outdated entries. As infrastructure teams become increasingly overstretched,  services may be incorrectly shut down without proper cleanup, leaving behind a sprawl of…

Read more
DKIM

First look at DKIM2: The next generation of DKIM

Red Sift

In 2011, the original DomainKeys Identified Mail (DKIM1) standard was published. It outlined a method allowing a domain to sign emails, enabling recipients to verify that the email originated from an entity holding a private key that matches the public key published in the domain’s DNS records. Now in 2024, DKIM is ready for…

Read more
Security

Securing our world: For a safer internet

Jack Lilley

October is Cybersecurity Awareness Month, a time for industries to unite in promoting digital security within today’s complex landscape. Bad actors are leveraging increasingly sophisticated methods—such as email phishing and Business Email Compromise (BEC)—to exploit vulnerabilities, impersonate legitimate contacts, and access sensitive information. CISA Director Jen Easterly advises us to “always think before you…

Read more