What does generative AI mean in the context of cybersecurity?

I have already written about the adversarial impact of generative AI, so what about the impact on defenders? How can generative AI underline the security in cybersecurity? In this post, I will go over how this technology can have a real-world impact on CISOs and their teams today. 

Threat Detection and Response

The first area that comes to most people’s minds in the industry is one where ‘traditional’ AI has been having an impact for many years already. Generative AI brings new possibilities to the Threat Detection and Response (TDR) space. 

Some of these new models like Variational Autoencoders (VAEs) are effective at describing normal system behavior. Once trained, these models can flag data that deviates from the expected, highlighting malicious activity.

These methods can then also be used to create highly tailored and specific security rules for intrusion detection and prevention systems. 

Additionally, generative AI vastly boosts the efficacy of automated penetration testing methods, further strengthening defenses by highlighting vulnerabilities that might otherwise have been missed.  

Data and Network Management

Managing and interpreting large sets of structured and unstructured data sounds like a perfect task for AI, and it is. We expect to see generative AI helping to design or rejig network topologies at a level of complexity beyond that of human analysts. 

The technology is also perfect for labeling and categorizing data with minimal human input, we are already using generative AI models to help manage and maintain asset inventories in a near-automated fashion. 

On the cryptography front, prompts can be employed to verify that robust password practices are in place that are superior to using rules-based systems like “must include at least one number or special character”, while still upholding privacy principles. 

Even with the best practices, one must be prepared for the worst, a breach. Operators can use generative AI to produce very real looking fake datasets, to be used either as decoys or canary-in-a-coal-mine type devices. 

Automation and Operator Assistance

Generative AI can speed up and improve a wide range of cyber operator tasks, up and down the seniority chain. In an area where teams struggle to find the right expertise, gaining operational leverage is key. 

Here, chatbots can power initial incident response processes, since they are instant and available 24/7. They can take the lead in writing up incident reports allowing teams to focus on, let’s face it, more interesting tasks. 

Going further, models using generative techniques can predict the evolution of ongoing attacks and generate recommendations for appropriate countermeasures in real time. 

Back to the mundane, for organizations that may not have established robust cybersecurity policies, or kept existing policies up to date, generative AI can aid in creating initial drafts or suggestions based on industry best practices and the specific needs and risk profile of the company.

Another area where content constantly needs to be created and updated is Security Awareness Training. Here, GenAI can learn from end-user communications to create more realistic training scenarios in a continuous and timely manner, tailored to the organization’s threat landscape as well as the user’s specific day-to-day. This boosts both the quality and the resonance of training materials. 

As a booster to training efforts, AI-assisted content verification is also having an impact on both operators and end-users by analyzing emails and content before humans, models can help spot phishing attempts and deepfakes, warning or shielding the user. Generative Adversarial Network (GAN) models are particularly effective at ‘understanding’ content designated for human consumption. 

Training, Research and Innovation

We touched upon the cyber labor shortage already, one way to alleviate it is through better, faster training programs both to speed up the candidate pipeline but also to upskill the existing pool. Generative AI has a huge role to play in this arena. 

By creating enhanced simulations, Generative AI can assist both red and blue teams in devising new and unique attack scenarios, adding dynamism (and realism) to training sessions. 

Models can also be used in a defensive manner where one AI is trained to attack, and another is trained to defend, iteratively improving both models, leading to more robust defense mechanisms and potentially innovative methods for human operators. This will speed up hypothesizing new types of attacks or the studying of emergent cyber threats, allowing professionals to anticipate and prepare for novel challenges or even predict future ones. 

Pressing the Advantage 

As an AI-native company, that is a company born in the era where generative AI really came into its own, we are constantly thinking about how GenAI can help stack the odds in favor of cyber defenders. Although this list is not exhaustive, it does serve to show that the possibilities are vast, and the opportunities plenty. 

Fast, cheap and performant AI, of the type made possible by part generative pre-trained transformers (GPTs), is a game changer for builders everywhere. In cyberdefense it comes at a time of urgency, where defenders cannot help but feel overwhelmed by the magnitude of their challenge – this technological revolution but the initiative back on our side, let’s press the advantage.

PUBLISHED BY

Nadim Lahoud

7 Aug. 2023

SHARE ARTICLE:

Categories

AI

Recent Posts

VIEW ALL
News

Winter wins: Red Sift OnDMARC wraps up 2024 as a G2 DMARC…

Francesca Rünger-Field

The season of giving has brought us another reason to celebrate! Red Sift OnDMARC continues its winning streak in G2’s Winter 2025 report, earning Leader status in the DMARC category for another consecutive season. This recognition reflects our strong market presence and the unwavering satisfaction of our customers. Cheers to wrapping up 2024 on…

Read more
AI

Text classification in the age of LLMs

Phong Nguyen

As natural language processing (NLP) advances, text classification remains a foundational task with applications in spam detection, sentiment analysis, topic categorization, and more. Traditionally, this task depended on rule-based systems and classical machine learning algorithms. However, the emergence of deep learning, transformer architectures, and Large Language Models (LLMs) has transformed text classification, allowing for…

Read more
Security

How to drive cybersecurity as a top business priority

Jack Lilley

Everyone has a role to play in protecting the enterprise. Whether you’re shaping strategy or implementing solutions, aligning efforts to mitigate critical risks ensures a stronger, more resilient enterprise. If you missed Red Sift’s recent webinar on “From Data to Buy-In: Driving Cybersecurity as a Top Business Priority” we’ve got you covered. The session…

Read more
DMARC

BreakSPF: How to mitigate the attack

Red Sift

BreakSPF is a newly identified attack framework that exploits misconfigurations in the Sender Policy Framework (SPF) a widely used email authentication protocol. A common misconfiguration involves overly permissive IP ranges, where SPF records allow large blocks of IP addresses to send emails on behalf of a domain. These ranges often include shared infrastructures like…

Read more